I Have Tro Jans HELP

I know, its Trojans, but my stupid browser is infected where if it sees ‘Trojan’ in a search or on a page title it shuts off. I have many problems, one of which is a Win32:Delf-Dom reiterating itself every time Avast! says it deletes it. It is called d3acdb.dll.tmp most times. I also have a suspicious process, ‘xdknteve.exe’ running that I’m curious about. I would appreciate any and all help on the matter.

By the way, I apologize if this topic is in another thread, but anything with Trojan in it shuts down my browser, so…

[edit] i just realized that whatever has my browser infected will not let me download anything either, but i have Avast! and Spybot: Search and Destroy, and Ad-Aware (free versions of each) if those will help me. I’m a fairly saavy guy, but have as of yet come across no solution, HELP!!!

If a virus is replicant (coming and coming again), you should:

  1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3).

  2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
    If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

  5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

  6. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

  7. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

Do you have access to another computer where you could download some tools, burn them to CD, and copy them to the infected computer.

Yes, I actually do… What did you have in mind?
Here is a list of bugs I have, if anyone knows how to fix them :frowning:

Firefox can’t download
Firefox exits at sight of ‘trojan’ and other buzzwords in title or search
d3acdb.dll.tmp keeps reappearing, even after I tell Avast! to delete it
Every time I access the internet, even now, Internet Explorer launches and navigates to ad websites
My system is running a LOT slower than usual… I’ve run the normal checks.
By the way, kudos to anyone who can tell me what xdknteve.exe is, I have no idea, but it’s new-ish, so…

Too soon to tell what xdknteve.exe is but we should be able to get things under control.

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

Next, Click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

.

Now download OTMoveIt by OldTimer. Save it to your desktop but don’t run it just yet.

Also download/install the free version of SuperAntiSpyware and AVG Antispyware

http://www.superantispyware.com

http://free.grisoft.com/doc/20/lng/us/tpl/v5

Update these after installing them, if you can.

When you post the ComboFix and HJT logs also let me know if you have a firewall.

I indeed do not have a firewall enabled, I would greatly appreciate if you could recommend one. Thx for your help, by the way, I can download things now after what ComboFix did. I had a BHO hidden screwing up my browsers.

I’m attaching the logs as files because I exceeded the character limit

ComboFix 07-06-18.2
“Slayer” - 2007-06-24 2:00:43 - Service Pack 1 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\clbqbijj.dll
C:\WINDOWS\system32\cskhuoww.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\gpcthnuq.dll
C:\WINDOWS\system32\hetgysub.dll
C:\WINDOWS\system32\hnxxirje.dll
C:\WINDOWS\system32\mbrvonti.dll
C:\WINDOWS\system32\puruwyrt.dll
C:\WINDOWS\system32\ulhrysdx.dll
C:\WINDOWS\system32\vtppvcwq.dll
C:\WINDOWS\system32\xdcsgrqh.dll
C:\WINDOWS\system32\awtqnlj.dll
C:\WINDOWS\system32\tuvuuss.dll
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\jjibqblc.ini
C:\WINDOWS\system32\wwouhksc.ini
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\busygteh.ini
C:\WINDOWS\system32\ejrixxnh.ini
C:\WINDOWS\system32\xdsyrhlu.ini
C:\WINDOWS\system32\qwcvpptv.ini
C:\WINDOWS\system32\hqrgscdx.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\nnnnmnn.dll

      • POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Slayer\MYDOCU~1.\ymante~1
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\WINDOWS\system32\bbetpekugqur.dll
C:\WINDOWS\system32\qkmrbyrvymno.dll
C:\WINDOWS\wr.txt

((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\clbqbijj.dll
C:\WINDOWS\system32\cskhuoww.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\gpcthnuq.dll
C:\WINDOWS\system32\hetgysub.dll
C:\WINDOWS\system32\hnxxirje.dll
C:\WINDOWS\system32\mbrvonti.dll
C:\WINDOWS\system32\puruwyrt.dll
C:\WINDOWS\system32\ulhrysdx.dll
C:\WINDOWS\system32\vtppvcwq.dll
C:\WINDOWS\system32\xdcsgrqh.dll
C:\WINDOWS\system32\awtqnlj.dll
C:\WINDOWS\system32\tuvuuss.dll
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\jjibqblc.ini
C:\WINDOWS\system32\wwouhksc.ini
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\busygteh.ini
C:\WINDOWS\system32\ejrixxnh.ini
C:\WINDOWS\system32\xdsyrhlu.ini
C:\WINDOWS\system32\qwcvpptv.ini
C:\WINDOWS\system32\hqrgscdx.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\nnnnmnn.dll

      • POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Slayer\MYDOCU~1.\ymante~1
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\WINDOWS\system32\bbetpekugqur.dll
C:\WINDOWS\system32\qkmrbyrvymno.dll
C:\WINDOWS\wr.txt

((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))

2007-06-24 01:59 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-24 01:59 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 23:25 122,900 --a------ C:\WINDOWS\system32\jbscyogw.exe
2007-06-23 23:25 122,900 --a------ C:\WINDOWS\system32\jbscyogw.exe
2007-06-23 23:11 83,456 --a------ C:\WINDOWS\system32\ggf.exe
2007-06-23 23:11 83,456 --a------ C:\WINDOWS\system32\ggf.exe
2007-06-23 09:44 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-23 09:44 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-22 23:26 122,900 --a------ C:\WINDOWS\system32\gutfclrd.exe
2007-06-22 23:26 122,900 --a------ C:\WINDOWS\system32\gutfclrd.exe
2007-06-22 23:25 d-------- C:\WINDOWS\LastGood.Tmp
2007-06-22 23:25 d-------- C:\WINDOWS\LastGood.Tmp
2007-06-22 21:42 55 --a------ C:\DOCUME~1\Slayer\xdkntevekill.bat
2007-06-22 20:26 4,628 --a------ C:\WINDOWS\system32\sxbwslgv.exe
2007-06-22 20:26 4,628 --a------ C:\WINDOWS\system32\sxbwslgv.exe
2007-06-21 21:08 d-------- C:\DOCUME~1\Slayer\APPLIC~1\OpenOffice.org2
2007-06-21 21:04 d-------- C:\Program Files\OpenOffice.org 2.2
2007-06-20 22:35 d-------- C:\Program Files\Lavasoft
2007-06-20 22:35 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-20 22:34 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-20 22:34 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-19 21:59 d-------- C:\Veoh
2007-06-19 21:59 d-------- C:\Veoh
2007-06-19 21:01 122,900 --a------ C:\WINDOWS\system32\xdknteve.exe
2007-06-19 21:01 122,900 --a------ C:\WINDOWS\system32\xdknteve.exe
2007-06-19 10:28 d-------- C:\Incomplete
2007-06-19 10:28 d-------- C:\Incomplete
2007-06-18 18:41 d-------- C:\Program Files\LimeWire
2007-06-18 18:41 d-------- C:\Music
2007-06-18 18:41 d-------- C:\Music
2007-06-18 18:41 d-------- C:\DOCUME~1\Slayer\Incomplete
2007-06-18 18:41 d-------- C:\DOCUME~1\Slayer\APPLIC~1\LimeWire
2007-06-17 20:11 3,192,825 --a------ C:\haloce.exe
2007-06-17 20:11 3,192,825 --a------ C:\haloce.exe
2007-06-17 19:39 d-------- C:\DOCUME~1\Slayer\APPLIC~1\WinRAR
2007-06-17 18:25 d-------- C:\WINDOWS\system32\rserver30
2007-06-17 18:25 d-------- C:\WINDOWS\system32\rserver30
2007-06-17 18:15 d-------- C:\DOCUME~1\Slayer\APPLIC~1\Radmin
2007-06-17 15:19 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-16 20:37 125,972 --a------ C:\WINDOWS\system32\cgdncaox.dll
2007-06-16 20:37 125,972 --a------ C:\WINDOWS\system32\cgdncaox.dll
2007-06-16 20:29 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-06-16 20:29 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-06-16 20:29 d-------- C:\Program Files\ATI Technologies
2007-06-16 20:27 d-------- C:\ATI
2007-06-16 20:27 d-------- C:\ATI
2007-06-16 20:20 50,510,847 --a------ C:\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185.exe
2007-06-16 20:20 50,510,847 --a------ C:\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185.exe
2007-06-16 20:14 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2007-06-16 20:14 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2007-06-16 20:14 844,675 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-06-16 20:14 844,675 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-06-12 19:04 d-------- C:\DOCUME~1\Slayer\runtime-EclipseApplication
2007-06-12 18:46 d-------- C:\DOCUME~1\Slayer\workspace
2007-06-12 10:11 d-------- C:\DOCUME~1\Slayer\APPLIC~1\MSN6
2007-06-12 10:11 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-06-09 19:20 d-------- C:\Hero Editor
2007-06-09 19:20 d-------- C:\Hero Editor
2007-06-09 19:19 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-06-09 19:19 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-06-09 19:19 249,856 --------- C:\WINDOWS\Setup1.exe
2007-06-09 19:19 249,856 --------- C:\WINDOWS\Setup1.exe
2007-06-09 14:16 d–h----- C:\WINDOWS$hf_mig$
2007-06-09 14:16 d–h----- C:\WINDOWS$hf_mig$
2007-06-08 16:14 499,712 -ra------ C:\WINDOWS\system32\msvcp71.dll
2007-06-08 16:14 499,712 -ra------ C:\WINDOWS\system32\msvcp71.dll
2007-06-08 16:14 1,060,864 -ra------ C:\WINDOWS\system32\MFC71.dll
2007-06-08 16:14 1,060,864 -ra------ C:\WINDOWS\system32\MFC71.dll
2007-06-06 20:30 55,316 --a------ C:\WINDOWS\system32\msgemkdu.dll
2007-06-06 20:30 55,316 --a------ C:\WINDOWS\system32\msgemkdu.dll
2007-06-06 20:17 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-06 20:17 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-06 20:16 d-------- C:\NVIDIA
2007-06-06 20:16 d-------- C:\NVIDIA
2007-06-06 12:52 36,864 --a------ C:\Diablo II.exe
2007-06-06 12:52 36,864 --a------ C:\Diablo II.exe
2007-06-06 10:53 d–h----- C:\WINDOWS\PIF
2007-06-06 10:53 d–h----- C:\WINDOWS\PIF
2007-06-05 18:57 248,320 --a------ C:\WINDOWS\system32\installer_s.exe
2007-06-05 18:57 248,320 --a------ C:\WINDOWS\system32\installer_s.exe
2007-06-04 15:36 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-06-04 15:36 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-06-04 15:36 26,330 --a------ C:\WINDOWS\DIIUnin.dat
2007-06-04 15:36 26,330 --a------ C:\WINDOWS\DIIUnin.dat
2007-06-04 15:36 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-06-04 15:36 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 14:56 d-------- C:\Starcraft
2007-06-03 14:56 d-------- C:\Starcraft
2007-06-03 13:59 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-03 13:59 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-03 13:59 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-06-03 13:59 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-06-03 13:59 34,615 --a------ C:\WINDOWS\scunin.dat
2007-06-03 13:59 34,615 --a------ C:\WINDOWS\scunin.dat

