Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Explorer.exe turns off and turns on
   
BullGuard Antivirus Forum > Virus > Alerts & New Threats > Explorer.exe turns off and turns on  
Forum Quick Jump
 
New Topic Post reply to : Explorer.exe turns off and turns on Printable version of : Explorer.exe turns off and turns on
[ << Previous Thread | Next Thread >> ]

lotse
New Member


Date Joined Jun 2008
Total Posts : 1
  		   Posted 7-3-2008 9:32 (GMT +2)    Quote: Explorer.exe turns off and turns onAlert an admin about: Explorer.exe turns off and turns on
Hello there. I know, that here are several threads about similar problem. I did everything what was there. But I stlill have this problem. So I'll paste ComboFix and Hijackthis logs. Maybe You'll be able to help me.

First goes ComboFix log. {green}. Hijackthis will be blue.

ComboFix 08-07-02.5 - vobis 2008-07-03 20:52:55.3 - NTFSx86
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\vobis\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\FPAIRqss.ini
C:\WINDOWS\system32\FPAIRqss.ini2
C:\WINDOWS\system32\ssqRIAPF.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 21:15 . 2008-07-03 21:15 53,248 --a------ C:\Temp\catchme.dll
2008-07-03 21:13 . 2008-07-03 21:13 <DIR> d-------- C:\Temp\sv9ne.tmp
2008-07-03 21:12 . 2008-07-03 21:12 <DIR> d-------- C:\Temp\Konnekt_Lothar_6838247e
2008-07-03 19:52 . 2008-07-03 21:13 <DIR> d---s---- C:\Temp\Temporary Internet Files
2008-07-03 19:47 . 2008-07-03 21:16 <DIR> d-------- C:\Temp
2008-07-03 15:39 . 2008-07-03 15:49 347 --ahs---- C:\WINDOWS\system32\ooqpqqss.ini
2008-07-03 15:33 . 2008-07-03 06:13 303,104 --a------ C:\WINDOWS\kgqfweltedw.dll
2008-07-03 15:33 . 2008-07-03 06:13 253,952 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-03 15:33 . 2008-07-03 06:13 225,280 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-03 15:33 . 2008-07-03 06:13 155,648 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-03 15:33 . 2008-06-27 08:35 117,760 --a------ C:\WINDOWS\system32\vav.cpl
2008-07-03 15:33 . 2008-07-03 06:13 86,016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-03 15:33 . 2008-07-03 15:33 28,800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll
2008-07-03 15:19 . 2008-07-03 15:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-03 15:17 . 2008-07-03 15:17 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-03 15:16 . 2008-07-03 15:16 <DIR> d-------- C:\Documents and Settings\vobis\Application Data\DAEMON Tools
2008-07-03 14:42 . 2008-07-03 14:42 292 --a------ C:\WINDOWS\vtmb.ini
2008-07-03 14:28 . 2008-07-03 14:28 <DIR> d-------- C:\Program Files\Activision
2008-07-01 00:40 . 2008-07-01 00:40 4 --a------ C:\loadcounter.dat
2008-06-25 19:01 . 2008-06-26 02:19 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-20 14:52 . 2008-06-21 00:50 <DIR> d-------- C:\Documents and Settings\vobis\Application Data\SPORE Creature Creator
2008-06-20 14:50 . 2008-06-20 14:50 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-04 11:06 . 2008-06-04 12:35 <DIR> d-------- C:\Documents and Settings\vobis\Application Data\BESTplayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:16 266,022,432 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-03 19:14 --------- d-----w C:\Documents and Settings\vobis\Application Data\OpenOffice.org2
2008-07-03 19:13 1,434,144 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-03 19:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 19:10 3,567,980 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-03 19:10 138,584 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-03 12:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 10:13 --------- d-----w C:\Documents and Settings\vobis\Application Data\foobar2000
2008-07-03 05:31 --------- d-----w C:\Documents and Settings\vobis\Application Data\BitTorrent
2008-07-02 09:48 --------- d-----w C:\Documents and Settings\vobis\Application Data\Skype
2008-06-30 16:10 --------- d-----w C:\Program Files\eMule
2008-06-20 12:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-04 13:13 --------- d-----w C:\Program Files\Last.fm
2008-05-26 14:51 --------- d-----w C:\Program Files\thriXXX
2008-05-21 22:57 --------- d-----w C:\Documents and Settings\vobis\Application Data\MegauploadToolbar
2008-05-21 22:31 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-21 21:22 --------- d-----w C:\Program Files\Cheat Engine
2008-05-21 16:53 --------- d-----w C:\Program Files\Speeditup Free
2008-05-21 13:17 --------- d-----w C:\Program Files\Ubisoft
2008-05-21 10:05 --------- d-----w C:\Program Files\GameShadow
2008-05-20 19:37 --------- d-----w C:\Program Files\Table Tennis Pro V2 Lite
2008-05-20 12:39 --------- d-----w C:\Program Files\SSI
2008-05-15 09:02 --------- d-----w C:\Documents and Settings\vobis\Application Data\Mount&Blade
2008-05-14 23:15 --------- d-----w C:\Program Files\Mount&Blade
2008-05-13 20:57 --------- d-----w C:\Program Files\DivX
2008-02-06 16:53 349 ----a-w C:\Program Files\INSTALL.LOG
2007-12-27 22:00 2,855 ----a-w C:\Program Files\foobar2000_0.9.5 beta 9.PIF
2007-12-27 21:50 4,438 ----a-w C:\Program Files\foobar2000_0.9.5 beta 9.exe
2003-12-18 10:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-03 06:46 10,960 ----a-w C:\Program Files\EULA.txt
.

