DDS (Ver_09-12-01.01) - NTFSx86
Run by WHLI at 17:41:09.40 on Thu 02/11/2010
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.247.59 [GMT -8:00]
============== Running Processes ===============
C:\Windows\system32\svchost -k rpcss
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe -k imgsvc
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\DOCUME~1\user1\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = c:\windows\system32\spywarewarning.mht
uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/iemDefault_Search_URL =
hxxp://www.google.com/iemStart Page =
hxxp://go.compaq.com/1Q00CDT/0409/bl7.aspmSearch Bar =
hxxp://go.compaq.com/1Q00CDT/0409/bl8.aspuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%smSearchAssistant =
hxxp://as.starware.com/dp/search?product=ssearch&src_id=299&it=1097269628&client_id=10931183650000000101000768361&version=g_4.4.2uURLSearchHooks: Yahoo! Toolbar BETA: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\drivers\services.exe
BHO: {32341e7e-c319-46de-91d0-e30bb1a3caba} - c:\windows\system32\urqRJBQH.dll
BHO: {87a8a3ba-5f5b-4b15-9cc3-745a08a40d65} - c:\windows\system32\fccYRKdd.dll
BHO: {6524fed4-9a48-b3f8-9244-573d2c4f5e2b}: {b2e5f4c2-d375-4429-8f3b-84a94def4256} - c:\windows\system32\vzbcgt.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Starware Toolbar: {fe6bc4ef-5676-484b-88ae-883323913256} - c:\progra~1\comet\bin\csietb.dll
TB: My &Search Bar: {0494d0d9-f8e0-41ad-92a3-14154ece70ac} - c:\program files\myway\mybar\1.bin\MYBAR.DLL
TB: Yahoo! Toolbar BETA: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No File
EB: {7E66936C-FEA0-4984-AD26-7B6661AC5B2E} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
EB: Starware: {90c61707-c8f8-43db-a25c-c1f4b18ee41e} - c:\progra~1\comet\bin\csband.dll
uRunServices: [IEUpdate] c:\windows\system32\actmoviej.exe
mRun: [BMdf887a8c] Rundll32.exe "c:\windows\system32\qjvwvgux.dll",s
mRun: [[system]] c:\windows\system32\drivers\services.exe
mRun: [winlogon] c:\documents and settings\user1\svchost.exe
mRun: [dcbb4910] rundll32.exe "c:\windows\system32\chavoqxa.dll",b
mRunServices: [CPQDFWAG] c:\windows\cpqdiag\CpqDfwAg.exe
mRunServices: [IEUpdate] c:\windows\system32\actmoviej.exe
dRun: [ntuser] c:\windows\system32\drivers\spools.exe
dRun: [autoload] c:\documents and settings\localservice\cftmon.exe
dRun: [[system]] c:\windows\system32\drivers\services.exe
dRun: [winlogon] c:\documents and settings\localservice\svchost.exe
StartupFolder: c:\documents and settings\user1\start menu\programs\startup\userinit.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe1
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
uPolicies-system: Wallpaper =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java -
file://c:\windows\java\classes\xmldso.cabDPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
hxxp://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.8.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {33564D57-9980-0010-8000-00AA00389B71} -
hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cabDPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39380.7089814815DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: urqRJBQH - urqRJBQH.dll
Notify: __c00B1101 - c:\windows\system32\__c00B1101.dat
AppInit_DLLs: jymgfahr.dll
SEH: {32341e7e-c319-46de-91d0-e30bb1a3caba} - c:\windows\system32\urqRJBQH.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccYRKdd
SubSystems: Windows = basefmok32
============= SERVICES / DRIVERS ===============
R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [2004-7-25 54222]
R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-24 547744]
S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060727.049\NAVENG.sys [2006-7-31 79240]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060727.049\NAVEX15.sys [2006-7-31 828808]
S4 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;c:\windows\cpqdiag\CPQDFWAG.EXE [2004-7-25 212992]
S4 cpqWebDmi;Compaq DMI Web Agent;c:\progra~1\compaq\compaq~1\cpqweb~1\WebDmi.exe [2004-7-25 24576]
S4 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
============== File Associations ===============
exefile=c:\windows\system32\drivers\spools.exe "%1" %*
=============== Created Last 30 ================
2010-02-04 17:39:53 0 d-----w- c:\program files\TrendMicro
2010-02-02 20:24:27 0 d-----w- c:\windows\Favorites
2010-02-02 18:53:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-02 18:25:54 294 --sh--w- c:\windows\system32\axqovahc.ini
2010-02-02 18:25:43 78848 ----a-w- c:\windows\system32\chavoqxa.dll
2010-02-02 18:06:44 103424 ----a-w- c:\windows\system32\vzbcgt.dll
2010-02-02 18:06:44 103424 ----a-w- c:\windows\system32\ohbecgbu.dll
2010-02-02 18:04:51 294 --sh--w- c:\windows\system32\mngtbwxt.ini
2010-02-02 18:04:41 78848 ----a-w- c:\windows\system32\txwbtgnm.dll
==================== Find3M ====================
2010-02-12 01:39:48 0 ----a-w- C:\MSN Password Cracker.exe
2010-02-12 01:39:43 41780 --sha-w- c:\windows\system32\ddKRYccf.ini2
2010-02-11 17:37:29 27648 ----a-w- c:\windows\system32\__c00B1101.dat
2010-02-04 21:30:50 306 ----a-w- C:\xcrashdump.dat
2010-02-02 21:00:27 19456 ----a-w- C:\Website Hacker.exe
2010-02-02 18:40:19 0 ----a-w- C:\Norton Anti-Virus 2005 Enterprise Crack.exe
2001-08-18 05:36:58 4096 --sha-w- c:\windows\system32\1112.dat
2008-05-28 19:02:35 97280 --sh--r- c:\windows\system32\adsndso.exe
2008-06-12 15:37:48 41472 --sha-w- c:\windows\system32\Crypt16_v00.dll
2008-07-01 23:59:03 41472 --sha-w- c:\windows\system32\Crypt_16.dll
2008-06-02 17:12:49 40960 --sha-w- c:\windows\system32\drivers\Crypt_16.dll
============= FINISH: 17:43:54.70 ===============