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 15:32:38 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-06-21 15:32:37 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-06-21 15:32:37 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-06-20 03:01:20 -------- d–h–w C:\Program Files\InstallShield Installation Information
2007-06-18 01:10:45 -------- d-----w C:\Program Files\Microsoft Games
2007-06-12 20:42:43 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
2007-06-12 15:11:09 -------- d-----w C:\Program Files\Online Services
2007-06-06 16:17:54 -------- d-----w C:\Program Files\Windows NT
2007-06-03 03:16:00 -------- d–h–w C:\Program Files\WindowsUpdate
2007-06-02 11:58:55 -------- d-----w C:\DOCUME~1\Slayer\APPLIC~1\U3
2007-06-01 02:59:15 -------- d-----w C:\DOCUME~1\Slayer\APPLIC~1\Simple Sudoku
2007-06-01 02:26:39 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-24 08:24:49 -------- d-----w C:\DOCUME~1\Slayer\APPLIC~1\ChessBase
2007-05-24 01:32:34 -------- d-----w C:\Program Files\Common Files\ChessBase
2007-05-15 05:35:13 -------- d-----w C:\Program Files\Blender
2007-04-28 23:31:32 -------- d-----w C:\DOCUME~1\Slayer\APPLIC~1\Help
2007-04-28 23:27:17 178 ----a-w C:\WINDOWS\PowerReg.dat
2007-04-18 13:51:20 2,113,536 ----a-w C:\WINDOWS\system32\python25.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-27 02:38:20 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-27 02:38:12 2,301 ----a-w C:\WINDOWS\mozver.dat
No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 15:32:38 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-06-21 15:32:37 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-06-21 15:32:37 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-06-20 03:01:20 -------- d–h–w C:\Program Files\InstallShield Installation Information
2007-06-18 01:10:45 -------- d-----w C:\Program Files\Microsoft Games
2007-06-12 20:42:43 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
2007-06-12 15:11:09 -------- d-----w C:\Program Files\Online Services
2007-06-06 16:17:54 -------- d-----w C:\Program Files\Windows NT
2007-06-03 03:16:00 -------- d–h–w C:\Program Files\WindowsUpdate
2007-06-02 11:58:55 -------- d-----w C:\DOCUME~1\Slayer\APPLIC~1\U3
2007-06-01 02:59:15 -------- d-----w C:\DOCUME~1\Slayer\APPLIC~1\Simple Sudoku
2007-06-01 02:26:39 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-24 08:24:49 -------- d-----w C:\DOCUME~1\Slayer\APPLIC~1\ChessBase
2007-05-24 01:32:34 -------- d-----w C:\Program Files\Common Files\ChessBase
2007-05-15 05:35:13 -------- d-----w C:\Program Files\Blender
2007-04-28 23:31:32 -------- d-----w C:\DOCUME~1\Slayer\APPLIC~1\Help
2007-04-28 23:27:17 178 ----a-w C:\WINDOWS\PowerReg.dat
2007-04-18 13:51:20 2,113,536 ----a-w C:\WINDOWS\system32\python25.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-27 02:38:20 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-27 02:38:12 2,301 ----a-w C:\WINDOWS\mozver.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{18C7DC10-D544-4398-8B09-7477CAAA896b}=C:\WINDOWS\System32\cgdncaox.dll [2007-06-16 20:37]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“nwiz”=“nwiz.exe” [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 10:42]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{18C7DC10-D544-4398-8B09-7477CAAA896b}=C:\WINDOWS\System32\cgdncaox.dll [2007-06-16 20:37]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 10:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkcv32]
winkcv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkcv32]
winkcv32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slayer^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Slayer\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slayer^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
path=C:\Documents and Settings\Slayer\Start Menu\Programs\Startup\SDK Tray Menu.lnk
backup=C:\WINDOWS\pss\SDK Tray Menu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe “C:\WINDOWS\System32\pobohgdk.dll”,realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\arwlapwl]
C:\WINDOWS\System32\arwlapwl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgjcpcji]
C:\WINDOWS\System32\bgjcpcji.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bmbqpkvy]
C:\WINDOWS\System32\bmbqpkvy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cbqzidut]
C:\WINDOWS\System32\cbqzidut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dkvwdapk]
C:\WINDOWS\System32\dkvwdapk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dkzelohy]
C:\WINDOWS\System32\dkzelohy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmjkdazs]
C:\WINDOWS\System32\dmjkdazs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmzqrely]
C:\WINDOWS\System32\dmzqrely.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dybenetq]
C:\WINDOWS\System32\dybenetq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ebezizsn]
C:\WINDOWS\System32\ebezizsn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epyngpar]
C:\WINDOWS\System32\epyngpar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eviholov]
C:\WINDOWS\System32\eviholov.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezodefqf]
C:\WINDOWS\System32\ezodefqf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fklcrqdm]
C:\WINDOWS\System32\fklcrqdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fonyrgtk]
C:\WINDOWS\System32\fonyrgtk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsjujszm]
C:\WINDOWS\System32\fsjujszm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fuxqpchc]
C:\WINDOWS\System32\fuxqpchc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe “C:\WINDOWS\System32\ulhrysdx.dll”,realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gpuzqrsn]
C:\WINDOWS\System32\gpuzqrsn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gtabetsp]
C:\WINDOWS\System32\gtabetsp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hmhuvwju]
C:\WINDOWS\System32\hmhuvwju.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hmrezmtw]
C:\WINDOWS\System32\hmrezmtw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hynupatw]
C:\WINDOWS\System32\hynupatw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inqrqnal]
C:\WINDOWS\System32\inqrqnal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ivybmvmb]
C:\WINDOWS\System32\ivybmvmb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ixevgdoz]
C:\WINDOWS\System32\ixevgdoz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j3241731]
rundll32 C:\WINDOWS\System32\j3241731.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jgfunafq]
C:\WINDOWS\System32\jgfunafq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jizkjcnw]
C:\WINDOWS\System32\jizkjcnw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jqlwdojk]
C:\WINDOWS\System32\jqlwdojk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jqpwvgjs]
C:\WINDOWS\System32\jqpwvgjs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsnoxiza]
C:\WINDOWS\System32\jsnoxiza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jyhadqly]
C:\WINDOWS\System32\jyhadqly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbglanyj]
C:\WINDOWS\System32\kbglanyj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\khofengf]
C:\WINDOWS\System32\khofengf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\knwlalqt]
C:\WINDOWS\System32\knwlalqt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lcfidcns]
C:\WINDOWS\System32\lcfidcns.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lmjsjuni]
C:\WINDOWS\System32\lmjsjuni.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbypqbej]
C:\WINDOWS\System32\mbypqbej.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfalmjaf]
C:\WINDOWS\System32\mfalmjaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfizgtez]
C:\WINDOWS\System32\mfizgtez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhijmvqd]
C:\WINDOWS\System32\mhijmvqd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhoxwdyv]
C:\WINDOWS\System32\mhoxwdyv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlqvgzgb]
C:\WINDOWS\System32\mlqvgzgb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mzsxszwd]
C:\WINDOWS\System32\mzsxszwd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nebyzkdm.exe]
C:\Documents and Settings\All Users\Application Data\nebyzkdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nydqjapo]
C:\WINDOWS\System32\nydqjapo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\obspotal]
C:\WINDOWS\System32\obspotal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ojmnctax]
C:\WINDOWS\System32\ojmnctax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\olsfkdyz]
C:\WINDOWS\System32\olsfkdyz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\otwdmfin]
C:\WINDOWS\System32\otwdmfin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ovuvadgn]
C:\WINDOWS\System32\ovuvadgn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcxihedu]
C:\WINDOWS\System32\pcxihedu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pehcbcdy]
C:\WINDOWS\System32\pehcbcdy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pkbefaxc]
