Inactive [InActive] Do i have some kind of keylogger / malware

I have reason to think that someone has installed a keylogger or some sort of remote control malware on my computer.

Basically i left my notebook with someone who i know has pulled this trick before and has an axe to grind...


here is a copy of the Mui Reg cache

LangID = 09 04
@C:\WINDOWS\system32\netshell.dll,-1200 =
@C:\WINDOWS\system32\SHELL32.dll,-9319 =
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE =
C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE =
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE =
C:\WINDOWS\system32\NOTEPAD.EXE =
@C:\WINDOWS\system32\SHELL32.dll,-9216 =
@explorer.exe,-7023 = &Run...
@explorer.exe,-7020 = &Search
@explorer.exe,-7021 = &Help and Support
@xpsp1res.dll,-10077 = Set Program Access and Defaults
@shell32.dll,-21790 = My Music
@shell32.dll,-21779 = My Pictures
@C:\WINDOWS\system32\SHELL32.dll,-9227 =
C:\Program Files\MSN Messenger\msnmsngr.exe =
@explorer.exe,-7024 = Internet
@explorer.exe,-7025 = E-mail
C:\WINDOWS\Explorer.EXE =
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe =
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe =
@C:\WINDOWS\system32\rcbdyctl.dll,-152 =
@xpsp1res.dll,-11004 = Outlook Express
@C:\PROGRA~1\MOVIEM~1\wmm2res.dll,-61446 =
@shell32.dll,-21761 = Accessories
@shell32.dll,-21773 = Games
@shell32.dll,-21787 = Startup
@explorer.exe,-7000 = Opens a window where you can pick search options and work with search results.
@explorer.exe,-7003 = Opens a program, folder, document, or Web site.
@shell32.dll,-12710 = &Run
@shell32.dll,-31233 = File and Folder Tasks
@shell32.dll,-31236 = Make a new folder
@shell32.dll,-31260 = Publish this folder to the Web
@shell32.dll,-31374 = Share this folder
@shell32.dll,-31272 = Other Places
@shell32.dll,-21785 = Shared Documents
@shell32.dll,-31274 = Details
@shell32.dll,-31249 = Transfers copies of the selected items to a public Web page so that you can share them with other people.
@shell32.dll,-31234 = These tasks apply to the files and folders you select.
@shell32.dll,-31242 = Rename this file
@shell32.dll,-31244 = Move this file
@shell32.dll,-31246 = Copy this file
@shell32.dll,-31248 = Publish this file to the Web
@shell32.dll,-31370 = E-mail this file
@shell32.dll,-31252 = Delete this file
@xpsp2res.dll,-6100 = Show Desktop
@C:\WINDOWS\system32\SHELL32.dll,-8964 =
@shell32.dll,-22017 = Address Book
@shell32.dll,-22051 = Notepad
@C:\WINDOWS\system32\tourstart.exe,-1 =
@shell32.dll,-22041 = Magnifier
@shell32.dll,-22048 = Narrator
@shell32.dll,-22052 = On-Screen Keyboard
@shell32.dll,-22065 = Utility Manager
@shell32.dll,-22019 = Calculator
@shell32.dll,-22054 = Paint
@shell32.dll,-22069 = WordPad
@shell32.dll,-22016 = Accessibility Wizard
@shell32.dll,-22031 = HyperTerminal
@C:\WINDOWS\system32\mstsc.exe,-4000 =
@shell32.dll,-22061 = Sound Recorder
@shell32.dll,-22018 = Backup
@shell32.dll,-22021 = Character Map
@shell32.dll,-22026 = Disk Cleanup
@shell32.dll,-22027 = Disk Defragmenter
@C:\WINDOWS\system32\usmt\migwiz.exe,-202 =
@shell32.dll,-22063 = System Information
@C:\WINDOWS\system32\restore\rstrui.exe,-2048 =
@C:\WINDOWS\system32\comres.dll,-661 =
@shell32.dll,-22023 = Computer Management
@shell32.dll,-22025 = Data Sources (ODBC)
@shell32.dll,-22029 = Event Viewer
@shell32.dll,-22040 = Local Security Policy
@shell32.dll,-22055 = Performance
@shell32.dll,-22059 = Services
@shell32.dll,-22030 = FreeCell
@C:\WINDOWS\system32\mshearts.exe,-413 =
@C:\PROGRA~1\MSNGAM~1\Windows\bckgres.dll,-1212 =
@C:\PROGRA~1\MSNGAM~1\Windows\chkrres.dll,-1212 =
@C:\PROGRA~1\MSNGAM~1\Windows\hrtzres.dll,-1212 =
@C:\PROGRA~1\MSNGAM~1\Windows\rvseres.dll,-1212 =
@C:\PROGRA~1\MSNGAM~1\Windows\shvlres.dll,-1212 =
@shell32.dll,-22045 = Minesweeper
@shell32.dll,-22057 = Pinball
@shell32.dll,-22060 = Solitaire
@C:\WINDOWS\system32\spider.exe,-56 =
@shell32.dll,-21772 = Entertainment
@shell32.dll,-21760 = Accessibility
@C:\WINDOWS\system32\compatUI.dll,-115 =
@shell32.dll,-22067 = Windows Explorer
@shell32.dll,-21762 = Administrative Tools
@shell32.dll,-21788 = System Tools
@shell32.dll,-21768 = Communications
@C:\WINDOWS\system32\netshell.dll,-1010 =
@C:\WINDOWS\System32\xpsp2res.dll,-16201 =
@C:\WINDOWS\system32\hnetwiz.dll,-3085 =
@shell32.dll,-22066 = Volume Control
@shell32.dll,-22058 = Scheduled Tasks
@C:\WINDOWS\System32\xpsp2res.dll,-6103 =
C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE =
C:\Program Files\Microsoft Office\OFFICE11\INFOPATH.EXE =
C:\WINDOWS\system32\shell32.dll =
@C:\WINDOWS\system32\msxml3r.dll,-1 =
C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe =
C:\Program Files\Mozilla Firefox\firefox.exe =
C:\Program Files\Internet Explorer\IEXPLORE.EXE =
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe =
C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE =
C:\WINDOWS\system32\mspaint.exe =
C:\PROGRA~1\MICROS~1\OFFICE11\OIS.EXE =
C:\WINDOWS\system32\shimgvw.dll =
C:\Program Files\VideoLAN\VLC\vlc.exe =
C:\Program Files\Winamp\Winamp.exe =
C:\Program Files\WinRAR\WinRAR.exe =
C:\Program Files\Windows Media Player\wmplayer.exe =
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE =
@shell32.dll,-21791 = My Videos
@C:\WINDOWS\system32\SHELL32.dll,-22914 =
@C:\WINDOWS\system32\notepad.exe,-469 =
@shell32.dll,-31254 = Rename this folder
@shell32.dll,-31256 = Move this folder
@shell32.dll,-31258 = Copy this folder
@shell32.dll,-31380 = E-mail this folder's files
@shell32.dll,-31262 = Delete this folder
@C:\WINDOWS\system32\accwiz.exe,-16 =
@C:\WINDOWS\inf\unregmp2.exe,-9903 =
@C:\WINDOWS\system32\SHELL32.dll,-22978 =
@C:\WINDOWS\System32\ntbackup.exe,-40 =
@C:\WINDOWS\System32\pdh.dll,-10023 =
@C:\WINDOWS\system32\shimgvw.dll,-304 =
@C:\WINDOWS\System32\cryptext.dll,-6145 =
@C:\WINDOWS\System32\cryptext.dll,-6108 =
@C:\WINDOWS\System32\cryptext.dll,-6110 =
@C:\WINDOWS\system32\netshell.dll,-1300 =
@C:\WINDOWS\inf\unregmp2.exe,-9927 =
@C:\WINDOWS\system32\shimgvw.dll,-301 =
@C:\WINDOWS\system32\shimgvw.dll,-302 =
@C:\WINDOWS\System32\setupapi.dll,-2000 =
@C:\Program Files\Internet Explorer\Connection Wizard\icwres.dll,-20003 =
@C:\WINDOWS\system32\shimgvw.dll,-303 =
@C:\WINDOWS\System32\wshext.dll,-4804 =
@C:\WINDOWS\System32\wshext.dll,-4805 =
@C:\WINDOWS\inf\unregmp2.exe,-9902 =
@C:\WINDOWS\system32\mmcbase.dll,-130 =
@C:\WINDOWS\System32\msi.dll,-34 =
@C:\WINDOWS\System32\msi.dll,-35 =
@C:\WINDOWS\System32\RCBdyctl.dll,-150 =
@C:\Program Files\Movie Maker\wmm2res.dll,-63097 =
@C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll,-391 =
@C:\WINDOWS\System32\cryptext.dll,-6111 =
@C:\WINDOWS\System32\cryptext.dll,-6113 =
@C:\WINDOWS\system32\shimgvw.dll,-305 =
@C:\WINDOWS\System32\scrobj.dll,-8192 =
@C:\WINDOWS\system32\shscrap.dll,-258 =
@C:\WINDOWS\System32\cryptext.dll,-6112 =
@C:\WINDOWS\System32\cryptext.dll,-6109 =
@C:\WINDOWS\System32\wshext.dll,-4803 =
@C:\WINDOWS\System32\wshext.dll,-4802 =
@C:\WINDOWS\inf\unregmp2.exe,-9911 =
@C:\WINDOWS\inf\unregmp2.exe,-9909 =
@C:\WINDOWS\inf\unregmp2.exe,-9920 =
@C:\WINDOWS\system32\shimgvw.dll,-307 =
@C:\WINDOWS\inf\unregmp2.exe,-9915 =
@C:\WINDOWS\inf\unregmp2.exe,-9910 =
@C:\WINDOWS\inf\unregmp2.exe,-9916 =
@C:\WINDOWS\inf\unregmp2.exe,-9923 =
@ "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ",-208 =
@C:\WINDOWS\System32\wshext.dll,-4801 =
@C:\WINDOWS\System32\wshext.dll,-4800 =
@C:\WINDOWS\inf\unregmp2.exe,-9913 =
@C:\WINDOWS\system32\msxml3r.dll,-2 =
@C:\WINDOWS\ime\sptip.dll,-600 =
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe =
C:\WINDOWS\system32\rundll32.exe =
C:\WINDOWS\system32\igfxtray.exe =
C:\WINDOWS\system32\NeroCheck.exe =
C:\WINDOWS\system32\Ati2mdxx.exe =
C:\WINDOWS\system32\atiptaxx.exe =
C:\PROGRA~1\AVG\AVG8\avgtray.exe =
C:\Program Files\Java\jre6\bin\jusched.exe =
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe =
C:\WINDOWS\system32\ctfmon.exe =
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\..\..\..\..\bin\jqsnotify.exe =
@shell32.dll,-12691 = My Recent Documents
C:\WINDOWS\system32\taskmgr.exe =
C:\WINDOWS\system32\SNDVOL32.EXE =
@explorer.exe,-7005 = Opens your e-mail program so you can send or read a message.
@shell32.dll,-31275 = This section displays the size, file type, and other information about a selected item.
@C:\WINDOWS\system32\SHELL32.dll,-8503 =
@C:\WINDOWS\system32\mycomput.dll,-400 =
@shell32.dll,-31232 = System Tasks
@shell32.dll,-31294 = View system information
@shell32.dll,-31327 = Add or remove programs
@shell32.dll,-31312 = Change a setting
@C:\WINDOWS\system32\SHELL32.dll,-22913 =
@shell32.dll,-21792 = %s's Documents
@shell32.dll,-31375 = Makes the selected folder available to computers on a network so that other people can view it.
@shell32.dll,-31343 = Network Tasks
@shell32.dll,-31347 = Add a network place
@shell32.dll,-31345 = View network connections
@shell32.dll,-31349 = Set up a home or small office network
@xpsp2res.dll,-6127 = Set up a wireless network for a home or small office
@shell32.dll,-31351 = View workgroup computers
@xpsp2res.dll,-6120 = Show icons for networked UPnP devices
@shell32.dll,-31291 = These tasks apply to your computer or the selected hardware device.
@shell32.dll,-31317 = System Tasks
@shell32.dll,-31321 = Hide the contents of this drive
@shell32.dll,-31292 = Search for files or folders
@shell32.dll,-21786 = Start Menu
@shell32.dll,-12693 = Favorites
@shell32.dll,-21765 = Application Data
@shell32.dll,-21795 = %s's Videos
@shell32.dll,-21794 = %s's Music
@shell32.dll,-21793 = %s's Pictures
@shell32.dll,-31276 = Music Tasks
@shell32.dll,-31278 = Play all
@xpsp3res.dll,-3000 = Shop for music online
@xpsp3res.dll,-3001 = Connects you to a Web site where you can find and purchase music.
@%SystemRoot%\inf\unregmp2.exe,-155 =
@C:\WINDOWS\system32\SHELL32.dll,-22915 =
@C:\WINDOWS\system32\SHELL32.dll,-12695 =
@Shell32.dll,-12688 = Contains digital photos, images, and graphic files.
@shell32.dll,-31279 = Play selection
@shell32.dll,-31264 = Move the selected items
@shell32.dll,-31266 = Copy the selected items
@shell32.dll,-31362 = E-mail the selected items
@shell32.dll,-31270 = Delete the selected items
@Shell32.dll,-12689 = Contains music and other audio files.
@shell32.dll,-31268 = Publish the selected items to the Web
@netcfgx.dll,-50002 = Allows your computer to access resources on a Microsoft network.
@netcfgx.dll,-50003 = Allows other computers to access resources on your computer using a Microsoft network.
@netcfgx.dll,-50015 = Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services.
@netcfgx.dll,-50001 = Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@%SystemRoot%\system32\shell32.dll,-22563 =
@shell32.dll,-31273 = These links open other folders and take you quickly to useful places.
@shell32.dll,-31283 = Picture Tasks
@shell32.dll,-31287 = View as a slide show
@shell32.dll,-31313 = Order prints online
@shell32.dll,-31391 = Print pictures
@shell32.dll,-31284 = These tasks apply to the picture files and folders you select.
@shell32.dll,-31390 = Print this picture
@shell32.dll,-31399 = Shop for pictures online
@shell32.dll,-28997 = Shared Pictures
@shell32.dll,-31277 = These tasks apply to the music files and folders you select.
@shell32.dll,-31250 = Print this file
@explorer.exe,-7004 = Opens your Internet browser.