((((((((((((((((((((((((((((( snapshot_2008-07-03_20.01.40.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 17:51:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-03 19:11:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]
2008-07-03 15:33 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8}]
2008-07-03 06:13 303104 --a------ C:\WINDOWS\kgqfweltedw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad0a833d-f25d-4a67-ac76-1f55f6c211c7}]
2007-12-13 17:58 80448 --a------ C:\WINDOWS\system32\cjnpsqrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3}]
2008-07-03 21:17 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AB802BE5-5918-4875-954F-C878E08FC60E}"= "C:\WINDOWS\nqgpedlr.dll" [2008-07-03 06:13 155648]

[HKEY_CLASSES_ROOT\clsid\{ab802be5-5918-4875-954f-c878e08fc60e}]
[HKEY_CLASSES_ROOT\nqgpedlr.1]
[HKEY_CLASSES_ROOT\TypeLib\{7FD9DE6F-3A11-4BA6-B17E-E5C2D1FBB371}]
[HKEY_CLASSES_ROOT\nqgpedlr]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41 503808]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07 729177]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 16:29 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-02 15:09 57344]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 15:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2005-03-16 14:52 204800]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 12:41 81920]
"AVManager"="C:\Program Files\Wistron\AVManager\AVManager.exe" [2004-12-15 16:19 81920]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03 356352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 14:54 180269]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 14:20 190008]
"iPlusManager"="C:\Program Files\iPlus\iPlusChecker.exe" [2008-01-03 11:59 389120]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2007-08-02 02:08 3965440]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24 1065800]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 06:49 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\vobis\Start Menu\Programs\Startup\
OpenOffice.org 2.0.3.lnk - C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe [2006-07-02 17:46:50 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-03 13:26:48 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}"= "C:\WINDOWS\system32\xxyywwtQ.dll" [2008-07-03 15:33 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll [2008-07-03 06:13 225280]
"okmdepgb"= {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll [2008-07-03 06:13 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywwtQ]
2008-07-03 15:33 28800 C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\urqRKARh

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2235:TCP"= 2235:TCP:slsk
"2237:TCP"= 2237:TCP:torrent

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R2 GtDetectSc;GtDetectSc Service;C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe [2007-08-29 12:10]
R2 GtFlashSwitch;GtFlashSwitch Service;C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe [2007-08-29 12:10]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-08-25 16:15]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-08-25 16:15]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-08-25 16:15]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2005-08-25 16:15]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 01:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.exe
- C:\Program Files\RegClean
"2008-07-03 11:54:25 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 21:15:20
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\xxyywwtQ.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\ehome\ehRec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.bin
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-07-03 21:25:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 19:25:14
ComboFix2.txt 2008-07-03 18:06:31
ComboFix3.txt 2007-11-14 15:09:51

Pre-Run: 31,130,398,720 bytes free
Post-Run: 31,148,519,424 bajt˘w wolnych

239 --- E O F --- 2008-01-11 02:01:13






And now hijackthis


Deckard's System Scanner v20071014.68
Run by vobis on 2008-07-03 21:27:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 89% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as vobis.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:18, on 2008-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe
C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\vobis\My Documents\zxvc\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\vobis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcf.pl/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\WINDOWS\system32\xxyywwtQ.dll
O2 - BHO: QXK Olive - {8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8} - C:\WINDOWS\kgqfweltedw.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7c112c6f-55f1-67ca-76a4-d52fd338a0da} - {ad0a833d-f25d-4a67-ac76-1f55f6c211c7} - C:\WINDOWS\system32\cjnpsqrw.dll
O2 - BHO: (no name) - {AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3} - C:\WINDOWS\system32\urqRKARh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O3 - Toolbar: nqgpedlr - {AB802BE5-5918-4875-954F-C878E08FC60E} - C:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Program Files\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: OpenOffice.org 2.0.3.lnk = C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LOTH
O17 - HKLM\Software\..\Telephony: DomainName = LOTH
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LOTH
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: xxyywwtQ - C:\WINDOWS\SYSTEM32\xxyywwtQ.dll
O21 - SSODL: axrfgvek - {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Canon Inc. - (no file)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Canon Inc. - (no file)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Canon Inc. - (no file)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GtDetectSc Service (GtDetectSc) - OptionNV - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe
O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - Option - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 10254 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 21:17:35 347 --ahs---- C:\WINDOWS\system32\hRAKRqru.ini2
2008-07-03 21:17:30 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll
2008-07-03 19:47:12 0 d-------- C:\Temp
2008-07-03 19:21:37 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-03 19:21:36 68096 --a------ C:\WINDOWS\zip.exe
2008-07-03 19:21:36 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-03 19:21:36 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-03 19:21:36 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-03 19:21:36 98816 --a------ C:\WINDOWS\sed.exe
2008-07-03 19:21:36 80412 --a------ C:\WINDOWS\grep.exe
2008-07-03 19:21:36 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-03 15:33:52 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll
2008-07-03 15:33:14 253952 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-03 15:33:14 155648 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-03 15:33:14 86016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-03 15:33:14 303104 --a------ C:\WINDOWS\kgqfweltedw.dll
2008-07-03 15:33:14 225280 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-03 15:19:51 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-03 15:17:07 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-03 15:16:58 0 d-------- C:\Documents and Settings\vobis\Application Data\DAEMON Tools
2008-07-03 14:28:10 0 d-------- C:\Program Files\Activision
2008-07-01 00:40:18 4 --a------ C:\loadcounter.dat
2008-06-25 19:01:15 0 d-------- C:\Program Files\VideoLAN
2008-06-20 14:52:57 0 d-------- C:\Documents and Settings\vobis\Application Data\SPORE Creature Creator
2008-06-20 14:50:39 0 d-------- C:\Program Files\Electronic Arts
2008-06-04 11:06:35 0 d-------- C:\Documents and Settings\vobis\Application Data\BESTplayer