C:\WINDOWS\System32\pkbefaxc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqnqfavi]
C:\WINDOWS\System32\pqnqfavi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqxupqpu]
C:\WINDOWS\System32\pqxupqpu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qbclwdwp]
C:\WINDOWS\System32\qbclwdwp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qfsvajob]
C:\WINDOWS\System32\qfsvajob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qjqnepgl]
C:\WINDOWS\System32\qjqnepgl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qjyjcdmn]
C:\WINDOWS\System32\qjyjcdmn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qtqzaxql]
C:\WINDOWS\System32\qtqzaxql.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qxajexcf]
C:\WINDOWS\System32\qxajexcf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rooh]
“C:\DOCUME~1\Slayer\MYDOCU~1\YMANTE~1\winlogon.exe” -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ropmzork]
C:\WINDOWS\System32\ropmzork.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rslkxgnm]
C:\WINDOWS\System32\rslkxgnm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ruvsfglg]
C:\WINDOWS\System32\ruvsfglg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sjwpufex]
C:\WINDOWS\System32\sjwpufex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spobozyf]
C:\WINDOWS\System32\spobozyf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srsxafsh]
C:\WINDOWS\System32\srsxafsh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcjspube]
C:\WINDOWS\System32\tcjspube.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tghoboji]
C:\WINDOWS\System32\tghoboji.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tqtghkbi]
C:\WINDOWS\System32\tqtghkbi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsbqnybm]
C:\WINDOWS\System32\tsbqnybm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tudglytw]
C:\WINDOWS\System32\tudglytw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\twpabuja]
C:\WINDOWS\System32\twpabuja.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tytunopk]
C:\WINDOWS\System32\tytunopk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyvubivk]
C:\WINDOWS\System32\tyvubivk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\unadgpgr]
C:\WINDOWS\System32\unadgpgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uvixwxon]
C:\WINDOWS\System32\uvixwxon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uvkrujqn]
C:\WINDOWS\System32\uvkrujqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vabgbkxs]
C:\WINDOWS\System32\vabgbkxs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcdqnexq]
C:\WINDOWS\System32\vcdqnexq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcjurepe]
C:\WINDOWS\System32\vcjurepe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
“C:\Veoh\VeohClient.exe” /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vofuxspa]
C:\WINDOWS\System32\vofuxspa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\volmlkjy]
C:\WINDOWS\System32\volmlkjy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wnkvazyp]
C:\WINDOWS\System32\wnkvazyp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvuxqbkl]
C:\WINDOWS\System32\wvuxqbkl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmjmjcri]
C:\WINDOWS\System32\xmjmjcri.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xspotslk]
C:\WINDOWS\System32\xspotslk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xulalydm]
C:\WINDOWS\System32\xulalydm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ylkryzqn]
C:\WINDOWS\System32\ylkryzqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ylqzmjaz]
C:\WINDOWS\System32\ylqzmjaz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ypelyvch]
C:\WINDOWS\System32\ypelyvch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yrqpulih]
C:\WINDOWS\System32\yrqpulih.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ytepqhcp]
C:\WINDOWS\System32\ytepqhcp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yzytwxqt]
C:\WINDOWS\System32\yzytwxqt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zgjivwtc]
C:\WINDOWS\System32\zgjivwtc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zozgzcnm]
C:\WINDOWS\System32\zozgzcnm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsvuruly]
C:\WINDOWS\System32\zsvuruly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zwpiduzg]
C:\WINDOWS\System32\zwpiduzg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zybiloxk]
C:\WINDOWS\System32\zybiloxk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“NVSvc”=2 (0x2)
“AppServer9PE”=2 (0x2)


catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 02:07:01
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppServer9PE]
“ImagePath”=“C:\Sun\SDK 2\lib\appservService.exe "\“C:\Sun\SDK 2\bin\asadmin.bat\” start-domain --user passpass domain1" "\“C:\Sun\SDK 2\bin\asadmin.bat\” stop-domain domain1\”"

Completion time: 2007-06-24 2:09:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-06-24 02:08

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 2:17:37 AM, on 6/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\xdknteve.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: (no name) - {18C7DC10-D544-4398-8B09-7477CAAA896b} - C:\WINDOWS\System32\cgdncaox.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O20 - Winlogon Notify: winkcv32 - winkcv32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\System32\xdknteve.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Wow - at least your HJT log is short.

Comodo Firewall has been working well for me. PC Tools Firewall and Zone Alarm are also good, and all 3 are free. Here’s a link to a Comodo download

http://filehippo.com/download_comodo/

Get one of the firewalls installed, then run a thorough scan with either AVG AntiSpyware or SuperAntiSpyware and post that log. I will review things in the morning.

One more thing. Upload these files to Virus Total for analysis and post the results

C:\WINDOWS\system32\cgdncaox.dll

C:\WINDOWS\System32\xdknteve.exe

I, too, must turn in, it is 3:13am here, but I will post the avg log asap. thank you for all of your help.

alert users of this forum to never go to seriall.com to find serial codes to games. (i only misplaced mine) i believe this website to be the root of my problems.

Cracking is closely related to pornography and these two with malware.
Safe browsing is not that close with these activities.

Essexboy has kindly offered to write a registry fix. It will be posted shortly.

Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\jbscyogw.exe
C:\WINDOWS\system32\ggf.exe
C:\WINDOWS\system32\gutfclrd.exe
C:\DOCUME~1\Slayer\xdkntevekill.bat
C:\WINDOWS\system32\xdknteve.exe
C:\WINDOWS\system32\cgdncaox.dll
C:\WINDOWS\system32\msgemkdu.dll
C:\WINDOWS\system32\sxbwslgv.exe
C:\WINDOWS\System32\cgdncaox.dll
C:\WINDOWS\System32\pobohgdk.dll
C:\WINDOWS\System32\arwlapwl.exe
C:\WINDOWS\System32\bgjcpcji.exe
C:\WINDOWS\System32\bmbqpkvy.exe
C:\WINDOWS\System32\cbqzidut.exe
C:\WINDOWS\System32\dkvwdapk.exe
C:\WINDOWS\System32\dkzelohy.exe
C:\WINDOWS\System32\dmjkdazs.exe
C:\WINDOWS\System32\dmzqrely.exe
C:\WINDOWS\System32\dybenetq.exe
C:\WINDOWS\System32\ebezizsn.exe
C:\WINDOWS\System32\epyngpar.exe
C:\WINDOWS\System32\eviholov.exe
C:\WINDOWS\System32\ezodefqf.exe
C:\WINDOWS\System32\fklcrqdm.exe
C:\WINDOWS\System32\fonyrgtk.exe
C:\WINDOWS\System32\fsjujszm.exe
C:\WINDOWS\System32\fuxqpchc.exe
C:\WINDOWS\System32\ulhrysdx.dll
C:\WINDOWS\System32\gpuzqrsn.exe
C:\WINDOWS\System32\gtabetsp.exe
C:\WINDOWS\System32\hmhuvwju.exe
C:\WINDOWS\System32\hmrezmtw.exe
C:\WINDOWS\System32\hynupatw.exe
C:\WINDOWS\System32\inqrqnal.exe
C:\WINDOWS\System32\ivybmvmb.exe
C:\WINDOWS\System32\ixevgdoz.exe
C:\WINDOWS\System32\j3241731.dll
C:\WINDOWS\System32\jgfunafq.exe
C:\WINDOWS\System32\jizkjcnw.exe
C:\WINDOWS\System32\jqlwdojk.exe
C:\WINDOWS\System32\jqpwvgjs.exe
C:\WINDOWS\System32\jsnoxiza.exe
C:\WINDOWS\System32\jyhadqly.exe
C:\WINDOWS\System32\kbglanyj.exe
C:\WINDOWS\System32\khofengf.exe
C:\WINDOWS\System32\knwlalqt.exe
C:\WINDOWS\System32\lcfidcns.exe
C:\WINDOWS\System32\lmjsjuni.exe
C:\WINDOWS\System32\mbypqbej.exe
C:\WINDOWS\System32\mfalmjaf.exe
C:\WINDOWS\System32\mfizgtez.exe
C:\WINDOWS\System32\mhijmvqd.exe
C:\WINDOWS\System32\mhoxwdyv.exe
C:\WINDOWS\System32\mlqvgzgb.exe
C:\WINDOWS\System32\mzsxszwd.exe
C:\Documents and Settings\All Users\Application Data\nebyzkdm.exe
C:\WINDOWS\System32\nydqjapo.exe
C:\WINDOWS\System32\obspotal.exe
C:\WINDOWS\System32\ojmnctax.exe
C:\WINDOWS\System32\olsfkdyz.exe
C:\WINDOWS\System32\otwdmfin.exe
C:\WINDOWS\System32\ovuvadgn.exe
C:\WINDOWS\System32\pcxihedu.exe
C:\WINDOWS\System32\pehcbcdy.exe
C:\WINDOWS\System32\pkbefaxc.exe
C:\WINDOWS\System32\pqnqfavi.exe
C:\WINDOWS\System32\pqxupqpu.exe
C:\WINDOWS\System32\qbclwdwp.exe
C:\WINDOWS\System32\qfsvajob.exe
C:\WINDOWS\System32\qjqnepgl.exe
C:\WINDOWS\System32\qjyjcdmn.exe
C:\WINDOWS\System32\qtqzaxql.exe
C:\WINDOWS\System32\qxajexcf.exe
C:\DOCUME~1\Slayer\MYDOCU~1\YMANTE~1
C:\WINDOWS\System32\ropmzork.exe
C:\WINDOWS\System32\rslkxgnm.exe
C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
C:\WINDOWS\System32\ruvsfglg.exe
C:\WINDOWS\System32\sjwpufex.exe
C:\WINDOWS\System32\spobozyf.exe
C:\WINDOWS\System32\srsxafsh.exe
C:\WINDOWS\System32\tcjspube.exe
C:\WINDOWS\System32\tghoboji.exe
C:\WINDOWS\System32\tqtghkbi.exe
C:\WINDOWS\System32\tsbqnybm.exe
C:\WINDOWS\System32\tudglytw.exe
C:\WINDOWS\System32\twpabuja.exe
C:\WINDOWS\System32\tytunopk.exe
C:\WINDOWS\System32\tyvubivk.exe
C:\WINDOWS\System32\unadgpgr.exe
C:\WINDOWS\System32\uvixwxon.exe
C:\WINDOWS\System32\uvkrujqn.exe
C:\WINDOWS\System32\wnkvazyp.exe
C:\WINDOWS\System32\wvuxqbkl.exe
C:\WINDOWS\System32\xmjmjcri.exe
C:\WINDOWS\System32\xspotslk.exe
C:\WINDOWS\System32\xulalydm.exe
C:\WINDOWS\System32\ylkryzqn.exe
C:\WINDOWS\System32\ylqzmjaz.exe
C:\WINDOWS\System32\ypelyvch.exe
C:\WINDOWS\System32\yrqpulih.exe
C:\WINDOWS\System32\ytepqhcp.exe
C:\WINDOWS\System32\zgjivwtc.exe
C:\WINDOWS\System32\zozgzcnm.exe
C:\WINDOWS\System32\zsvuruly.exe
C:\WINDOWS\System32\zwpiduzg.exe
C:\WINDOWS\System32\zybiloxk.exe

Return to OTMoveIt, right click on the “Paste List of Files/Folders to be moved” window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Microsoft files should then be back in the majority ;D

Please download ERUNT from here and back up your entire registry http://www.snapfiles.com/get/erunt.html

Having done that then please apply the registry fix below

REGISTRY FIX

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID{18C7DC10-D544-4398-8B09-7477CAAA896b}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID{18C7DC10-D544-4398-8B09-7477CAAA896b}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18C7DC10-D544-4398-8B09-7477CAAA896b}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkcv32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
“ApachInc”=-
“arwlapwl”=-
“bgjcpcji”=-
“bmbqpkvy”=-
“cbqzidut”=-
“dkvwdapk”=-
“dkzelohy”=-
“dmjkdazs”=-
“dmzqrely”=-
“dybenetq”=-
“ebezizsn”=-
“epyngpar”=-
“eviholov”=-
“ezodefqf”=-
“fklcrqdm”=-
“fonyrgtk”=-
“fsjujszm”=-
“fuxqpchc”=-
“GPLv3”=-
“gpuzqrsn”=-
“gtabetsp”=-
“hmhuvwju”=-
“hmrezmtw”=-
“hynupatw”=-
“inqrqnal”=-
“ivybmvmb”=-
“ixevgdoz”=-
“j3241731”=-
“jgfunafq”=-
“jizkjcnw”=-
“jqlwdojk”=-
“jqpwvgjs”=-
“jsnoxiza”=-
“jyhadqly”=-
“kbglanyj”=-
“khofengf”=-
“knwlalqt”=-
“lcfidcns”=-
“lmjsjuni”=-
“mbypqbej”=-
“mfalmjaf”=-
“mfizgtez”=-
“mhijmvqd”=-
“mhoxwdyv”=-
“mlqvgzgb”=-
“mzsxszwd”=-
“nebyzkdm.exe”=-
“nydqjapo”=-
“obspotal”=-
“ojmnctax”=-
“olsfkdyz”=-
“otwdmfin”=-
“ovuvadgn”
“pcxihedu”=-
“pehcbcdy”=-
“pkbefaxc”=-
“pqnqfavi”=-
“pqxupqpu”=-
“qbclwdwp”=-
“qfsvajob”=-
“qjqnepgl”=-
“qjyjcdmn”=-
“qtqzaxql”=-
“qxajexcf”=-
“Rooh”=-
“ropmzork”=-
“rslkxgnm”=-
“runner1”=-
“ruvsfglg”=-
“sjwpufex”=-
“spobozyf”=-
“srsxafsh”=-
“tcjspube”=-
“tghoboji”=-
“tqtghkbi”=-
“tsbqnybm”=-
“tudglytw”=-
“twpabuja”=-
“tytunopk”=-
“tyvubivk”=-
“unadgpgr”=-
“uvixwxon”=-
“uvkrujqn”=-
“wnkvazyp”=-
“wvuxqbkl”=-
“xmjmjcri”=-
“xspotslk”=-
“xulalydm”=-
“ylkryzqn”=-
“ylqzmjaz”=-
“ypelyvch”=-
“yrqpulih”=-
“ytepqhcp”=-
“yzytwxqt”=-
“zgjivwtc”=-
“zozgzcnm”=-
“zsvuruly”=-
“zwpiduzg”=-
“zybiloxk”=-

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop
http://img127.imageshack.us/img127/433/regtg8.jpg

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

I require the winpfind to destroy the other hidden elements not detected by combofix