Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Malware bytes detecting Backdoor bot?

  1. #1
    Junior Member
    Join Date
    Dec 2009
    Posts
    9

    Default

    Hello all,

    I ran MBAM today and it showed I'd been infected by 'Backdoor.Bot'. I used the 'remove' option in MBAM and restarted, I then ran MBAM again and its still showing up, I've now 'remove(d)' it four times. I now don't know whether my PC is clear or not, but I suppose not. I also went into msconfig and disabled the item I think it is 'tsnp2std'.

    Would be very grateful for any assistance at all.

    Thanks,

    Jinky.

    Can't edit post, but I thought this would help:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:10:54, on 02/12/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18319)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\WINDOWS\system32\winsys32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\WINDOWS\system32\winsys32.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" *
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" * (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" * (User 'Default user')
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Windows Server Checksum Service (WSIVS) - Unknown owner - C:\WINDOWS\system32\winsys32.exe

    --
    End of file - 9569 bytes

    Jinky.
    ====================
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Last edited by tashi; 2009-12-02 at 19:57. Reason: Merged two posts, provided link to forum FAQ

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Hi Jinky

    One or more of the identified infections is a backdoor trojan.

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

    We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

    Should you have any questions, please feel free to ask.

    Please let us know what you have decided to do in your next post
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Dec 2009
    Posts
    9

    Default

    I would like to try and clean the machine, as its my main machine. I would be grateful of any help/information you could give me.

    Thanks for the help so far.

    Jinky.

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    http://www.bleepingcomputer.com/comb...o-use-combofix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    If you need help to disable your protection programs see here.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Dec 2009
    Posts
    9

    Default

    Combo fix log:

    ComboFix 09-12-06.A3 - Jinky 07/12/2009 18:41.1.4 - x86
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.3326.2107 [GMT 0:00]
    Running from: c:\users\Jinky\Downloads\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_WSIVS


    ((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
    .

    2009-12-07 18:49 . 2009-12-07 18:53 -------- d-----w- c:\users\Jinky\AppData\Local\temp
    2009-12-07 18:49 . 2009-12-07 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-07 16:22 . 2007-12-30 05:01 307200 ----a-w- c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
    2009-12-07 16:22 . 2007-12-30 05:01 172032 ----a-w- c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
    2009-12-07 16:22 . 2007-12-30 05:01 90112 ----a-w- c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    2009-12-02 18:10 . 2009-12-02 18:10 -------- d-----w- c:\program files\Trend Micro
    2009-12-02 17:28 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-12-02 17:28 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-12-02 17:28 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-12-02 17:28 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-12-02 17:28 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-12-02 17:28 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
    2009-12-02 17:28 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-12-02 17:28 . 2009-12-02 17:28 -------- d-----w- c:\program files\Alwil Software
    2009-12-02 17:28 . 2009-12-02 17:38 -------- d-----w- c:\users\Jinky\AppData\Roaming\QuickScan
    2009-12-02 17:27 . 2009-11-26 17:39 678912 ----a-w- c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    2009-12-02 17:27 . 2009-11-26 17:37 768512 ----a-w- c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2009-11-28 22:36 . 2009-12-02 01:20 4096 d-----w- c:\windows\iSlim310
    2009-11-28 22:36 . 2004-08-09 17:43 94208 ----a-w- c:\windows\AMCap.exe
    2009-11-27 15:01 . 2009-11-27 15:02 -------- d-----w- c:\program files\ZD Soft
    2009-11-26 14:27 . 2009-11-26 14:27 552 ----a-w- c:\users\Jinky\AppData\Local\d3d8caps.dat
    2009-11-26 10:18 . 2009-05-18 14:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-11-26 10:18 . 2008-04-17 13:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-11-26 10:17 . 2009-11-26 10:17 -------- d-----w- c:\program files\iPod
    2009-11-26 10:17 . 2009-11-26 10:18 4096 d-----w- c:\program files\iTunes
    2009-11-26 03:01 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-11-25 14:13 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
    2009-11-25 14:13 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
    2009-11-25 00:32 . 2009-11-25 00:31 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-25 00:31 . 2009-11-25 00:31 -------- d-----w- c:\program files\Java
    2009-11-23 22:03 . 2009-11-23 22:03 -------- d-----w- c:\users\Jinky\AppData\Local\Matt_Chambers
    2009-11-23 20:28 . 2009-11-12 06:46 66048 --sh--r- c:\windows\system32\winsys32.exe
    2009-11-23 08:03 . 2009-11-23 08:03 -------- d-----w- c:\users\Jinky\AppData\Roaming\Orangeline Interactive
    2009-11-23 08:03 . 2009-11-23 08:03 -------- d-----w- c:\users\Jinky\AppData\Local\Orangeline_Interactive
    2009-11-23 08:03 . 2009-11-23 08:03 4096 d-----w- c:\program files\Citrus Alarm Clock
    2009-11-22 22:32 . 2009-11-22 22:32 20640 ------w- c:\windows\system32\drivers\PxHelp20.sys
    2009-11-22 22:32 . 2009-11-22 22:32 109568 ------w- c:\windows\system32\pxinsi64.exe
    2009-11-22 22:32 . 2009-11-22 22:32 108544 ------w- c:\windows\system32\pxcpyi64.exe
    2009-11-22 22:19 . 2009-11-22 22:19 -------- d-----w- c:\users\Jinky\AppData\Local\TechSmith
    2009-11-22 22:18 . 2007-07-12 04:54 107864 ----a-w- c:\windows\system32\tsccvid.dll
    2009-11-22 22:18 . 2009-11-22 22:18 -------- d-----w- c:\windows\system32\QuickTime
    2009-11-22 22:18 . 2009-11-22 22:18 -------- d-----w- c:\programdata\TechSmith
    2009-11-22 22:18 . 2009-11-22 22:18 -------- d-----w- c:\windows\system32\Flash
    2009-11-22 22:18 . 2009-11-22 22:18 -------- d-----w- c:\program files\TechSmith
    2009-11-17 16:21 . 2009-11-17 16:21 -------- d-----w- c:\programdata\ATI
    2009-11-17 16:14 . 2009-11-17 16:14 10134 ----a-r- c:\users\Jinky\AppData\Roaming\Microsoft\Installer\{2573A5FB-0352-4B85-E948-10FFCDD28731}\ARPPRODUCTICON.exe
    2009-11-17 16:13 . 2009-11-17 16:13 -------- d-----w- C:\ATI
    2009-11-17 10:44 . 2009-11-17 10:44 -------- d-----w- c:\programdata\WindowsSearch
    2009-11-17 03:08 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-11-17 03:08 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2009-11-17 03:08 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-11-17 03:08 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
    2009-11-17 03:08 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
    2009-11-17 03:08 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2009-11-17 03:08 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-11-17 03:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
    2009-11-17 03:03 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2009-11-17 03:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
    2009-11-17 03:03 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
    2009-11-17 03:03 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
    2009-11-17 01:43 . 2009-12-02 05:27 8192 d-----w- C:\Warhammer Online - Age of Reckoning
    2009-11-17 01:39 . 2009-11-17 01:39 262144 ----a-w- c:\users\NTUser.dat
    2009-11-17 01:39 . 2009-08-25 18:01 28672 ----a-w- c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
    2009-11-17 01:39 . 2009-11-17 01:39 8192 d-----w- c:\program files\Download Express
    2009-11-17 01:39 . 2009-11-17 01:39 -------- d-----w- c:\users\Jinky\AppData\Roaming\MetaProducts
    2009-11-16 17:37 . 2009-12-05 15:55 -------- d-----w- c:\users\Jinky\AppData\Roaming\DMCache
    2009-11-16 17:37 . 2009-11-16 17:42 4096 d-----w- c:\users\Jinky\AppData\Roaming\IDM
    2009-11-16 17:37 . 2009-11-16 17:37 198064 ----a-w- c:\users\Jinky\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    2009-11-16 17:37 . 2009-11-16 17:37 4096 d-----w- c:\program files\Internet Download Manager
    2009-11-16 17:30 . 2009-11-16 17:30 -------- d-----w- c:\users\Jinky\AppData\Roaming\Malwarebytes
    2009-11-16 17:30 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-16 17:30 . 2009-11-16 17:30 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-16 17:30 . 2009-11-16 17:30 -------- d-----w- c:\programdata\Malwarebytes
    2009-11-16 17:30 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-16 17:30 . 2009-11-16 17:31 4096 d-----w- c:\programdata\Spybot - Search & Destroy
    2009-11-16 17:30 . 2009-11-16 17:31 8192 d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-16 13:08 . 2009-11-16 13:25 -------- d-----w- c:\programdata\Media Center Programs
    2009-11-15 13:55 . 2009-12-06 00:18 -------- d-----w- c:\users\Jinky\Tracing
    2009-11-15 13:50 . 2009-11-15 13:50 -------- d-----w- c:\program files\Microsoft
    2009-11-15 13:50 . 2009-11-15 13:50 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-11-15 13:50 . 2009-11-15 13:50 -------- d-----w- c:\program files\Windows Live
    2009-11-15 13:50 . 2009-11-15 13:50 -------- d-----w- c:\windows\PCHEALTH
    2009-11-15 13:48 . 2009-11-15 13:48 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-11-15 03:16 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
    2009-11-15 03:16 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
    2009-11-15 03:16 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
    2009-11-15 03:14 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
    2009-11-15 03:14 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-11-15 03:12 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-11-15 03:11 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
    2009-11-15 03:10 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2009-11-15 03:10 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-11-15 03:10 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-11-15 03:10 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-11-15 01:47 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-14 20:32 . 2009-11-14 12:37 4096 d-----w- c:\windows\Panther
    2009-11-14 20:32 . 2009-11-14 20:32 4096 d-----w- C:\Boot
    2009-11-14 17:38 . 2009-11-22 22:44 -------- d-----w- c:\users\Jinky\AppData\Local\Adobe
    2009-11-14 17:37 . 2009-11-22 22:34 4096 d-----w- c:\program files\Common Files\Adobe
    2009-11-14 15:20 . 2009-12-07 16:53 -------- d-----w- c:\users\Jinky\AppData\Local\Apple Computer
    2009-11-14 15:20 . 2009-11-14 15:21 -------- d-----w- c:\users\Jinky\AppData\Roaming\Apple Computer
    2009-11-14 15:20 . 2009-11-26 10:18 -------- dc----w- c:\windows\system32\DRVSTORE
    2009-11-14 15:19 . 2009-11-14 15:20 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-11-14 15:19 . 2009-11-14 15:19 -------- d-----w- c:\program files\Bonjour
    2009-11-14 15:18 . 2009-11-14 15:19 4096 d-----w- c:\program files\QuickTime
    2009-11-14 15:18 . 2009-11-14 15:19 -------- d-----w- c:\programdata\Apple Computer
    2009-11-14 15:18 . 2009-11-14 15:18 -------- d-----w- c:\users\Jinky\AppData\Local\Apple
    2009-11-14 15:18 . 2009-11-14 15:18 4096 d-----w- c:\program files\Apple Software Update
    2009-11-14 15:16 . 2009-11-26 10:17 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-14 15:16 . 2009-11-14 15:16 -------- d-----w- c:\programdata\Apple
    2009-11-14 15:16 . 2009-12-01 03:46 -------- d-----w- c:\users\Jinky\AppData\Roaming\Ventrilo
    2009-11-14 15:15 . 2009-11-14 15:15 4096 d-----w- c:\program files\Ventrilo
    2009-11-14 15:15 . 2009-11-14 15:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-11-14 14:40 . 2009-11-14 14:40 -------- d-----w- c:\users\Jinky\AppData\Local\Winamp Toolbar
    2009-11-14 13:58 . 2009-11-14 13:58 4096 d-----w- c:\program files\Winamp Toolbar
    2009-11-14 13:58 . 2009-11-14 13:58 -------- d-----w- c:\programdata\Winamp Toolbar
    2009-11-14 13:58 . 2009-11-14 13:58 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2009-11-14 13:58 . 2009-11-14 14:00 4096 d-----w- c:\users\Jinky\AppData\Roaming\Winamp
    2009-11-14 13:58 . 2009-11-14 13:59 4096 d-----w- c:\program files\Winamp
    2009-11-14 13:37 . 2009-07-03 10:21 168448 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2009-11-14 13:37 . 2009-05-26 11:30 73728 ----a-w- c:\windows\system32\RTNUninst32.dll
    2009-11-14 13:37 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
    2009-11-14 13:32 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2009-11-14 13:32 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
    2009-11-14 13:19 . 2009-11-14 13:19 -------- d-----w- c:\users\Jinky\AppData\Local\Microsoft Games

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-02 01:32 . 2009-12-02 01:32 -------- d-----w- c:\program files\KYE
    2009-12-02 01:32 . 2009-12-02 01:32 4096 d-----w- c:\program files\Common Files\snp2std
    2009-12-02 01:32 . 2009-11-14 13:33 4096 d--h--w- c:\program files\InstallShield Installation Information
    2009-12-02 01:32 . 2009-12-02 01:32 -------- d-----w- c:\users\Jinky\AppData\Roaming\InstallShield
    2009-11-17 14:41 . 2009-11-17 14:41 -------- d-----w- c:\users\Jinky\AppData\Roaming\The Creative Assembly
    2009-11-17 03:51 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
    2009-11-17 03:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-15 12:01 . 2009-11-15 12:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2009-11-14 13:37 . 2009-11-14 13:33 -------- d-----w- c:\program files\Realtek
    2009-11-14 13:35 . 2009-11-14 13:33 -------- d--h--w- c:\program files\Temp
    2009-11-14 13:34 . 2009-11-14 13:33 319456 ----a-w- c:\windows\DIFxAPI.dll
    2009-11-14 13:33 . 2009-11-14 13:33 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-11-14 13:33 . 2009-11-14 13:33 -------- d--h--w- c:\program files\DeviceVM
    2009-11-14 12:51 . 2009-11-14 12:41 680 ----a-w- c:\users\Jinky\AppData\Local\d3d9caps.dat
    2009-10-28 20:58 . 2009-10-28 20:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-09-23 23:00 . 2009-09-23 23:00 5161472 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2009-09-23 22:28 . 2009-09-23 22:28 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2009-09-23 22:28 . 2009-09-23 22:28 360448 ----a-w- c:\windows\system32\atieclxx.exe
    2009-09-23 22:27 . 2009-09-23 22:27 172032 ----a-w- c:\windows\system32\atiesrxx.exe
    2009-09-23 22:26 . 2009-05-16 03:22 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2009-09-23 22:26 . 2009-05-16 03:22 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2009-09-23 22:25 . 2009-09-23 22:25 274432 ----a-w- c:\windows\system32\Oemdspif.dll
    2009-09-23 22:25 . 2009-09-23 22:25 11776 ----a-w- c:\windows\system32\atimuixx.dll
    2009-09-23 22:25 . 2009-09-23 22:25 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2009-09-23 22:22 . 2009-09-23 22:22 3009536 ----a-w- c:\windows\system32\atidxx32.dll
    2009-09-23 22:06 . 2009-05-16 03:08 3593216 ----a-w- c:\windows\system32\atiumdag.dll
    2009-09-23 21:55 . 2009-09-23 21:55 12603904 ----a-w- c:\windows\system32\atioglxx.dll
    2009-09-23 21:48 . 2009-05-16 02:53 2849792 ----a-w- c:\windows\system32\atiumdva.dll
    2009-09-23 21:36 . 2009-09-23 21:36 52224 ----a-w- c:\windows\system32\atimpc32.dll
    2009-09-23 21:36 . 2009-09-23 21:36 52224 ----a-w- c:\windows\system32\amdpcom32.dll
    2009-09-23 21:36 . 2009-09-23 21:36 204800 ----a-w- c:\windows\system32\atiadlxx.dll
    2009-09-23 21:33 . 2009-09-23 21:33 53248 ----a-w- c:\windows\system32\aticalrt.dll
    2009-09-23 21:33 . 2009-09-23 21:33 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2009-09-23 21:32 . 2009-09-23 21:32 3502080 ----a-w- c:\windows\system32\aticaldd.dll
    2009-09-23 21:21 . 2009-09-23 21:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2009-09-14 09:44 . 2009-11-15 03:11 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-09-10 17:30 . 2009-11-15 03:13 213504 ----a-w- c:\windows\system32\msv1_0.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
    "Steam"="c:\program files\steam\steam.exe" [2009-11-14 1217808]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-11 3171760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
    "Windows Management Interface"="c:\windows\system32\winsys32.exe" [2009-11-12 66048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-25 149280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
    "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Management Interface"="c:\windows\system32\winsys32.exe" [2009-11-12 66048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [02/12/2009 17:28 114768]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [23/09/2009 22:27 172032]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [02/12/2009 17:28 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [02/12/2009 17:28 53328]
    R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [14/11/2009 13:33 219360]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [14/11/2009 12:39 115560]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [16/11/2009 17:30 1153368]
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: + &Download Express: download this file - c:\program files\Download Express\Add_Url.htm
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
    Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
    Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
    FF - ProfilePath - c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.no3commandodh.com/
    FF - component: c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - component: c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - component: c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
    FF - component: c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - plugin: c:\users\Jinky\AppData\Roaming\Mozilla\Firefox\Profiles\uwpzio7u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-tsnp2std - c:\windows\tsnp2std.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2641446881-2481055594-2478846550-1000_Classes\CLSID\{401cb2ab-c9c2-4d9f-a097-cb7d836de39e}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000154
    "Therad"=dword:00000016

    [HKEY_USERS\S-1-5-21-2641446881-2481055594-2478846550-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):6a,c7,d1,87,02,95,0c,64,7d,88,98,77,5c,8a,3b,a4,24,d8,4a,6f,76,
    c0,ca,99,f8,b6,40,5c,e3,7c,af,3c,51,b8,62,34,a2,89,c2,3b,00,00,00,00,00,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4808)
    c:\program files\Internet Download Manager\idmmkb.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Steam\SteamService.exe
    c:\program files\Internet Download Manager\IEMonitor.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2009-12-07 18:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-12-07 18:57

    Pre-Run: 745,866,997,760 bytes free
    Post-Run: 745,677,500,416 bytes free

    - - End Of File - - 96AF49DEDE78F3BE9D642DA2368C78D1



    ----

    HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:03:18, on 07/12/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18319)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" *
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-18\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" * (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" * (User 'Default user')
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 8478 bytes

  6. #6
    Junior Member
    Join Date
    Dec 2009
    Posts
    9

    Default

    I should add if I try and run any program not as an admin, I get the error "Illegal operation attempted on a registry key that has been marked for deletion."

    Thanks.

    Jinky.

  7. #7
    Junior Member
    Join Date
    Dec 2009
    Posts
    9

    Default

    EDIT - Another restart appeared to fix this issue.

  8. #8
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Junior Member
    Join Date
    Dec 2009
    Posts
    9

    Default

    Had problems with the online scan. It reported 'No threats' but there was no report available to me, and no report to 'save as'.

    I ran another HJT,

    This is the report:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:54:40, on 09/12/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18319)
    Boot mode: Normal

    Running processes:
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\winsys32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" *
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-18\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" * (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Windows Management Interface] "C:\WINDOWS\system32\winsys32.exe" * (User 'Default user')
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 8718 bytes



    Thanks again.

    Jinky.

  10. #10
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    That is fine

    Are both avast and Norton up-to-date?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •