The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Explorer.exe turns off and turns on

Posted 7/3/2008 7:32 PM
#63185
User avatar

lotse Member

Date Joined Nov 2016
Total Posts: 1
Hello there. I know, that here are several threads about similar problem. I did everything what was there. But I stlill have this problem. So I'll paste ComboFix and Hijackthis logs. Maybe You'll be able to help me.

First goes ComboFix log. {green}. Hijackthis will be blue.

[green]ComboFix 08-07-02.5 - vobis 2008-07-03 20:52:55.3 - NTFSx86
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\vobis\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\FPAIRqss.ini
C:\WINDOWS\system32\FPAIRqss.ini2
C:\WINDOWS\system32\ssqRIAPF.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 21:15 . 2008-07-03 21:15 53,248 --a------ C:\Temp\catchme.dll
2008-07-03 21:13 . 2008-07-03 21:13 d-------- C:\Temp\sv9ne.tmp
2008-07-03 21:12 . 2008-07-03 21:12 d-------- C:\Temp\Konnekt_Lothar_6838247e
2008-07-03 19:52 . 2008-07-03 21:13 d---s---- C:\Temp\Temporary Internet Files
2008-07-03 19:47 . 2008-07-03 21:16 d-------- C:\Temp
2008-07-03 15:39 . 2008-07-03 15:49 347 --ahs---- C:\WINDOWS\system32\ooqpqqss.ini
2008-07-03 15:33 . 2008-07-03 06:13 303,104 --a------ C:\WINDOWS\kgqfweltedw.dll
2008-07-03 15:33 . 2008-07-03 06:13 253,952 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-03 15:33 . 2008-07-03 06:13 225,280 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-03 15:33 . 2008-07-03 06:13 155,648 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-03 15:33 . 2008-06-27 08:35 117,760 --a------ C:\WINDOWS\system32\vav.cpl
2008-07-03 15:33 . 2008-07-03 06:13 86,016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-03 15:33 . 2008-07-03 15:33 28,800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll
2008-07-03 15:19 . 2008-07-03 15:19 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-03 15:17 . 2008-07-03 15:17 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-03 15:16 . 2008-07-03 15:16 d-------- C:\Documents and Settings\vobis\Application Data\DAEMON Tools
2008-07-03 14:42 . 2008-07-03 14:42 292 --a------ C:\WINDOWS\vtmb.ini
2008-07-03 14:28 . 2008-07-03 14:28 d-------- C:\Program Files\Activision
2008-07-01 00:40 . 2008-07-01 00:40 4 --a------ C:\loadcounter.dat
2008-06-25 19:01 . 2008-06-26 02:19 d-------- C:\Program Files\VideoLAN
2008-06-20 14:52 . 2008-06-21 00:50 d-------- C:\Documents and Settings\vobis\Application Data\SPORE Creature Creator
2008-06-20 14:50 . 2008-06-20 14:50 d-------- C:\Program Files\Electronic Arts
2008-06-04 11:06 . 2008-06-04 12:35 d-------- C:\Documents and Settings\vobis\Application Data\BESTplayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:16 266,022,432 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-03 19:14 --------- d-----w C:\Documents and Settings\vobis\Application Data\OpenOffice.org2
2008-07-03 19:13 1,434,144 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-03 19:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 19:10 3,567,980 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-03 19:10 138,584 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-03 12:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 10:13 --------- d-----w C:\Documents and Settings\vobis\Application Data\foobar2000
2008-07-03 05:31 --------- d-----w C:\Documents and Settings\vobis\Application Data\BitTorrent
2008-07-02 09:48 --------- d-----w C:\Documents and Settings\vobis\Application Data\Skype
2008-06-30 16:10 --------- d-----w C:\Program Files\eMule
2008-06-20 12:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-04 13:13 --------- d-----w C:\Program Files\Last.fm
2008-05-26 14:51 --------- d-----w C:\Program Files\thriXXX
2008-05-21 22:57 --------- d-----w C:\Documents and Settings\vobis\Application Data\MegauploadToolbar
2008-05-21 22:31 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-21 21:22 --------- d-----w C:\Program Files\Cheat Engine
2008-05-21 16:53 --------- d-----w C:\Program Files\Speeditup Free
2008-05-21 13:17 --------- d-----w C:\Program Files\Ubisoft
2008-05-21 10:05 --------- d-----w C:\Program Files\GameShadow
2008-05-20 19:37 --------- d-----w C:\Program Files\Table Tennis Pro V2 Lite
2008-05-20 12:39 --------- d-----w C:\Program Files\SSI
2008-05-15 09:02 --------- d-----w C:\Documents and Settings\vobis\Application Data\Mount&Blade
2008-05-14 23:15 --------- d-----w C:\Program Files\Mount&Blade
2008-05-13 20:57 --------- d-----w C:\Program Files\DivX
2008-02-06 16:53 349 ----a-w C:\Program Files\INSTALL.LOG
2007-12-27 22:00 2,855 ----a-w C:\Program Files\foobar2000_0.9.5 beta 9.PIF
2007-12-27 21:50 4,438 ----a-w C:\Program Files\foobar2000_0.9.5 beta 9.exe
2003-12-18 10:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-03 06:46 10,960 ----a-w C:\Program Files\EULA.txt
.

((((((((((((((((((((((((((((( snapshot_2008-07-03_20.01.40.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 17:51:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-03 19:11:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]
2008-07-03 15:33 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8}]
2008-07-03 06:13 303104 --a------ C:\WINDOWS\kgqfweltedw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad0a833d-f25d-4a67-ac76-1f55f6c211c7}]
2007-12-13 17:58 80448 --a------ C:\WINDOWS\system32\cjnpsqrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3}]
2008-07-03 21:17 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AB802BE5-5918-4875-954F-C878E08FC60E}"= "C:\WINDOWS\nqgpedlr.dll" [2008-07-03 06:13 155648]

[HKEY_CLASSES_ROOT\clsid\{ab802be5-5918-4875-954f-c878e08fc60e}]
[HKEY_CLASSES_ROOT\nqgpedlr.1]
[HKEY_CLASSES_ROOT\TypeLib\{7FD9DE6F-3A11-4BA6-B17E-E5C2D1FBB371}]
[HKEY_CLASSES_ROOT\nqgpedlr]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41 503808]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07 729177]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 16:29 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-02 15:09 57344]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 15:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2005-03-16 14:52 204800]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 12:41 81920]
"AVManager"="C:\Program Files\Wistron\AVManager\AVManager.exe" [2004-12-15 16:19 81920]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03 356352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 14:54 180269]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 14:20 190008]
"iPlusManager"="C:\Program Files\iPlus\iPlusChecker.exe" [2008-01-03 11:59 389120]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2007-08-02 02:08 3965440]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24 1065800]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 06:49 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\vobis\Start Menu\Programs\Startup\
OpenOffice.org 2.0.3.lnk - C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe [2006-07-02 17:46:50 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-03 13:26:48 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}"= "C:\WINDOWS\system32\xxyywwtQ.dll" [2008-07-03 15:33 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll [2008-07-03 06:13 225280]
"okmdepgb"= {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll [2008-07-03 06:13 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywwtQ]
2008-07-03 15:33 28800 C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\urqRKARh

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2235:TCP"= 2235:TCP:slsk
"2237:TCP"= 2237:TCP:torrent

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R2 GtDetectSc;GtDetectSc Service;C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe [2007-08-29 12:10]
R2 GtFlashSwitch;GtFlashSwitch Service;C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe [2007-08-29 12:10]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-08-25 16:15]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-08-25 16:15]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-08-25 16:15]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2005-08-25 16:15]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 01:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.exe
- C:\Program Files\RegClean
"2008-07-03 11:54:25 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-07-03 21:15:20
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\xxyywwtQ.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\ehome\ehRec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.bin
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-07-03 21:25:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 19:25:14
ComboFix2.txt 2008-07-03 18:06:31
ComboFix3.txt 2007-11-14 15:09:51

Pre-Run: 31,130,398,720 bytes free
Post-Run: 31,148,519,424 bajt˘w wolnych

239 --- E O F --- 2008-01-11 02:01:13
[/green]





And now hijackthis


[blue] Deckard's System Scanner v20071014.68
Run by vobis on 2008-07-03 21:27:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Percentage of Memory in Use: 89% (more than 75%).[/color]
[color=red]Total Physical Memory: 503 MiB (512 MiB recommended).[/color]


-- HijackThis (run as vobis.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:18, on 2008-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe
C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\vobis\My Documents\zxvc\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\vobis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.pcf.pl/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\WINDOWS\system32\xxyywwtQ.dll
O2 - BHO: QXK Olive - {8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8} - C:\WINDOWS\kgqfweltedw.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7c112c6f-55f1-67ca-76a4-d52fd338a0da} - {ad0a833d-f25d-4a67-ac76-1f55f6c211c7} - C:\WINDOWS\system32\cjnpsqrw.dll
O2 - BHO: (no name) - {AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3} - C:\WINDOWS\system32\urqRKARh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O3 - Toolbar: nqgpedlr - {AB802BE5-5918-4875-954F-C878E08FC60E} - C:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Program Files\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: OpenOffice.org 2.0.3.lnk = C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.pcf.pl/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LOTH
O17 - HKLM\Software\..\Telephony: DomainName = LOTH
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LOTH
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: xxyywwtQ - C:\WINDOWS\SYSTEM32\xxyywwtQ.dll
O21 - SSODL: axrfgvek - {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Canon Inc. - (no file)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Canon Inc. - (no file)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Canon Inc. - (no file)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GtDetectSc Service (GtDetectSc) - OptionNV - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe
O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - Option - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 10254 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 21:17:35 347 --ahs---- C:\WINDOWS\system32\hRAKRqru.ini2
2008-07-03 21:17:30 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll
2008-07-03 19:47:12 0 d-------- C:\Temp
2008-07-03 19:21:37 161792 --a------ C:\WINDOWS\swreg.exe
2008-07-03 19:21:36 68096 --a------ C:\WINDOWS\zip.exe
2008-07-03 19:21:36 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-03 19:21:36 212480 --a------ C:\WINDOWS\swxcacls.exe
2008-07-03 19:21:36 136704 --a------ C:\WINDOWS\swsc.exe
2008-07-03 19:21:36 98816 --a------ C:\WINDOWS\sed.exe
2008-07-03 19:21:36 80412 --a------ C:\WINDOWS\grep.exe
2008-07-03 19:21:36 89504 --a------ C:\WINDOWS\fdsv.exe
2008-07-03 15:33:52 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll
2008-07-03 15:33:14 253952 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-03 15:33:14 155648 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-03 15:33:14 86016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-03 15:33:14 303104 --a------ C:\WINDOWS\kgqfweltedw.dll
2008-07-03 15:33:14 225280 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-03 15:19:51 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-03 15:17:07 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-03 15:16:58 0 d-------- C:\Documents and Settings\vobis\Application Data\DAEMON Tools
2008-07-03 14:28:10 0 d-------- C:\Program Files\Activision
2008-07-01 00:40:18 4 --a------ C:\loadcounter.dat
2008-06-25 19:01:15 0 d-------- C:\Program Files\VideoLAN
2008-06-20 14:52:57 0 d-------- C:\Documents and Settings\vobis\Application Data\SPORE Creature Creator
2008-06-20 14:50:39 0 d-------- C:\Program Files\Electronic Arts
2008-06-04 11:06:35 0 d-------- C:\Documents and Settings\vobis\Application Data\BESTplayer


-- Find3M Report ---------------------------------------------------------------

2008-07-03 21:14:01 0 d-------- C:\Documents and Settings\vobis\Application Data\OpenOffice.org2
2008-07-03 14:43:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 12:13:26 0 d-------- C:\Documents and Settings\vobis\Application Data\foobar2000
2008-07-03 07:31:35 0 d-------- C:\Documents and Settings\vobis\Application Data\BitTorrent
2008-07-02 16:27:54 3718 --a----c- C:\WINDOWS\mozver.dat
2008-07-02 11:48:21 0 d-------- C:\Documents and Settings\vobis\Application Data\Skype
2008-07-01 15:23:44 0 d-------- C:\Documents and Settings\vobis\Application Data\Adobe
2008-06-30 18:10:51 0 d-------- C:\Program Files\eMule
2008-06-04 15:13:02 0 d-------- C:\Program Files\Last.fm
2008-05-26 16:51:52 0 d-------- C:\Program Files\thriXXX
2008-05-22 00:57:29 0 d-------- C:\Documents and Settings\vobis\Application Data\MegauploadToolbar
2008-05-22 00:31:29 0 d-------- C:\Program Files\Spyware Doctor
2008-05-21 23:22:19 0 d-------- C:\Program Files\Cheat Engine
2008-05-21 18:53:20 0 d-------- C:\Program Files\Speeditup Free
2008-05-21 15:17:35 0 d-------- C:\Program Files\Ubisoft
2008-05-21 12:05:39 0 d-------- C:\Program Files\GameShadow
2008-05-20 21:37:24 0 d-------- C:\Program Files\Table Tennis Pro V2 Lite
2008-05-20 14:39:27 0 d-------- C:\Program Files\SSI
2008-05-15 11:02:44 0 d-------- C:\Documents and Settings\vobis\Application Data\Mount&Blade
2008-05-15 01:15:46 0 d-------- C:\Program Files\Mount&Blade
2008-05-13 22:57:45 0 d-------- C:\Program Files\DivX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]
2008-07-03 15:33 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8}]
2008-07-03 06:13 303104 --a------ C:\WINDOWS\kgqfweltedw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad0a833d-f25d-4a67-ac76-1f55f6c211c7}]
2007-12-13 17:58 80448 --a------ C:\WINDOWS\system32\cjnpsqrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3}]
2008-07-03 21:17 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 06:49 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 16:29]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-02 15:09]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 15:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2005-03-16 14:52]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 12:41]
"AVManager"="C:\Program Files\Wistron\AVManager\AVManager.exe" [2004-12-15 16:19]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 14:54]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 14:20]
"iPlusManager"="C:\Program Files\iPlus\iPlusChecker.exe" [2008-01-03 11:59]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2007-08-02 02:08]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09]

C:\Documents and Settings\vobis\Start Menu\Programs\Startup\
OpenOffice.org 2.0.3.lnk - C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe [2006-07-02 17:46:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-03 13:26:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}"= C:\WINDOWS\system32\xxyywwtQ.dll [2008-07-03 15:33 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll [2008-07-03 06:13 225280]
"okmdepgb"= {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll [2008-07-03 06:13 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywwtQ]
xxyywwtQ.dll 2008-07-03 15:33 28800 C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqRKARh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-07-03 21:31:49 ------------

[/blue]
Posted 7/4/2008 5:44 AM
#63189
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :cool:





Please download Malwarebytes' Anti-Malware:

https://www.besttechie.net/tools/mbam-setup.exe







to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch



Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.





Copy and Paste that log into your next reply, along with fresh combofix log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, August 8, 2022, 9:04 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
31 Guest(s), 0 Registered Member(s) are currently online.