@shell32.dll,-12704 = Internet P&roperties
@shell32.dll,-12705 = &Browse the Internet
@C:\WINDOWS\system32\SHELL32.dll,-12696 =
@netshell.dll,-1501 = Network Tasks
@xpsp2res.dll,-150 = Change Windows Firewall settings
@netshell.dll,-1503 = See Also
@netshell.dll,-1525 = Network Troubleshooter
@C:\WINDOWS\system32\netshell.dll,-1201 =
C:\WINDOWS\system32\wuauclt.exe =
C:\Program Files\Common Files\Adobe\Web\AOM.exe =
@%SystemRoot%\system32\usmt\migwiz.exe,-203 =
@C:\WINDOWS\system32\SHELL32.dll,-31361 =
@shell32.dll,-31245 = Moves the selected items to a place you choose.
@shell32.dll,-31253 = Moves the selected items to the Recycle Bin. If you want to recover them later, go to the Recycle Bin.
@xpsp3res.dll,-20000 = Network Diagnostics for Windows XP
C:\Program Files\Skype\Phone\Skype.exe =
@shell32.dll,-31237 = Creates a new, empty folder in the folder you have open.
@shell32.dll,-31243 = Gives this file or folder a new label that you type for it.
@shell32.dll,-31247 = Copies the selected items to a place you choose.
@shell32.dll,-31325 = Hide the contents of this folder
@shell32.dll,-31396 = Video Tasks
C:\Documents and Settings\Oil\Local Settings\Temporary Internet Files\Content.IE5\F71UXHP3\viewtubesoftware.40016[1].exe =
C:\WINDOWS\system32\cmd.exe =
C:\WINDOWS\system32\D0mdXOul.exe =
C:\Documents and Settings\Oil\Desktop\InstallAVg_881001.exe =
C:\Program Files\A360\av360.exe =
@shell32.dll,-21782 = Programs
@C:\WINDOWS\system32\SHELL32.dll,-32517 =
@C:\WINDOWS\system32\audiodev.dll,-510 =
@C:\WINDOWS\system32\SHELL32.dll,-22985 =
@C:\WINDOWS\system32\SHELL32.dll,-22981 =
@C:\WINDOWS\system32\SHELL32.dll,-22982 =
@C:\WINDOWS\system32\mstask.dll,-3408 =
@C:\WINDOWS\system32\wiashext.dll,-331 =
@xpob2res.dll,-41519 = Windows Messenger
C:\Program Files\Trojan Remover\Trjscan.exe =
@shell32.dll,-31329 = Recycle Bin Tasks
@shell32.dll,-31331 = Empty the Recycle Bin
@shell32.dll,-31333 = Restore all items
@shell32.dll,-31335 = Restore the selected items
@shell32.dll,-31334 = Restore this item
@shell32.dll,-31336 = Moves the selected items to the places they were before they were put in the Recycle Bin.
@shell32.dll,-31332 = Permanently removes all items in the Recycle Bin and frees up disk space.
@C:\WINDOWS\system32\audiodev.dll,-51 =
@mmsys.cpl,-5856 = Windows
@mmsys.cpl,-5824 = Default Beep
@mmsys.cpl,-5825 = Program error
@mmsys.cpl,-5826 = Close program
@mmsys.cpl,-5827 = Critical Battery Alarm
@mmsys.cpl,-5828 = Device Connect
@mmsys.cpl,-5829 = Device Disconnect
@mmsys.cpl,-5830 = Device Failed to Connect
@mmsys.cpl,-5832 = Low Battery Alarm
@mmsys.cpl,-5837 = New Mail Notification
@mmsys.cpl,-5833 = Maximize
@mmsys.cpl,-5834 = Menu command
@mmsys.cpl,-5835 = Menu popup
@mmsys.cpl,-5836 = Minimize
@mmsys.cpl,-5839 = Open program
@mmsys.cpl,-5840 = Print Complete
@mmsys.cpl,-5841 = Restore Down
@mmsys.cpl,-5842 = Restore Up
@mmsys.cpl,-5843 = Asterisk
@mmsys.cpl,-5845 = Exclamation
@mmsys.cpl,-5846 = Exit Windows
@mmsys.cpl,-5847 = Critical Stop
@mmsys.cpl,-5848 = System Notification
@mmsys.cpl,-5849 = Question
@mmsys.cpl,-5850 = Start Windows
@mmsys.cpl,-5852 = Windows Logoff
@mmsys.cpl,-5853 = Windows Logon
@mmsys.cpl,-5854 = Windows Explorer
@mmsys.cpl,-5831 = Empty Recycle Bin
@mmsys.cpl,-5838 = Start Navigation
@ "xpob2res.dll ",-41583 = Contact Online
@ "xpob2res.dll ",-41585 = New Alert
@ "xpob2res.dll ",-41586 = New Mail
@ "xpob2res.dll ",-41584 = New Message
@C:\WINDOWS\system32\main.cpl,-2000 =
@shell32.dll,-31366 = Results Tasks
@C:\WINDOWS\system32\SHELL32.dll,-30520 =
@C:\WINDOWS\System32\icmui.dll,-45 =
@C:\WINDOWS\System32\cryptext.dll,-6148 =
@C:\WINDOWS\inf\unregmp2.exe,-9924 =
C:\Program Files\uTorrent\uTorrent.exe =
C:\Program Files\Trojan Remover\sschk.exe =
E:\G-202.exe =
@shell32.dll,-31322 = Hides the files and folders stored on this drive to protect them from being changed or deleted.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe =
@shimgvw.dll,-550 = Pre&view
@shell32.dll,-31397 = These tasks apply to the video files and folders you select.
@shell32.dll,-31398 = Plays all or the selected video files in this folder.
@shell32.dll,-21774 = Local Settings
@sendmail.dll,-4 = Mail Recipient
@sendmail.dll,-21 = Desktop (create shortcut)
@zipfldr.dll,-10148 = Compressed (zipped) Folder
@shell32.dll,-28995 = Shared Music
@shell32.dll,-28996 = Shared Video
@C:\WINDOWS\inf\unregmp2.exe,-162 =
@xpsp1res.dll,-11001 = Internet Explorer
@shell32.dll,-22022 = Command Prompt
@shell32.dll,-22062 = Synchronize
@shell32.dll,-31368 = Open the folder that contains this item
@shell32.dll,-31361 = Provides options for you to customize the appearance and functionality of your computer.
@shell32.dll,-31328 = Provides the steps necessary to add a new program, or to change or remove an existing program.
@xpsp1res.dll,-11003 = Launch Internet Explorer Browser
C:\Program Files\AVG\AVG8\avgcfgex.exe =
C:\Documents and Settings\Oil\Desktop\pwdisco22\PasswordDiscoverySetup.exe =
C:\DOCUME~1\Oil\LOCALS~1\Temp\is-HPGJV.tmp\is-2V3DA.tmp =
C:\Program Files\Password Discovery\PwDisco.exe =
C:\Documents and Settings\Oil\Local Settings\Temp\Messpass_v1\Messpass_v1\Messpass Stealer v1.8.9.exe =
C:\Documents and Settings\Oil\Desktop\Client.exe =
C:\WINDOWS\system32\zipfldr.dll =
C:\Program Files\Mozilla Firefox\crashreporter.exe =
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe =
C:\Program Files\Index.dat Analyzer\index.exe =
C:\Program Files\Password Discovery\unins000.exe =
C:\DOCUME~1\Oil\LOCALS~1\Temp\_iu14D2N.tmp =
@shell32.dll,-31293 = The Search Companion helps you find files, folders, printers, and people.
C:\Program Files\Wipe\wipe.exe =



whats all this publishing to web stuff?


thanks for any help guys


H

 

DDS (Ver_09-03-16.01) - FAT32x86
Run by Oil at 11:53:10.21 on Sat 03/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.255.41 [GMT -12:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Oil\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://th.msn.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61008
mDefault_Page_URL = hxxp://th.msn.com
mStart Page = hxxp://th.msn.com
uURLSearchHooks: H - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236527522293
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236527237854
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\oil\applic~1\mozilla\firefox\profiles\udbhwttm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-18 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-18 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-18 107272]
S2 AKEProtect;AKEProtect;\??\c:\program files\anti keylogger elite\akeprotect.sys --> c:\program files\anti keylogger elite\AKEProtect.sys [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]

=============== Created Last 30 ================

2009-03-28 10:55 <DIR> --d----- c:\docume~1\oil\applic~1\WIPE
2009-03-28 09:26 <DIR> --d----- c:\docume~1\oil\applic~1\Systenance
2009-03-28 05:57 <DIR> --d----- c:\program files\Camfrog
2009-03-28 03:04 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-27 17:30 <DIR> --dsh--- C:\FOUND.007
2009-03-23 19:38 <DIR> --d----- c:\documents and settings\oil\Tracing
2009-03-23 01:54 <DIR> --d----- c:\program files\LimeWire
2009-03-23 01:29 <DIR> --d----- c:\program files\Microsoft
2009-03-23 01:27 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-23 01:14 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-22 14:24 <DIR> --dsh--- C:\FOUND.006
2009-03-21 02:42 268 a---h--- C:\sqmdata06.sqm
2009-03-21 02:42 244 a---h--- C:\sqmnoopt06.sqm
2009-03-21 02:20 <DIR> --dsh--- C:\FOUND.005
2009-03-20 20:02 268 a---h--- C:\sqmdata05.sqm
2009-03-20 20:02 244 a---h--- C:\sqmnoopt05.sqm
2009-03-15 15:47 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-03-15 15:47 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-03-15 15:47 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-03-15 15:47 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-03-15 15:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-03-15 15:47 <DIR> --d----- c:\program files\Trojan Remover
2009-03-14 20:33 0 a------- c:\windows\system32\D0mdXOul.exe.a_a
2009-03-13 23:24 <DIR> --dsh--- C:\FOUND.004
2009-03-12 09:15 144,896 -------- c:\windows\system32\dllcache\schannel.dll
2009-03-10 04:06 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-10 04:06 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-10 04:06 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-03-10 04:06 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-03-10 04:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-10 04:05 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-10 04:05 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-10 04:05 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-10 04:05 6,066,688 -------- c:\windows\system32\dllcache\ieframe.dll
2009-03-09 13:08 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-03-09 06:13 138,496 -------- c:\windows\system32\dllcache\afd.sys
2009-03-09 06:13 361,600 -------- c:\windows\system32\dllcache\tcpip.sys
2009-03-09 06:13 225,856 -------- c:\windows\system32\dllcache\tcpip6.sys
2009-03-09 06:13 245,248 -------- c:\windows\system32\dllcache\mswsock.dll
2009-03-09 06:13 147,968 -------- c:\windows\system32\dllcache\dnsapi.dll
2009-03-09 06:12 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-09 06:12 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-03-09 06:12 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-09 06:11 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-09 06:11 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-09 06:11 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-09 06:11 2,330,624 -------- c:\windows\system32\dllcache\WMVCore.dll
2009-03-09 06:10 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-03-09 06:10 90,112 -------- c:\windows\system32\dllcache\wshext.dll
2009-03-09 06:10 172,032 -------- c:\windows\system32\dllcache\scrrun.dll
2009-03-09 06:10 180,224 -------- c:\windows\system32\dllcache\scrobj.dll
2009-03-09 06:10 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-03-09 06:10 430,080 -------- c:\windows\system32\dllcache\vbscript.dll
2009-03-09 06:10 155,648 -------- c:\windows\system32\dllcache\wscript.exe
2009-03-09 06:10 135,168 -------- c:\windows\system32\dllcache\cscript.exe
2009-03-09 06:10 1,288,192 -------- c:\windows\system32\dllcache\quartz.dll
2009-03-09 06:09 253,952 -------- c:\windows\system32\dllcache\es.dll
2009-03-09 06:09 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-03-09 06:09 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-09 06:09 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-03-09 06:09 74,240 -------- c:\windows\system32\dllcache\mscms.dll
2009-03-09 06:08 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-03-09 06:08 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2009-03-09 06:08 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-03-09 06:07 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-03-09 06:07 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-03-08 12:21 <DIR> --d----- c:\windows\system32\xircom
2009-03-08 09:08 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2009-03-08 09:08 79,872 -------- c:\windows\system32\dllcache\msxml6r.dll
2009-03-08 09:08 102,912 -------- c:\windows\system32\dllcache\dpcdll.dll
2009-03-08 09:08 46,592 -------- c:\windows\system32\drivers\irbus.sys
2009-03-08 09:08 9,728 -------- c:\windows\system32\comsdupd.exe
2009-03-08 09:08 10,752 -------- c:\windows\system32\smtpapi.dll
2009-03-08 09:08 9,728 -------- c:\windows\system32\rwnh.dll
2009-03-08 08:59 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-08 08:53 19,569 a------- c:\windows\002619_.tmp
2009-03-08 04:50 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-08 04:50 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-08 03:55 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-03-08 03:55 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-03-08 03:55 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-03-08 03:55 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-08 03:55 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-08 03:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zenturi
2009-03-07 10:06 <DIR> --dsh--- C:\FOUND.003
2009-03-07 06:35 116 a------- c:\windows\wininit.ini
2009-03-07 02:48 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-07 00:38 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-07 00:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-06 17:51 19,043 a---h--- c:\windows\system32\ATMenuxx.GID
2009-03-06 11:27 139,264 a------- c:\windows\system32\hde.dll
2009-03-06 11:27 <DIR> --d----- c:\program files\gomysoft
2009-03-06 09:04 <DIR> --d----- c:\windows\Internet Logs
2009-03-06 07:24 1,706,800 a------- c:\windows\system32\gdiplus.dll
2009-03-06 07:24 <DIR> --d----- c:\program files\PSK
2009-03-06 02:13 309 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-03-06 02:13 <DIR> --d----- c:\program files\Crawler
2009-03-04 04:55 268 a---h--- C:\sqmdata04.sqm
2009-03-04 04:55 244 a---h--- C:\sqmnoopt04.sqm
2009-03-02 17:07 244 a---h--- C:\sqmnoopt03.sqm
2009-03-02 17:07 232 a---h--- C:\sqmdata03.sqm
2009-03-01 23:31 <DIR> --dsh--- C:\FOUND.002
2009-02-28 15:13 <DIR> --d----- c:\docume~1\oil\applic~1\WinPatrol
2009-02-28 12:28 <DIR> --d----- c:\program files\RegCleaner
2009-02-28 12:26 69 a------- c:\windows\RunSC.bat
2009-02-28 12:25 1,384,479 a------- c:\windows\system32\msvbvm60.dll
2009-02-28 12:25 203,976 a------- c:\windows\system32\richtx32.ocx
2009-02-28 12:25 132,880 a------- c:\windows\system32\msinet.ocx
2009-02-28 12:25 <DIR> --d----- c:\program files\SmartScan
2009-02-28 11:36 <DIR> --d----- c:\program files\BillP Studios
2009-02-28 03:00 609,824 a------- c:\windows\system32\Comctl32.ocx
2009-02-28 03:00 219,136 a------- c:\windows\sqlite3_engine.dll
2009-02-28 03:00 139,776 a------- c:\windows\system32\dhSQLite.dll
2009-02-28 03:00 <DIR> --d----- c:\program files\Wipe
2009-02-28 02:56 766 a------- c:\windows\win98Logo.ico
2009-02-28 02:56 <DIR> --d----- c:\program files\Camtech
2009-02-28 02:51 209,408 a------- c:\windows\system32\Tabctl32.ocx
2009-02-28 02:51 <DIR> --d----- c:\program files\Privacy Patrol
2009-02-28 02:26 <DIR> --d----- c:\program files\Internet Disk Cleaner
2009-02-28 01:10 152,848 a------- c:\windows\system32\COMDLG32.OCX
2009-02-28 00:29 <DIR> --d----- c:\program files\Index.dat Analyzer

==================== Find3M ====================

2009-03-28 03:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 09:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-18 01:36 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-18 01:36 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-18 01:36 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-09 06:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-08 23:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll

============= FINISH: 11:56:10.79 ===============

 

Hi hayabusauk
Welcome to WindowsBBS
Sorry for the delay.

Please do this.

Download RootRepeal.zip to your Desktop.

• Extract the compressed file to it's own folder.
• Open the folder and doubleclick on RootRepeal.exe to run it.
• Click on the Report tab, and then click on: Scan
• A window opens asking what to include in the scan.
• Check the following boxes then click OK:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• You will then be asked which drive to scan.
• Check C: (or the drive your operating system is installed on, if not C)
• Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here

Thanks
Geri