beemanbone

Members
  • Content Count

    31
  • Joined

  • Last visited

Posts posted by beemanbone


  1. And this log...

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 7:50:54 AM, on 12/20/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched .exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe

    C:\WINDOWS\system32\ps2 .exe

    C:\WINDOWS\system32\igfxtray .exe

    C:\WINDOWS\system32\hkcmd .exe

    C:\WINDOWS\System32\hphmon05 .exe

    C:\WINDOWS\system32\dla\tfswctrl .exe

    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

    F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe

    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

    O4 - Startup: PowerReg Scheduler V3 .exe

    O4 - Startup: PowerReg Scheduler V3 .exe

    O4 - Startup: PowerReg Scheduler V3 .exe

    O4 - Startup: PowerReg Scheduler V3 .exe

    O4 - Startup: PowerReg Scheduler V3.exe

    O4 - Global Startup: APC UPS Status.lnk = ?

    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab

    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab

    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --

    End of file - 10538 bytes


  2. Ok here is a new log...

    ComboFix 07-12-20.1 - Owner 2007-12-20 7:31:11.2 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.333 [GMT -6:00]

    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

    * Created a new restore point

    FILE

    C:\WINDOWS\SMINST\HPCD.sys

    C:\WINDOWS\system32\mljjk.dll

    C:\WINDOWS\system32\RCX47.tmp

    C:\WINDOWS\system32\rqronno.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\SMINST\HPCD.sys

    C:\WINDOWS\system32\kjjlm.ini

    C:\WINDOWS\system32\kjjlm.ini2

    C:\WINDOWS\system32\mljjk.dll

    C:\WINDOWS\system32\RCX47.tmp

    C:\WINDOWS\system32\rqronno.dll

    D:\Autorun.inf

    .

    ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))

    .

    2007-12-20 07:14 . 2007-12-20 07:14 335,360 --a------ C:\WINDOWS\system32\RCX48.tmp

    2007-12-19 22:47 . 2007-12-19 22:47 352,256 --a------ C:\WINDOWS\system32\ctfmon.exe.tmp

    2007-12-19 22:47 . 2004-08-03 23:56 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe

    2007-12-19 22:47 . 2004-08-03 23:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

    2007-12-19 22:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

    2007-12-19 22:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

    2007-12-19 22:26 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

    2007-12-19 22:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

    2007-12-19 22:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

    2007-12-19 22:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

    2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Lavasoft

    2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    2007-12-19 15:53 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert

    2007-12-19 15:20 . 2007-12-19 15:20 <DIR> d-------- C:\Program Files\Trend Micro

    2007-12-19 14:58 . 2007-12-20 07:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

    2007-12-19 14:57 . 2007-12-20 07:14 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe

    2007-12-19 14:57 . 2007-12-19 14:57 335,360 --a------ C:\WINDOWS\system32\RCX44.tmp

    2007-12-19 14:57 . 2007-12-20 07:14 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe

    2007-12-19 14:57 . 2007-12-20 07:14 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe

    2007-12-19 14:57 . 2007-12-20 07:14 81,920 --a------ C:\WINDOWS\system32\ps2 .exe

    2007-12-19 13:58 . 2007-12-19 22:48 335,360 --a------ C:\WINDOWS\system32\mljjk.exe

    2007-12-01 08:07 . 2007-12-01 08:09 1,123,481,056 --a------ C:\Pushing Daisies.mpg

    2007-11-27 07:48 . 2002-08-29 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-12-20 13:14 --------- d-----w C:\Program Files\QuickTime

    2007-12-20 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared

    2007-12-19 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2007-12-16 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

    2007-11-26 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

    2007-11-16 13:33 --------- d-----w C:\Program Files\Norton Internet Security

    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

    2007-11-10 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

    2007-10-27 17:21 --------- d-----w C:\Program Files\WinTV

    2007-10-27 13:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems

    2007-10-27 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

    2007-10-27 13:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems

    2007-10-27 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2007-10-27 13:23 --------- d-----w C:\Program Files\Ulead Systems

    2007-10-27 12:50 --------- d-----w C:\Program Files\nanoPEG for WinTV

    2007-10-27 12:49 --------- d-----w C:\Program Files\Common Files\IviSDK

    2007-10-26 19:51 --------- d-----w C:\Program Files\Ericsson

    2007-10-26 19:49 --------- d-----w C:\Program Files\BitTorrent

    2007-09-01 12:55 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

    .

    ((((((((((((((((((((((((((((( [email protected]_22.51.08.62 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2007-12-19 20:57:50 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE

    + 2007-12-20 13:14:23 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE

    - 2007-12-19 20:57:51 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE

    + 2007-12-20 13:14:27 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE

    - 2007-12-20 04:46:12 233,472 ----a-w C:\WINDOWS\SMINST\RECGUARD .EXE

    + 2007-12-20 13:42:48 233,472 ----a-w C:\WINDOWS\SMINST\RECGUARD .EXE

    - 2007-12-19 21:41:07 578,560 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE

    + 2007-12-20 13:14:00 578,560 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE

    - 2007-12-20 04:46:48 114,741 ----a-w C:\WINDOWS\system32\dla\tfswctrl .exe

    + 2007-12-20 13:43:08 114,741 ----a-w C:\WINDOWS\system32\dla\tfswctrl .exe

    - 2007-12-19 21:41:20 476,672 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe

    + 2007-12-20 13:14:06 476,672 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe

    - 2007-12-19 21:41:16 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe

    + 2007-12-20 13:14:04 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe

    - 2007-12-19 21:41:12 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe

    + 2007-12-20 13:14:03 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe

    - 2007-12-19 21:41:09 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe

    + 2007-12-20 13:14:02 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe

    - 2007-12-19 20:57:54 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe

    + 2007-12-20 13:14:26 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe

    - 2007-12-19 20:57:57 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

    + 2007-12-20 13:14:31 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

    - 2007-12-19 21:41:08 418,304 ----a-w C:\WINDOWS\system32\ps2.exe

    + 2007-12-20 13:14:00 418,304 ----a-w C:\WINDOWS\system32\ps2.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{776D26A1-0120-4155-802C-9FE4039CEB79}]

    2007-12-20 07:42 331776 --a------ C:\WINDOWS\system32\mljjk.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RecordNow!"="" []

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    "BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2007-12-20 07:45]

    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-20 07:45]

    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2007-12-20 07:45]

    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2007-12-20 07:45]

    "PS2"="C:\WINDOWS\system32\ps2.exe" [2007-12-20 07:45]

    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22]

    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-20 07:45]

    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2007-12-20 07:45]

    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-20 07:45]

    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-20 07:46]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-20 07:46]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-20 07:46]

    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2007-12-20 07:46]

    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32]

    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 06:00]

    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31]

    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]

    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 17:36]

    "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

    "load"=C:\WINDOWS\system32\mljjk.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljjk

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

    backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

    backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

    2007-12-20 07:46 422400 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

    2004-08-16 16:45 45056 --a------ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

    rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]

    2004-09-22 13:08 987136 --a------ C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

    2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

    1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2005-06-24 14:16 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

    2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

    2005-05-28 21:48 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

    2005-04-02 22:08 98304 --a------ C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]

    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]

    2003-03-31 19:28 155648 --a------ C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

    c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "Viewpoint Manager Service"=2 (0x2)

    "StarWindService"=2 (0x2)

    "Pml Driver HPZ12"=3 (0x3)

    "ose"=3 (0x3)

    "MDM"=2 (0x2)

    "LiveUpdate"=3 (0x3)

    "iPodService"=3 (0x3)

    "IDriverT"=3 (0x3)

    "comHost"=3 (0x3)

    "Bonjour Service"=2 (0x2)

    "Automatic LiveUpdate Scheduler"=2 (0x2)

    "Adobe LM Service"=3 (0x3)

    R2 CdaD10BA;CdaD10BA;C:\WINDOWS\system32\drivers\CdaD10BA.SYS [2006-11-01 21:24]

    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-09-02 21:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f31d8fe-21d6-11d9-928a-000c76ff2271}]

    \Shell\AutoRun\command - H:\setupSNK.exe

    *Newly Created Service* - COMHOST

    .

    Contents of the 'Scheduled Tasks' folder

    "2007-12-19 21:53:35 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"

    - C:\Program Files\AdwareAlert\AdwareAlert.ex

    - C:\Program Files\AdwareAlert

    "2007-12-06 23:50:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"

    - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]

    "2007-12-15 02:01:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

    .

    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-12-20 07:42:26

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\kjjlm.ini 319 bytes

    C:\WINDOWS\system32\kjjlm.ini2 319 bytes

    scan completed successfully

    hidden files: 2

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

    -> C:\WINDOWS\system32\mljjk.dll

    .

    Completion time: 2007-12-20 7:48:46 - machine was rebooted

    C:\ComboFix2.txt ... 2007-12-19 22:52

    .

    2007-12-20 06:54:45 --- E O F ---


  3. here's this log..

    ComboFix 07-12-20.1 - Owner 2007-12-19 22:31:37.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.322 [GMT -6:00]

    Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Z3YBV99Q\ComboFix[1].exe

    * Created a new restore point

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\All Users\Application Data.\pufylujg.dll

    C:\Documents and Settings\Owner\Application Data\inst.exe

    C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo

    C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk

    C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk

    C:\Program Files\Bcvibqdh

    C:\Program Files\Bcvibqdh\ijiobdab.dll

    C:\Program Files\outerinfo

    C:\Program Files\outerinfo\FF\chrome.manifest

    C:\Program Files\outerinfo\FF\components\FF.dll

    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt

    C:\Program Files\outerinfo\FF\install.rdf

    C:\Program Files\outerinfo\OinUninstall.exe

    C:\Program Files\outerinfo\OiUninstaller.exe

    C:\Program Files\outerinfo\Outerinfo .exe

    C:\Program Files\outerinfo\Outerinfo.exe

    C:\Program Files\outerinfo\outerinfo.ico

    C:\Program Files\outerinfo\Terms.rtf

    C:\Program Files\SecCenter

    C:\Program Files\SecCenter\scprot4 .exe

    C:\Program Files\SecCenter\scprot4.exe

    C:\Program Files\yvqdgbir

    C:\Program Files\yvqdgbir\qdsjihqj.dll

    C:\WINDOWS\system32\drvwek.dll

    C:\WINDOWS\system32\FTPx.dll

    C:\WINDOWS\system32\kjjlm.ini

    C:\WINDOWS\system32\kjjlm.ini2

    C:\WINDOWS\system32\mljjk.dll

    C:\WINDOWS\system32\njprckha

    C:\WINDOWS\system32\njprckha\bg1.gif

    C:\WINDOWS\system32\njprckha\bgtop.gif

    C:\WINDOWS\system32\njprckha\bottom1.gif

    C:\WINDOWS\system32\njprckha\essentials.gif

    C:\WINDOWS\system32\njprckha\icon1.ico

    C:\WINDOWS\system32\njprckha\install1.gif

    C:\WINDOWS\system32\njprckha\left1.gif

    C:\WINDOWS\system32\njprckha\li.gif

    C:\WINDOWS\system32\njprckha\logo.gif

    C:\WINDOWS\system32\njprckha\main.htm

    C:\WINDOWS\system32\njprckha\mainframe.htm

    C:\WINDOWS\system32\njprckha\njprckha1.exe

    C:\WINDOWS\system32\njprckha\njprckha2.exe

    C:\WINDOWS\system32\njprckha\njprckha3.exe

    C:\WINDOWS\system32\njprckha\reinstall1.gif

    C:\WINDOWS\system32\njprckha\right1.gif

    C:\WINDOWS\system32\njprckha\s1.htm

    C:\WINDOWS\system32\njprckha\s2.htm

    C:\WINDOWS\system32\njprckha\s3.htm

    C:\WINDOWS\system32\njprckha\SMTop1.gif

    C:\WINDOWS\system32\njprckha\SMTop2.gif

    C:\WINDOWS\system32\njprckha\SMTop3.gif

    C:\WINDOWS\system32\njprckha\SMTop4.gif

    C:\WINDOWS\system32\njprckha\soft1_off.gif

    C:\WINDOWS\system32\njprckha\soft1_off_ext.gif

    C:\WINDOWS\system32\njprckha\soft1_on.gif

    C:\WINDOWS\system32\njprckha\soft1_on_ext.gif

    C:\WINDOWS\system32\njprckha\soft2_off.gif

    C:\WINDOWS\system32\njprckha\soft2_off_ext.gif

    C:\WINDOWS\system32\njprckha\soft2_on.gif

    C:\WINDOWS\system32\njprckha\soft2_on_ext.gif

    C:\WINDOWS\system32\njprckha\soft3_off.gif

    C:\WINDOWS\system32\njprckha\soft3_off_ext.gif

    C:\WINDOWS\system32\njprckha\soft3_on.gif

    C:\WINDOWS\system32\njprckha\soft3_on_ext.gif

    C:\WINDOWS\system32\njprckha\softbottom_off.gif

    C:\WINDOWS\system32\njprckha\softbottom_on.gif

    C:\WINDOWS\system32\njprckha\softleft_off.gif

    C:\WINDOWS\system32\njprckha\softleft_on.gif

    C:\WINDOWS\system32\njprckha\top1.gif

    C:\WINDOWS\system32\njprckha\top2.gif

    C:\WINDOWS\system32\njprckha\turnoff1.gif

    C:\WINDOWS\system32\njprckha\turnon1.gif

    C:\WINDOWS\system32\winjks32.dll

    .

    ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))

    .

    2007-12-19 22:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

    2007-12-19 22:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

    2007-12-19 22:26 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

    2007-12-19 22:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

    2007-12-19 22:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

    2007-12-19 22:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

    2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Lavasoft

    2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    2007-12-19 15:53 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert

    2007-12-19 15:41 . 2007-12-19 15:41 335,360 --a------ C:\WINDOWS\system32\RCX47.tmp

    2007-12-19 15:20 . 2007-12-19 15:20 <DIR> d-------- C:\Program Files\Trend Micro

    2007-12-19 14:58 . 2007-12-19 22:48 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

    2007-12-19 14:57 . 2007-12-19 22:46 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe

    2007-12-19 14:57 . 2007-12-19 14:57 335,360 --a------ C:\WINDOWS\system32\RCX44.tmp

    2007-12-19 14:57 . 2007-12-19 22:46 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe

    2007-12-19 14:57 . 2007-12-19 22:46 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe

    2007-12-19 14:57 . 2007-12-19 22:46 81,920 --a------ C:\WINDOWS\system32\ps2 .exe

    2007-12-19 13:58 . 2007-12-19 13:58 335,360 --a------ C:\WINDOWS\system32\mljjk.exe

    2007-12-19 13:49 . 2007-12-19 13:49 39,936 --a------ C:\WINDOWS\system32\rqronno.dll

    2007-12-01 08:07 . 2007-12-01 08:09 1,123,481,056 --a------ C:\Pushing Daisies.mpg

    2007-11-27 07:48 . 2002-08-29 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-12-20 04:48 --------- d-----w C:\Program Files\QuickTime

    2007-12-20 04:47 352,256 ----a-w C:\WINDOWS\system32\ctfmon.exe

    2007-12-20 04:46 331,776 ----a-w C:\WINDOWS\system32\mljjk.dll

    2007-12-20 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared

    2007-12-19 21:41 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe

    2007-12-19 21:41 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe

    2007-12-19 21:41 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe

    2007-12-19 21:41 418,304 ----a-w C:\WINDOWS\system32\ps2.exe

    2007-12-19 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2007-12-16 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

    2007-11-26 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer

    2007-11-16 13:33 --------- d-----w C:\Program Files\Norton Internet Security

    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

    2007-11-10 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

    2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll

    2007-10-27 17:21 --------- d-----w C:\Program Files\WinTV

    2007-10-27 13:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems

    2007-10-27 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

    2007-10-27 13:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems

    2007-10-27 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2007-10-27 13:23 --------- d-----w C:\Program Files\Ulead Systems

    2007-10-27 12:50 --------- d-----w C:\Program Files\nanoPEG for WinTV

    2007-10-27 12:49 --------- d-----w C:\Program Files\Common Files\IviSDK

    2007-10-26 19:51 --------- d-----w C:\Program Files\Ericsson

    2007-10-26 19:49 --------- d-----w C:\Program Files\BitTorrent

    2007-09-01 12:55 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

    2004-08-04 01:16 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A09CF5-2FC9-4867-9697-A954294A6909}]

    2007-12-19 22:46 331776 --a------ C:\WINDOWS\system32\mljjk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9E85D85-F6EE-4655-A639-E33983612A6E}]

    2007-12-19 13:49 39936 --a------ C:\WINDOWS\system32\rqronno.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RecordNow!"="" []

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    "BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2007-12-19 22:47]

    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-19 22:47]

    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2007-12-19 22:47]

    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2007-12-19 22:47]

    "PS2"="C:\WINDOWS\system32\ps2.exe" [2007-12-19 22:47]

    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22]

    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 22:48]

    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2007-12-19 22:48]

    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 22:48]

    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-19 22:48]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 22:48]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-19 22:48]

    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2007-12-19 22:48]

    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32]

    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 06:00]

    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31]

    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]

    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 17:36]

    "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{B9E85D85-F6EE-4655-A639-E33983612A6E}"= C:\WINDOWS\system32\rqronno.dll [2007-12-19 13:49 39936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqronno]

    rqronno.dll 2007-12-19 13:49 39936 C:\WINDOWS\system32\rqronno.dll

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]

    "load"=C:\WINDOWS\system32\mljjk.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljjk

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

    backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

    backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

    2007-12-19 22:48 422400 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

    ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]

    2004-08-16 16:45 45056 --a------ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

    rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]

    2004-09-22 13:08 987136 --a------ C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

    2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

    1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    2005-06-24 14:16 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

    2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

    2005-05-28 21:48 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

    2005-04-02 22:08 98304 --a------ C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]

    C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]

    2003-03-31 19:28 155648 --a------ C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

    c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

    VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "Viewpoint Manager Service"=2 (0x2)

    "StarWindService"=2 (0x2)

    "Pml Driver HPZ12"=3 (0x3)

    "ose"=3 (0x3)

    "MDM"=2 (0x2)

    "LiveUpdate"=3 (0x3)

    "iPodService"=3 (0x3)

    "IDriverT"=3 (0x3)

    "comHost"=3 (0x3)

    "Bonjour Service"=2 (0x2)

    "Automatic LiveUpdate Scheduler"=2 (0x2)

    "Adobe LM Service"=3 (0x3)

    R2 CdaD10BA;CdaD10BA;C:\WINDOWS\system32\drivers\CdaD10BA.SYS [2006-11-01 21:24]

    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-09-02 21:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f31d8fe-21d6-11d9-928a-000c76ff2271}]

    \Shell\AutoRun\command - H:\setupSNK.exe

    *Newly Created Service* - COMHOST

    .

    Contents of the 'Scheduled Tasks' folder

    "2007-12-19 21:53:35 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"

    - C:\Program Files\AdwareAlert\AdwareAlert.ex

    - C:\Program Files\AdwareAlert

    "2007-12-06 23:50:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"

    - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]

    "2007-12-15 02:01:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"

    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

    .

    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-12-19 22:46:00

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe

    -> C:\WINDOWS\system32\rqronno.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

    -> C:\WINDOWS\system32\rqronno.dll

    -> C:\WINDOWS\system32\mljjk.dll

    .

    Completion time: 2007-12-19 22:52:56 - machine was rebooted

    .

    2007-12-19 14:52:07 --- E O F ---


  4. Here is this log:

    SmitFraudFix v2.274

    Scan done at 22:26:10.76, Wed 12/19/2007

    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

    The filesystem type is NTFS

    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    C:\WINDOWS\system32\ps2 .exe

    C:\WINDOWS\system32\igfxtray .exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\hkcmd .exe

    C:\WINDOWS\System32\hphmon05 .exe

    C:\WINDOWS\system32\dla\tfswctrl .exe

    C:\Program Files\Common Files\Real\Update_OB\realsched .exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe

    C:\WINDOWS\system32\regsvr32.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\SecCenter\scprot4 .exe

    C:\Program Files\Outerinfo\Outerinfo .exe

    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\drvwek.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

    "Source"="About:Home"

    "SubscribedURL"="About:Home"

    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    !!!Attention, following keys are not inevitably infected!!!

    IEDFix.exe by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.cool.gif - Packet Scheduler Miniport

    DNS Server Search Order: 65.83.241.181

    DNS Server Search Order: 67.32.118.46

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46

    HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46

    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46

    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46

    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End


  5. I have very limited computer knowledge. I'm desperate. Any help would be greatly appreciated. This is my log...

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 3:21:43 PM, on 12/19/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\ps2 .exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\dla\tfswctrl .exe

    C:\WINDOWS\system32\hkcmd .exe

    C:\WINDOWS\system32\regsvr32.exe

    C:\WINDOWS\system32\igfxtray .exe

    C:\WINDOWS\System32\hphmon05 .exe

    C:\Program Files\Common Files\Real\Update_OB\realsched .exe

    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe

    C:\Program Files\SecCenter\scprot4 .exe

    C:\Program Files\Outerinfo\Outerinfo .exe

    C:\WINDOWS\system32\ctfmon .exe

    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

    F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe

    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [nkzezsdw] rundll32.exe "C:\Program Files\yvqdgbir\qdsjihqj.dll",Init

    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwek.dll,startup

    O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe

    O4 - HKLM\..\Run: [pufylujg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pufylujg.dll"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

    O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"

    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

    O4 - Startup: PowerReg Scheduler V3 .exe

    O4 - Startup: PowerReg Scheduler V3.exe

    O4 - Global Startup: APC UPS Status.lnk = ?

    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab

    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab

    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --

    End of file - 10505 bytes