-- Find3M Report ---------------------------------------------------------------

2008-07-03 21:14:01 0 d-------- C:\Documents and Settings\vobis\Application Data\OpenOffice.org2
2008-07-03 14:43:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 12:13:26 0 d-------- C:\Documents and Settings\vobis\Application Data\foobar2000
2008-07-03 07:31:35 0 d-------- C:\Documents and Settings\vobis\Application Data\BitTorrent
2008-07-02 16:27:54 3718 --a----c- C:\WINDOWS\mozver.dat
2008-07-02 11:48:21 0 d-------- C:\Documents and Settings\vobis\Application Data\Skype
2008-07-01 15:23:44 0 d-------- C:\Documents and Settings\vobis\Application Data\Adobe
2008-06-30 18:10:51 0 d-------- C:\Program Files\eMule
2008-06-04 15:13:02 0 d-------- C:\Program Files\Last.fm
2008-05-26 16:51:52 0 d-------- C:\Program Files\thriXXX
2008-05-22 00:57:29 0 d-------- C:\Documents and Settings\vobis\Application Data\MegauploadToolbar
2008-05-22 00:31:29 0 d-------- C:\Program Files\Spyware Doctor
2008-05-21 23:22:19 0 d-------- C:\Program Files\Cheat Engine
2008-05-21 18:53:20 0 d-------- C:\Program Files\Speeditup Free
2008-05-21 15:17:35 0 d-------- C:\Program Files\Ubisoft
2008-05-21 12:05:39 0 d-------- C:\Program Files\GameShadow
2008-05-20 21:37:24 0 d-------- C:\Program Files\Table Tennis Pro V2 Lite
2008-05-20 14:39:27 0 d-------- C:\Program Files\SSI
2008-05-15 11:02:44 0 d-------- C:\Documents and Settings\vobis\Application Data\Mount&Blade
2008-05-15 01:15:46 0 d-------- C:\Program Files\Mount&Blade
2008-05-13 22:57:45 0 d-------- C:\Program Files\DivX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]
2008-07-03 15:33 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8}]
2008-07-03 06:13 303104 --a------ C:\WINDOWS\kgqfweltedw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad0a833d-f25d-4a67-ac76-1f55f6c211c7}]
2007-12-13 17:58 80448 --a------ C:\WINDOWS\system32\cjnpsqrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3}]
2008-07-03 21:17 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 06:49 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 16:29]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-02 15:09]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 15:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2005-03-16 14:52]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 12:41]
"AVManager"="C:\Program Files\Wistron\AVManager\AVManager.exe" [2004-12-15 16:19]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 14:54]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 14:20]
"iPlusManager"="C:\Program Files\iPlus\iPlusChecker.exe" [2008-01-03 11:59]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2007-08-02 02:08]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09]

C:\Documents and Settings\vobis\Start Menu\Programs\Startup\
OpenOffice.org 2.0.3.lnk - C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe [2006-07-02 17:46:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-03 13:26:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}"= C:\WINDOWS\system32\xxyywwtQ.dll [2008-07-03 15:33 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll [2008-07-03 06:13 225280]
"okmdepgb"= {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll [2008-07-03 06:13 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywwtQ]
xxyywwtQ.dll 2008-07-03 15:33 28800 C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqRKARh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-07-03 21:31:49 ------------

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13142
  		   Posted 7-4-2008 7:44 (GMT +2)    Quote: Explorer.exe turns off and turns onAlert an admin about: Explorer.exe turns off and turns on
Hello cool
 
 
Please download Malwarebytes' Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
 
 
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
Copy and Paste that log into your next reply, along with fresh combofix log.

Do NOT post your problem in someone elses thread.

Back to Top
 
New Topic Post reply to : Explorer.exe turns off and turns on Printable version of : Explorer.exe turns off and turns on
 
Forum Information
Currently it is Sunday, October 12, 2008 9:45 AM (GMT +2)
There are a total of 62.731 posts in 15.642 threads.
In the last 3 days there were 31 new threads and 92 reply posts. View Active Threads
Who's Online
This forum has 26710 registered members. Please welcome our newest member, traveller.
45 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Pop Up when the System Starts - Suspecting Win32: Trojan-gen{Other} (7)12-10-2008 07:34:06 (Touch)
Hot sell nike, shox,air max,dunk,air force,puma,shoes Jordan AF1<5,12,23,7,4> Compages (2)12-10-2008 07:32:26 (Touch)
Win32:trogan (5)12-10-2008 06:04:29 (Touch)
Help with strange virus please! (3)12-10-2008 06:00:10 (Touch)
Msn (1)12-10-2008 05:58:51 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard