View Full Version : Two 'iexplore.exe' running
scoobyman82
2009-02-21, 13:25
Hi there, a few weeks ago i noticed in my task manager that i have two iexplore.exe processes running, one of which uses over 100'000 K of memory. When i try to end process they come back up instantly. A quick google of this and most people seem to agree this is malware of some kind.
Secondly i've also been having trouble with a zillion popups lately, all appearing in internet explorer even though firefox is my default browser and i have blocked explorer from opening.
I regularly run Spybot, Ad-aware and my antivirus to no avail so any help would be gratefully appreciated, below are the results of my HijackThis scan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:26, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O2 - BHO: (no name) - {0D28E24F-C290-4ABF-854A-ABFE3A089971} - (no file)
O2 - BHO: (no name) - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {0EBFF9BC-7BC3-41B6-BCC3-4780D520D505} - C:\WINDOWS\system32\fccbXRKd.dll (file missing)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {18295F5F-96C0-4384-897B-F0D807D6C54E} - C:\WINDOWS\system32\jkkHYQGY.dll (file missing)
O2 - BHO: (no name) - {24EB94EF-9DC6-43B4-B9E5-0697857B03A9} - C:\WINDOWS\system32\xxyxVLee.dll (file missing)
O2 - BHO: (no name) - {2F85D76C-0569-466F-A488-493E6BD0E955} - (no file)
O2 - BHO: (no name) - {33742D2D-A16D-44DE-A9EF-958A67101A3D} - C:\WINDOWS\system32\ddcAqRhF.dll (file missing)
O2 - BHO: (no name) - {493D5FF6-DAAB-4BD2-8576-2B494C71CDC4} - C:\WINDOWS\system32\rqRHWOiI.dll (file missing)
O2 - BHO: (no name) - {4E99E002-AF40-49E0-BEAE-8BDEF5336A98} - (no file)
O2 - BHO: (no name) - {5117990B-D54C-420B-800B-D72D12CC0E74} - C:\WINDOWS\system32\pmnnMFYQ.dll (file missing)
O2 - BHO: (no name) - {51617804-3EC1-4176-B427-7BB326716A90} - C:\WINDOWS\system32\tuvTmKAQ.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5EDA2C21-AC9F-4C04-8A0D-3CE4D21A1CED} - C:\WINDOWS\system32\iiffdAqO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7D94D171-0DAA-4D1B-9C58-57565B2DA2FD} - C:\WINDOWS\system32\xxyYOhhf.dll (disabled by BHODemon)
O2 - BHO: (no name) - {809EC91B-B593-441D-A6E4-818408A30687} - C:\WINDOWS\system32\jkkLCtSk.dll (disabled by BHODemon)
O2 - BHO: (no name) - {87E68009-29A8-D669-F7C2-B31D08635C50} - (no file)
O2 - BHO: (no name) - {8BC03CA2-60EA-4C3D-8C2E-684DD8DD8693} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9362BBBD-AF19-4CCE-A232-483026607CF6} - C:\WINDOWS\system32\khfEVpqr.dll (file missing)
O2 - BHO: (no name) - {9B263D9B-AD49-4D81-8DEA-3CE688268561} - C:\WINDOWS\system32\iifdbCSj.dll (file missing)
O2 - BHO: (no name) - {9F39E08C-6C97-4F0F-B217-9FA36557D24A} - C:\WINDOWS\system32\opnmJAqn.dll (file missing)
O2 - BHO: {ce222910-35f9-c72b-2bf4-851f89572e3a} - {a3e27598-f158-4fb2-b27c-9f53019222ec} - C:\WINDOWS\system32\lmccuk.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AA64C339-0F29-4CC6-97B1-7941C83D0613} - C:\WINDOWS\system32\mlJYrpPJ.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C40270B4-B569-42F9-ADEB-13307B8B5F9C} - (no file)
O2 - BHO: (no name) - {C56B06D5-C8B5-4198-86C6-F61DE0580EC6} - (disabled by BHODemon)
O2 - BHO: (no name) - {C8DB8914-5CC1-4707-BCB7-E62E8803B344} - C:\WINDOWS\system32\cbXNFXqO.dll (file missing)
O2 - BHO: (no name) - {C8F091F9-F183-4978-B1BC-62AAC2C0480B} - C:\WINDOWS\system32\wvUnNGVO.dll (file missing)
O2 - BHO: (no name) - {CC979789-4B0F-4AB4-9185-347CB43C0BDC} - (no file)
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EAB2F644-184B-434B-AC2A-6585EDCFE205} - (no file)
O2 - BHO: (no name) - {EE109A36-E64C-46FF-8333-7101A0E3883C} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.362.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.362.0\HotbarSA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Bleh option.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ForCity] C:\DOCUME~1\Simon\APPLIC~1\STOPBA~1\Bits Part Idol.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice\program\quickstart.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.peernetworksuk.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ceriduroe.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{196C64F3-5ABD-4CCF-A605-DA67F5CDDB53}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{864A2E1F-038E-4330-B9C8-5EF9672100FE}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{196C64F3-5ABD-4CCF-A605-DA67F5CDDB53}: NameServer = 192.168.0.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: tuvTmKAQ - tuvTmKAQ.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 15852 bytes
Hi scoobyman82
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
scoobyman82
2009-02-24, 20:04
Hi Blade81
I dont know how to attach documents to posts sorry, so i've just copied and pasted them over one at a time. This first one is DSS.txt.
DDS (Ver_09-02-01.01) - FAT32x86
Run by Simon at 17:51:38.93 on 24/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1118 [GMT 0:00]
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Simon\Desktop\dds.com
============== Pseudo HJT Report ===============
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
mSearchAssistant =
uURLSearchHooks: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: {0D28E24F-C290-4ABF-854A-ABFE3A089971} - No File
BHO: {0D39A900-0F3A-4C29-A254-3E65244FDC34} - No File
BHO: {0ebff9bc-7bc3-41b6-bcc3-4780d520d505} - c:\windows\system32\fccbXRKd.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {18295f5f-96c0-4384-897b-f0d807d6c54e} - c:\windows\system32\jkkHYQGY.dll
BHO: {24eb94ef-9dc6-43b4-b9e5-0697857b03a9} - c:\windows\system32\xxyxVLee.dll
BHO: {2F85D76C-0569-466F-A488-493E6BD0E955} - No File
BHO: {33742d2d-a16d-44de-a9ef-958a67101a3d} - c:\windows\system32\ddcAqRhF.dll
BHO: {493d5ff6-daab-4bd2-8576-2b494c71cdc4} - c:\windows\system32\rqRHWOiI.dll
BHO: {4E99E002-AF40-49E0-BEAE-8BDEF5336A98} - No File
BHO: {5117990b-d54c-420b-800b-d72d12cc0e74} - c:\windows\system32\pmnnMFYQ.dll
BHO: {51617804-3ec1-4176-b427-7bb326716a90} - c:\windows\system32\tuvTmKAQ.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {5eda2c21-ac9f-4c04-8a0d-3ce4d21a1ced} - c:\windows\system32\iiffdAqO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7d94d171-0daa-4d1b-9c58-57565b2da2fd} - c:\windows\system32\xxyYOhhf.dll__BHODemonDisabled
BHO: {809ec91b-b593-441d-a6e4-818408a30687} - c:\windows\system32\jkkLCtSk.dll__BHODemonDisabled
BHO: {87E68009-29A8-D669-F7C2-B31D08635C50} - No File
BHO: {8BC03CA2-60EA-4C3D-8C2E-684DD8DD8693} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9362bbbd-af19-4cce-a232-483026607cf6} - c:\windows\system32\khfEVpqr.dll
BHO: {9b263d9b-ad49-4d81-8dea-3ce688268561} - c:\windows\system32\iifdbCSj.dll
BHO: {9f39e08c-6c97-4f0f-b217-9fa36557d24a} - c:\windows\system32\opnmJAqn.dll
BHO: {ce222910-35f9-c72b-2bf4-851f89572e3a}: {a3e27598-f158-4fb2-b27c-9f53019222ec} - c:\windows\system32\lmccuk.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: {aa64c339-0f29-4cc6-97b1-7941c83d0613} - c:\windows\system32\mlJYrpPJ.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: {C40270B4-B569-42F9-ADEB-13307B8B5F9C} - No File
BHO: {c56b06d5-c8b5-4198-86c6-f61de0580ec6} - __BHODemonDisabled
BHO: {c8db8914-5cc1-4707-bcb7-e62e8803b344} - c:\windows\system32\cbXNFXqO.dll
BHO: {c8f091f9-f183-4978-b1bc-62aac2c0480b} - c:\windows\system32\wvUnNGVO.dll
BHO: {CC979789-4B0F-4AB4-9185-347CB43C0BDC} - No File
BHO: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EAB2F644-184B-434B-AC2A-6585EDCFE205} - No File
BHO: {EE109A36-E64C-46FF-8333-7101A0E3883C} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [ForCity] c:\docume~1\simon\applic~1\stopba~1\Bits Part Idol.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [VGAUtil] c:\program files\gigabyte\vga utility manager\G-VGA.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HotbarOE] c:\program files\hotbar\bin\10.0.362.0\OEAddOn.exe
mRun: [HotbarSA] "c:\program files\hotbar\bin\10.0.362.0\HotbarSA.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MDNS] c:\windows\system32\service.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Acronis*True*Image Monitor] "c:\program files\acronis\trueimage\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot
mRun: [ROAD ITCH AMOK PING] c:\documents and settings\all users\application data\long slow road itch\Bleh option.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://ceriduroe.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {196C64F3-5ABD-4CCF-A605-DA67F5CDDB53} = 192.168.0.1
TCP: {864A2E1F-038E-4330-B9C8-5EF9672100FE} = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: tuvTmKAQ - tuvTmKAQ.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {51617804-3ec1-4176-b427-7bb326716a90} - c:\windows\system32\tuvTmKAQ.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJYrpPJ
LSA: Notification Packages = scecli scecli
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\eor007ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\ceri\application data\videoegg\loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-2-19 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2008-2-19 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2008-2-19 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2008-2-19 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-2-19 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-2-19 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2008-2-19 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2008-2-19 4960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-18 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2008-2-26 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2007-7-28 17962]
R4 atidgllk;atidgllk;c:\program files\gigabyte\vga utility manager\atidgllk.sys [2007-7-28 12048]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-8-28 99248]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S4 iteraid;iteraid;c:\windows\system32\drivers\iteraid.sys [1980-1-1 16459]
S4 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1980-1-1 75904]
=============== Created Last 30 ================
2009-02-21 10:08 <DIR> --d-h--- c:\windows\PIF
2009-02-21 01:50 <DIR> --d----- c:\docume~1\simon\applic~1\Windows Live Writer
2009-02-20 21:04 <DIR> --d----- c:\program files\Trend Micro
2009-02-18 10:43 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-15 06:49 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-09 20:08 <DIR> --d----- c:\documents and settings\simon\Tracing
2009-02-09 20:04 <DIR> --d----- c:\program files\Microsoft
2009-02-09 20:03 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-09 19:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-08 10:11 <DIR> --d----- c:\program files\stop bags
2009-02-07 11:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-07 11:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-07 11:29 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
==================== Find3M ====================
2009-02-24 11:30 5,112 a------- c:\windows\GPCIDrv.sys
2009-02-24 11:30 17,962 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-02-24 11:29 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-24 11:29 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-01-23 10:48 2,117,632 a------- c:\windows\system32\python25.dll
2009-01-23 10:48 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-01-23 10:48 114,688 a------- c:\windows\system32\pywintypes25.dll
2009-01-22 18:05 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 18:05 202,000 a------- c:\windows\system32\PnkBstrB.exe
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-27 10:28 22,328 a------- c:\docume~1\simon\applic~1\PnkBstrK.sys
2008-12-27 10:28 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-27 10:28 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-19 09:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-09 09:58 410,984 a------- c:\windows\system32\deploytk.dll
2007-10-28 18:41 85,304 a------- c:\docume~1\simon\applic~1\GDIPFONTCACHEV1.DAT
2001-06-15 12:30 471,098 -------- c:\documents and settings\simon\UNINSTAL.EXE
2001-06-14 13:25 1,040,384 -------- c:\documents and settings\simon\SETUPENU.DLL
2001-06-14 11:44 135,989 -------- c:\documents and settings\simon\fences.zip
2001-06-12 11:02 3,635,656 -------- c:\documents and settings\simon\scenario.zip
2001-06-12 11:02 7,337 -------- c:\documents and settings\simon\research.zip
2001-06-12 11:02 24,146 -------- c:\documents and settings\simon\items.zip
2001-06-12 11:02 2,514 -------- c:\documents and settings\simon\ai.zip
2001-06-12 11:02 6,397,370 -------- c:\documents and settings\simon\ui.zip
2001-06-12 11:01 905,097 -------- c:\documents and settings\simon\terrain.zip
2001-06-12 11:01 687,504 -------- c:\documents and settings\simon\staff.zip
2001-06-12 11:01 2,983,796 -------- c:\documents and settings\simon\scenery.zip
2001-06-12 11:01 8,954,880 -------- c:\documents and settings\simon\objects.zip
2001-06-12 11:01 357,129 -------- c:\documents and settings\simon\guests.zip
2001-06-12 11:01 9,116,930 -------- c:\documents and settings\simon\animals2.zip
2001-06-12 11:01 6,564 -------- c:\documents and settings\simon\config.zip
2001-06-12 11:01 5,884 -------- c:\documents and settings\simon\paths.zip
2001-06-12 10:51 2,826,275 -------- c:\documents and settings\simon\zoo.exe
2001-06-12 10:20 466,997 -------- c:\documents and settings\simon\lang0.dll
2001-06-12 08:55 86,362,105 -------- c:\documents and settings\simon\animals.zip
2001-06-11 03:21 14,240,209 -------- c:\documents and settings\simon\global.zip
2001-06-07 13:38 118,784 -------- c:\documents and settings\simon\res0.dll
2001-06-05 15:06 45,056 -------- c:\documents and settings\simon\ImeUiRes.dll
2001-06-05 14:24 45,056 -------- c:\documents and settings\simon\ImeUiResJpn.dll
2001-06-05 14:24 45,056 -------- c:\documents and settings\simon\ImeUiResEnu.dll
2001-05-10 11:15 1,112,504 -------- c:\documents and settings\simon\dwdebug.exe
2001-05-10 11:15 161,184 -------- c:\documents and settings\simon\dw.exe
2001-03-28 16:10 55,809 -------- c:\documents and settings\simon\tiles.zip
2001-03-14 14:29 53,300 -------- c:\documents and settings\simon\EBUEula.dll
2001-01-03 22:29 10,043 -------- c:\documents and settings\simon\fringe.zip
============= FINISH: 17:51:59.73 ===============
scoobyman82
2009-02-24, 20:06
And here's the Attach.txt
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-02-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28/07/2007 17:28:25
System Uptime: 24/02/2009 11:28:36 (6 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3P
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1866/266mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (FAT32) - 99 GiB total, 4.15 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP406: 06/02/2009 12:38:27 - System Checkpoint
RP407: 07/02/2009 11:34:49 - Software Distribution Service 3.0
RP408: 08/02/2009 17:51:26 - System Checkpoint
RP409: 09/02/2009 20:36:08 - Installed Windows XP KB954708.
RP410: 09/02/2009 20:36:22 - Installed DirectX
RP411: 11/02/2009 02:51:38 - Software Distribution Service 3.0
RP412: 12/02/2009 01:52:19 - Software Distribution Service 3.0
RP413: 13/02/2009 13:11:18 - System Checkpoint
RP414: 15/02/2009 06:36:47 - Software Distribution Service 3.0
RP415: 16/02/2009 09:00:39 - Software Distribution Service 3.0
RP416: 17/02/2009 12:43:28 - System Checkpoint
RP417: 18/02/2009 10:41:41 - Installed DirectX
RP418: 19/02/2009 20:18:35 - System Checkpoint
RP419: 21/02/2009 09:13:28 - Removed Nokia Connectivity Cable Driver
RP420: 21/02/2009 09:19:54 - Removed Nokia Lifeblog 2.5
RP421: 21/02/2009 09:24:34 - Removed Nokia NSeries Application Installer.
RP422: 21/02/2009 09:28:44 - Removed Nokia NSeries Content Copier.
RP423: 21/02/2009 09:34:47 - Removed Nokia NSeries Multimedia Player.
RP424: 21/02/2009 09:35:18 - Removed Nokia NSeries Music Manager.
RP425: 21/02/2009 09:35:59 - Removed Nokia NSeries One Touch Access.
RP426: 21/02/2009 09:40:04 - Removed Nokia NSeries System Utilities.
RP427: 21/02/2009 09:43:07 - Removed Nokia Software Launcher
RP428: 21/02/2009 09:44:59 - Removed Nokia Software Updater.
RP429: 21/02/2009 12:38:25 - Removed Sony Ericsson PC Suite
==== Installed Programs ======================
ABBYY FineReader 6.0 Sprint
Acronis*True*Image
Ad-Aware
Adobe Flash Player Plugin
Adobe Shockwave Player 11
Advanced Registry Optimizer
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AVG 7.5
AVIVO Codecs
Bonjour
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Choice Guard
Command & Conquer 3
ContextAdvisor
ContextTool
Doom 3
Elasto Mania
Facebook Desktop
File Recover 6.2
Gigabyte Raid Configurer
GIGABYTE VGA Utility Manager
Google Earth
Google Toolbar for Internet Explorer
Greeting Card Factory Express
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotbar Browser and Wowpapers Tools
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
IBM ViaVoice Command and Control Runtime 5.3 - UK English
IBM ViaVoice Outloud Runtime - UK English
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Lexmark 3500-4500 Series
Lexmark Fax Solutions
Lexmark Toolbar
LimeWire 4.18.8
Logitech QuickCam Driver Package
Macromedia Fireworks MX 2004
Map Button (Windows Live Toolbar)
Marvell Miniport Driver
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mirar
Mozilla Firefox (3.0.6)
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org 1.1.4
OpenOffice.org Installer 1.0
PC Connectivity Solution
Peer2Peer-EN Toolbar
Petz 4 (remove only)
Poker Academy 2
PokerStars
Popup Blocker (Windows Live Toolbar)
PunkBuster Services
QuickTime
RCT3 Soaked
Realtek High Definition Audio Driver
Roller Coaster Tycoon 2
RollerCoaster Tycoon 3
Safari
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Segoe UI
SimCity 4 Deluxe
Skins
Sky Broadband
Smart Menus (Windows Live Toolbar)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
SweetIM Toolbar for Internet Explorer 3.1
Theme Hospital
Tomb Raider - The Last Revelation
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VisualTool
WebFldrs XP
Windows Desktop Search
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World of Warcraft
==== Event Viewer Messages From Past Week ========
18/02/2009 09:47:35, error: Service Control Manager [7000] - The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/02/2009 09:47:35, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService service to connect.
18/02/2009 09:47:32, error: ati2mtag [43037] -
20/02/2009 20:48:52, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
==== End Of File ===========================
Hi
You posted those just as expected :)
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete these folders afterwards:
C:\Program Files\LimeWire
Empty Recycle Bin.
After that:
Uninstall Messenger Plus! Live & Sponsor (CiD). You may install Messenger Plus addon without sponsors after we've got you clean if needed.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New DDS.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
scoobyman82
2009-02-26, 21:46
ComboFix 09-02-25.02 - Simon 2009-02-26 19:25:27.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1527 [GMT 0:00]
Running from: c:\documents and settings\Simon\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\HotbarSA
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht
c:\documents and settings\All Users\Application Data\Starware390
c:\documents and settings\All Users\Application Data\Starware390\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware390\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware390\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware390\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware390\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware390\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware390\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware390\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware390\buttons\jokesearch.bmp
c:\documents and settings\All Users\Application Data\Starware390\buttons\pranks.bmp
c:\documents and settings\All Users\Application Data\Starware390\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware390\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware390\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware390\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware390\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware390\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware390\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware390\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware390\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware390\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\All Users\Start Menu\Programs\Hotbar
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk
c:\documents and settings\Ceri\Application Data\Hotbar_Icons
c:\documents and settings\Ceri\Application Data\Hotbar_Icons\Registryrepair.ico
c:\documents and settings\Ceri\Application Data\Hotbar_Icons\Software_Online_9.ico
c:\documents and settings\Ceri\Application Data\Hotbar_Icons\wallpapere1.ico
c:\documents and settings\Ceri\Application Data\Starware390
c:\documents and settings\Ceri\Application Data\Starware390\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Ceri\Application Data\Starware390\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\Configurator\Configurator.xml
c:\documents and settings\Ceri\Application Data\Starware390\Configurator\Configurator.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
c:\documents and settings\Ceri\Application Data\Starware390\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\Games\GamesOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\Games\GamesOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\Games\images\active\Games0.bmp
c:\documents and settings\Ceri\Application Data\Starware390\JokeSearch\JokeSearchOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\JokeSearch\JokeSearchOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\Layouts\ToolbarLayout.xml
c:\documents and settings\Ceri\Application Data\Starware390\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\Manager\ManagerOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\Manager\ManagerOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\Movies\images\active\Movies0.bmp
c:\documents and settings\Ceri\Application Data\Starware390\Movies\MoviesOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\Movies\MoviesOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\Pranks\PranksOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\Pranks\PranksOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Ceri\Application Data\Starware390\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\Toolbar\TBProductsOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Ceri\Application Data\Starware390\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Ceri\Application Data\Starware390\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Ceri\AUTORUN.INF
c:\documents and settings\Simon\Application Data\Hotbar_Icons
c:\documents and settings\Simon\Application Data\Hotbar_Icons\Registryrepair.ico
c:\documents and settings\Simon\Application Data\Hotbar_Icons\Software_Online_9.ico
c:\documents and settings\Simon\Application Data\Hotbar_Icons\wallpapere1.ico
c:\documents and settings\Simon\Application Data\Starware390
c:\documents and settings\Simon\Application Data\Starware390\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Simon\Application Data\Starware390\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\Configurator\Configurator.xml
c:\documents and settings\Simon\Application Data\Starware390\Configurator\Configurator.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
c:\documents and settings\Simon\Application Data\Starware390\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\Games\GamesOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\Games\GamesOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\Games\images\active\Games0.bmp
c:\documents and settings\Simon\Application Data\Starware390\JokeSearch\JokeSearchOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\JokeSearch\JokeSearchOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\Layouts\ToolbarLayout.xml
c:\documents and settings\Simon\Application Data\Starware390\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\Manager\ManagerOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\Manager\ManagerOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\Movies\images\active\Movies0.bmp
c:\documents and settings\Simon\Application Data\Starware390\Movies\MoviesOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\Movies\MoviesOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\Pranks\PranksOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\Pranks\PranksOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Simon\Application Data\Starware390\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\Toolbar\TBProductsOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Simon\Application Data\Starware390\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Simon\Application Data\Starware390\TravelSearch\TravelSearchOptions.xml.backup
c:\program files\ContextTool
c:\program files\ContextTool\ContextHelper.dat
c:\program files\ContextTool\ContextTool-3.dll
c:\program files\ContextTool\pcre3.dll
c:\program files\ContextTool\uninstall.exe
c:\windows\BM347b2b22.txt
c:\windows\BM347b2b22.xml
c:\windows\cookies.ini
c:\windows\system32\adssite-remove.exe
c:\windows\system32\dKRXbccf.ini
c:\windows\system32\eeLVxyxx.ini
c:\windows\system32\fhhOYyxx.ini
c:\windows\system32\FhRqAcdd.ini
c:\windows\system32\IiOWHRqr.ini
c:\windows\system32\jSCbdfii.ini
c:\windows\system32\kStCLkkj.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\nqAJmnpo.ini
c:\windows\system32\OqAdffii.ini
c:\windows\system32\OqXFNXbc.ini
c:\windows\system32\OVGNnUvw.ini
c:\windows\system32\QYFMnnmp.ini
c:\windows\system32\rightonadz-uninst.exe
c:\windows\system32\rqpVEfhk.ini
c:\windows\system32\rrssCJjl.ini
c:\windows\system32\Xyxbcccf.ini
c:\windows\system32\YGQYHkkj.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_PASSWORD
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.
2009-02-21 10:08 . 2009-02-21 10:08 <DIR> d--h----- c:\windows\PIF
2009-02-21 01:50 . 2009-02-21 01:51 <DIR> d-------- c:\documents and settings\Simon\Application Data\Windows Live Writer
2009-02-20 21:04 . 2009-02-20 21:04 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 10:43 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-15 06:49 . 2009-02-15 06:49 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-09 20:08 . 2009-02-09 20:08 <DIR> d-------- c:\documents and settings\Simon\Tracing
2009-02-09 20:06 . 2009-02-09 20:06 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-09 20:05 . 2009-02-09 20:05 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-09 20:04 . 2009-02-09 20:04 <DIR> d-------- c:\program files\Microsoft
2009-02-09 20:03 . 2009-02-09 20:04 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-09 19:56 . 2009-02-09 19:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-07 11:40 . 2009-02-07 11:30 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-07 11:30 . 2009-02-07 11:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-07 11:29 . 2009-02-07 11:30 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-03 16:35 . 2009-02-03 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-02-03 15:08 . 2009-02-03 15:09 <DIR> d-------- c:\program files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 19:29 17,962 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2009-02-26 19:28 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-26 19:28 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-02-26 19:12 5,112 ----a-w c:\windows\GPCIDrv.sys
2009-01-24 09:53 --------- d-----w c:\program files\Lavasoft
2009-01-23 10:48 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2009-01-23 10:48 2,117,632 ----a-w c:\windows\system32\python25.dll
2009-01-23 10:48 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2009-01-22 18:05 202,000 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-22 18:05 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-21 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\aHisoft
2009-01-21 09:35 --------- d-----w c:\program files\YouTube Downloader
2009-01-21 09:19 --------- d-----w c:\program files\Peer2Peer-EN
2009-01-21 09:19 --------- d-----w c:\program files\Conduit
2009-01-20 14:54 --------- d-----w c:\program files\VisualTool
2009-01-20 13:45 --------- d-----w c:\documents and settings\Ceri\Application Data\stop bags
2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-04 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-01-04 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Long slow road itch
2008-12-27 10:28 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-12-27 10:28 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-27 10:28 22,328 ----a-w c:\documents and settings\Simon\Application Data\PnkBstrK.sys
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-09 09:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2007-10-28 18:41 85,304 ----a-w c:\documents and settings\Simon\Application Data\GDIPFONTCACHEV1.DAT
2001-06-15 12:30 471,098 ------w c:\documents and settings\Simon\UNINSTAL.EXE
2001-06-14 13:25 1,040,384 ------w c:\documents and settings\Simon\SETUPENU.DLL
2001-06-14 11:44 135,989 ------w c:\documents and settings\Simon\fences.zip
2001-06-12 11:02 7,337 ------w c:\documents and settings\Simon\research.zip
2001-06-12 11:02 6,397,370 ------w c:\documents and settings\Simon\ui.zip
2001-06-12 11:02 3,635,656 ------w c:\documents and settings\Simon\scenario.zip
2001-06-12 11:02 24,146 ------w c:\documents and settings\Simon\items.zip
2001-06-12 11:02 2,514 ------w c:\documents and settings\Simon\ai.zip
2001-06-12 11:01 905,097 ------w c:\documents and settings\Simon\terrain.zip
2001-06-12 11:01 9,116,930 ------w c:\documents and settings\Simon\animals2.zip
2001-06-12 11:01 8,954,880 ------w c:\documents and settings\Simon\objects.zip
2001-06-12 11:01 687,504 ------w c:\documents and settings\Simon\staff.zip
2001-06-12 11:01 6,564 ------w c:\documents and settings\Simon\config.zip
2001-06-12 11:01 5,884 ------w c:\documents and settings\Simon\paths.zip
2001-06-12 11:01 357,129 ------w c:\documents and settings\Simon\guests.zip
2001-06-12 11:01 2,983,796 ------w c:\documents and settings\Simon\scenery.zip
2001-06-12 10:51 2,826,275 ------w c:\documents and settings\Simon\zoo.exe
2001-06-12 10:20 466,997 ------w c:\documents and settings\Simon\lang0.dll
2001-06-12 08:55 86,362,105 ------w c:\documents and settings\Simon\animals.zip
2001-06-11 03:21 14,240,209 ------w c:\documents and settings\Simon\global.zip
2001-06-07 13:38 118,784 ------w c:\documents and settings\Simon\res0.dll
2001-06-05 15:06 45,056 ------w c:\documents and settings\Simon\ImeUiRes.dll
2001-06-05 14:24 45,056 ------w c:\documents and settings\Simon\ImeUiResJpn.dll
2001-06-05 14:24 45,056 ------w c:\documents and settings\Simon\ImeUiResEnu.dll
2001-05-10 11:15 161,184 ------w c:\documents and settings\Simon\dw.exe
2001-05-10 11:15 1,112,504 ------w c:\documents and settings\Simon\dwdebug.exe
2001-03-28 16:10 55,809 ------w c:\documents and settings\Simon\tiles.zip
2001-03-14 14:29 53,300 ------w c:\documents and settings\Simon\EBUEula.dll
2001-01-03 22:29 10,043 ------w c:\documents and settings\Simon\fringe.zip
1997-12-19 13:12 832,000 ------r c:\documents and settings\Ceri\Ip.exe
1997-11-12 01:10 150,016 ------r c:\documents and settings\Ceri\automenu.exe
1997-01-29 15:10 26,112 ------r c:\documents and settings\Ceri\SETUP.EXE
1997-01-29 14:35 26,624 ------r c:\documents and settings\Ceri\AUTOSET.EXE
1994-05-31 22:00 265,396 ------r c:\documents and settings\Ceri\DOS4GW.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2009-02-11 21:31 1881112 --a------ c:\program files\Peer2Peer-EN\tbPee1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2007-10-09 544768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-19 590848]
"Acronis*True*Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-07-29 419408]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-07-29 69632]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-19 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ceri^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Ceri\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Simon\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=c:\documents and settings\Simon\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2006-11-17 02:05 1953792 c:\windows\system32\JMRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-07-29 15:17 69632 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis*True*Image Monitor]
--a------ 2007-07-29 15:17 419408 c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-02-07 11:30 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-10-19 13:05 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2007-05-07 19:10 312240 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-31 05:44 36864 c:\windows\JM\JMInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-03-05 13:40 20480 c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-05-07 19:07 435120 c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 21:35 1961984 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
--a------ 2006-01-25 11:52 145136 c:\program files\Nova Development\Greeting Card Factory Express\ReminderApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-05 20:25 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil]
--a------ 2007-10-09 09:35 544768 c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-11-14 10:21 16270848 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"374818be"=rundll32.exe "c:\windows\system32\tjsyogvr.dll",b
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\lxdipswx.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\LXDItime.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdijswx.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-07 64160]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-18 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2008-02-26 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2007-07-28 17962]
R4 atidgllk;atidgllk;c:\program files\GigaByte\VGA Utility Manager\atidgllk.sys [2007-07-28 12048]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-08-28 99248]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S4 iteraid;iteraid;c:\windows\system32\drivers\iteraid.sys [1980-01-01 16459]
S4 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1980-01-01 75904]
.
Contents of the 'Scheduled Tasks' folder
2009-02-26 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []
2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-07 11:30]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0D28E24F-C290-4ABF-854A-ABFE3A089971} - (no file)
BHO-{0EBFF9BC-7BC3-41B6-BCC3-4780D520D505} - c:\windows\system32\fccbXRKd.dll
BHO-{18295F5F-96C0-4384-897B-F0D807D6C54E} - c:\windows\system32\jkkHYQGY.dll
BHO-{24EB94EF-9DC6-43B4-B9E5-0697857B03A9} - c:\windows\system32\xxyxVLee.dll
BHO-{33742D2D-A16D-44DE-A9EF-958A67101A3D} - c:\windows\system32\ddcAqRhF.dll
BHO-{493D5FF6-DAAB-4BD2-8576-2B494C71CDC4} - c:\windows\system32\rqRHWOiI.dll
BHO-{4E99E002-AF40-49E0-BEAE-8BDEF5336A98} - (no file)
BHO-{5117990B-D54C-420B-800B-D72D12CC0E74} - c:\windows\system32\pmnnMFYQ.dll
BHO-{5EDA2C21-AC9F-4C04-8A0D-3CE4D21A1CED} - c:\windows\system32\iiffdAqO.dll
BHO-{7D94D171-0DAA-4D1B-9C58-57565B2DA2FD} - c:\windows\system32\xxyYOhhf.dll__BHODemonDisabled
BHO-{809EC91B-B593-441D-A6E4-818408A30687} - c:\windows\system32\jkkLCtSk.dll__BHODemonDisabled
BHO-{8BC03CA2-60EA-4C3D-8C2E-684DD8DD8693} - (no file)
BHO-{9362BBBD-AF19-4CCE-A232-483026607CF6} - c:\windows\system32\khfEVpqr.dll
BHO-{9B263D9B-AD49-4D81-8DEA-3CE688268561} - c:\windows\system32\iifdbCSj.dll
BHO-{9F39E08C-6C97-4F0F-B217-9FA36557D24A} - c:\windows\system32\opnmJAqn.dll
BHO-{a3e27598-f158-4fb2-b27c-9f53019222ec} - c:\windows\system32\lmccuk.dll
BHO-{AA64C339-0F29-4CC6-97B1-7941C83D0613} - c:\windows\system32\mlJYrpPJ.dll
BHO-{C40270B4-B569-42F9-ADEB-13307B8B5F9C} - (no file)
BHO-{C56B06D5-C8B5-4198-86C6-F61DE0580EC6} - __BHODemonDisabled
BHO-{C8DB8914-5CC1-4707-BCB7-E62E8803B344} - c:\windows\system32\cbXNFXqO.dll
BHO-{C8F091F9-F183-4978-B1BC-62AAC2C0480B} - c:\windows\system32\wvUnNGVO.dll
BHO-{CC979789-4B0F-4AB4-9185-347CB43C0BDC} - (no file)
BHO-{EAB2F644-184B-434B-AC2A-6585EDCFE205} - (no file)
BHO-{EE109A36-E64C-46FF-8333-7101A0E3883C} - (no file)
HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
Notify-tuvTmKAQ - tuvTmKAQ.dll
MSConfigStartUp-374818be - c:\windows\system32\fpophaia.dll
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-HotbarOE - c:\program files\Hotbar\bin\10.0.362.0\OEAddOn.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\10.0.362.0\HotbarSA.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-MDNS - c:\windows\system32\service.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-NSLauncher - c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-WinButler - c:\documents and settings\Simon\Application Data\WinButler\WinButler.exe
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
TCP: {196C64F3-5ABD-4CCF-A605-DA67F5CDDB53} = 192.168.0.1
TCP: {864A2E1F-038E-4330-B9C8-5EF9672100FE} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\eor007ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Ceri\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 19:29:45
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-746137067-776561741-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4c,56,cb,3c,ea,29,95,a8,92,d3,30,ef,74,8b,57,86,29,b2,45,03,55,a8,1c,
5f,db,9a,5c,ce,0c,60,4a,bb,44,76,a8,5c,a8,cf,08,c8,eb,08,d6,ad,6d,ee,16,ca,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\GRISOFT\AVG7\AVGAMSVR.EXE
c:\program files\GRISOFT\AVG7\AVGUPSVC.EXE
c:\program files\GRISOFT\AVG7\AVGEMC.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\LXDICOMS.EXE
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\windows\system32\wscntfy.exe
c:\program files\GRISOFT\AVG7\AVGCC.EXE
c:\program files\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2009-02-26 19:32:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-26 19:32:34
Pre-Run: 4,769,153,024 bytes free
Post-Run: 32,124,403,712 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
526 --- E O F --- 2009-02-26 05:47:45
scoobyman82
2009-02-26, 21:47
DDS (Ver_09-02-01.01) - FAT32x86
Run by Simon at 19:42:41.62 on 26/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1442 [GMT 0:00]
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon\Desktop\HiJackthis\dds.com
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uURLSearchHooks: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {2F85D76C-0569-466F-A488-493E6BD0E955} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [VGAUtil] c:\program files\gigabyte\vga utility manager\G-VGA.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Acronis*True*Image Monitor] "c:\program files\acronis\trueimage\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://ceriduroe.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {196C64F3-5ABD-4CCF-A605-DA67F5CDDB53} = 192.168.0.1
TCP: {864A2E1F-038E-4330-B9C8-5EF9672100FE} = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\eor007ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\ceri\application data\videoegg\loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-2-19 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2008-2-19 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2008-2-19 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2008-2-19 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-2-19 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-2-19 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2008-2-19 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2008-2-19 4960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-18 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2008-2-26 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2007-7-28 17962]
R4 atidgllk;atidgllk;c:\program files\gigabyte\vga utility manager\atidgllk.sys [2007-7-28 12048]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-8-28 99248]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S4 iteraid;iteraid;c:\windows\system32\drivers\iteraid.sys [1980-1-1 16459]
S4 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1980-1-1 75904]
=============== Created Last 30 ================
2009-02-26 19:24 <DIR> a-dshr-- C:\cmdcons
2009-02-26 19:23 161,792 a------- c:\windows\SWREG.exe
2009-02-26 19:23 98,816 a------- c:\windows\sed.exe
2009-02-26 19:23 <DIR> --d----- C:\ComboFix
2009-02-21 10:08 <DIR> --d-h--- c:\windows\PIF
2009-02-21 01:50 <DIR> --d----- c:\docume~1\simon\applic~1\Windows Live Writer
2009-02-20 21:04 <DIR> --d----- c:\program files\Trend Micro
2009-02-18 10:43 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-15 06:49 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-09 20:08 <DIR> --d----- c:\documents and settings\simon\Tracing
2009-02-09 20:04 <DIR> --d----- c:\program files\Microsoft
2009-02-09 20:03 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-09 19:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-07 11:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-07 11:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-07 11:29 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
==================== Find3M ====================
2009-02-26 19:29 5,112 a------- c:\windows\GPCIDrv.sys
2009-02-26 19:29 17,962 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-02-26 19:28 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-26 19:28 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-01-23 10:48 2,117,632 a------- c:\windows\system32\python25.dll
2009-01-23 10:48 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-01-23 10:48 114,688 a------- c:\windows\system32\pywintypes25.dll
2009-01-22 18:05 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 18:05 202,000 a------- c:\windows\system32\PnkBstrB.exe
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-27 10:28 22,328 a------- c:\docume~1\simon\applic~1\PnkBstrK.sys
2008-12-27 10:28 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-27 10:28 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-19 09:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-09 09:58 410,984 a------- c:\windows\system32\deploytk.dll
2007-10-28 18:41 85,304 a------- c:\docume~1\simon\applic~1\GDIPFONTCACHEV1.DAT
2001-06-15 12:30 471,098 -------- c:\documents and settings\simon\UNINSTAL.EXE
2001-06-14 13:25 1,040,384 -------- c:\documents and settings\simon\SETUPENU.DLL
2001-06-14 11:44 135,989 -------- c:\documents and settings\simon\fences.zip
2001-06-12 11:02 3,635,656 -------- c:\documents and settings\simon\scenario.zip
2001-06-12 11:02 7,337 -------- c:\documents and settings\simon\research.zip
2001-06-12 11:02 24,146 -------- c:\documents and settings\simon\items.zip
2001-06-12 11:02 2,514 -------- c:\documents and settings\simon\ai.zip
2001-06-12 11:02 6,397,370 -------- c:\documents and settings\simon\ui.zip
2001-06-12 11:01 905,097 -------- c:\documents and settings\simon\terrain.zip
2001-06-12 11:01 687,504 -------- c:\documents and settings\simon\staff.zip
2001-06-12 11:01 2,983,796 -------- c:\documents and settings\simon\scenery.zip
2001-06-12 11:01 8,954,880 -------- c:\documents and settings\simon\objects.zip
2001-06-12 11:01 357,129 -------- c:\documents and settings\simon\guests.zip
2001-06-12 11:01 9,116,930 -------- c:\documents and settings\simon\animals2.zip
2001-06-12 11:01 6,564 -------- c:\documents and settings\simon\config.zip
2001-06-12 11:01 5,884 -------- c:\documents and settings\simon\paths.zip
2001-06-12 10:51 2,826,275 -------- c:\documents and settings\simon\zoo.exe
2001-06-12 10:20 466,997 -------- c:\documents and settings\simon\lang0.dll
2001-06-12 08:55 86,362,105 -------- c:\documents and settings\simon\animals.zip
2001-06-11 03:21 14,240,209 -------- c:\documents and settings\simon\global.zip
2001-06-07 13:38 118,784 -------- c:\documents and settings\simon\res0.dll
2001-06-05 15:06 45,056 -------- c:\documents and settings\simon\ImeUiRes.dll
2001-06-05 14:24 45,056 -------- c:\documents and settings\simon\ImeUiResJpn.dll
2001-06-05 14:24 45,056 -------- c:\documents and settings\simon\ImeUiResEnu.dll
2001-05-10 11:15 1,112,504 -------- c:\documents and settings\simon\dwdebug.exe
2001-05-10 11:15 161,184 -------- c:\documents and settings\simon\dw.exe
2001-03-28 16:10 55,809 -------- c:\documents and settings\simon\tiles.zip
2001-03-14 14:29 53,300 -------- c:\documents and settings\simon\EBUEula.dll
2001-01-03 22:29 10,043 -------- c:\documents and settings\simon\fringe.zip
============= FINISH: 19:42:58.12 ===============
Hi again,
Uninstall these old Javas:
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\Ceri\Application Data\stop bags
c:\documents and settings\All Users\Application Data\Long slow road itch
c:\program files\DNA
c:\Program Files\BitTorrent_DNA
File::
c:\documents and settings\Ceri\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\pss\LimeWire On Startup.lnkStartup
c:\documents and settings\Simon\Start Menu\Programs\Startup\LimeWire On Startup.lnk
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKLM\~\startupfolder\C:^Documents and Settings^Ceri^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"374818be"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=-
DDS::
BHO: {2F85D76C-0569-466F-A488-493E6BD0E955} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.
Post back its report, a fresh dds log and above mentioned ComboFix resultant log.
scoobyman82
2009-02-27, 18:48
ComboFix 09-02-26.02 - Simon 2009-02-27 16:42:52.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT 0:00]
Running from: c:\documents and settings\Simon\Desktop\Malware Removal\ComboFix.exe
Command switches used :: c:\documents and settings\Simon\Desktop\Malware Removal\CFScript.txt
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\documents and settings\Ceri\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\documents and settings\Simon\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\pss\LimeWire On Startup.lnkStartup
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Long slow road itch
c:\documents and settings\All Users\Application Data\Long slow road itch\delete vga.dat
c:\documents and settings\All Users\Application Data\Long slow road itch\delete vga.exe
c:\documents and settings\Ceri\Application Data\stop bags
c:\documents and settings\Ceri\Application Data\stop bags\Bits Part Idol.exe
c:\program files\BitTorrent_DNA
c:\program files\BitTorrent_DNA\dna.exe
c:\program files\BitTorrent_DNA\npbtdna.dll
c:\windows\pss\LimeWire On Startup.lnkStartup
.
((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.
2009-02-27 01:52 . 2009-02-27 01:52 <DIR> d-------- c:\documents and settings\Simon\Application Data\Samsung
2009-02-27 01:50 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-02-27 01:50 . 2008-02-22 15:33 114,304 --a------ c:\windows\system32\drivers\sscdmdm.sys
2009-02-27 01:50 . 2008-02-22 15:33 87,936 --a------ c:\windows\system32\drivers\sscdbus.sys
2009-02-27 01:50 . 2008-02-22 15:33 14,976 --a------ c:\windows\system32\drivers\sscdmdfl.sys
2009-02-27 01:50 . 2008-02-22 15:33 12,160 --a------ c:\windows\system32\drivers\sscdwhnt.sys
2009-02-27 01:50 . 2008-02-22 15:33 12,160 --a------ c:\windows\system32\drivers\sscdwh.sys
2009-02-27 01:50 . 2008-02-22 15:33 12,160 --a------ c:\windows\system32\drivers\sscdcmnt.sys
2009-02-27 01:50 . 2008-02-22 15:33 12,160 --a------ c:\windows\system32\drivers\sscdcm.sys
2009-02-27 01:49 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-02-27 01:25 . 2009-02-27 01:25 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-02-27 01:25 . 2009-02-27 01:25 <DIR> d-------- c:\program files\Samsung
2009-02-27 01:25 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-02-27 01:20 . 2009-02-27 01:20 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-26 20:24 . 2009-02-26 20:24 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-21 10:08 . 2009-02-21 10:08 <DIR> d--h----- c:\windows\PIF
2009-02-21 01:50 . 2009-02-21 01:51 <DIR> d-------- c:\documents and settings\Simon\Application Data\Windows Live Writer
2009-02-20 21:04 . 2009-02-20 21:04 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 10:43 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-15 06:49 . 2009-02-15 06:49 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-09 20:08 . 2009-02-09 20:08 <DIR> d-------- c:\documents and settings\Simon\Tracing
2009-02-09 20:06 . 2009-02-09 20:06 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-09 20:05 . 2009-02-09 20:05 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-09 20:04 . 2009-02-09 20:04 <DIR> d-------- c:\program files\Microsoft
2009-02-09 20:03 . 2009-02-09 20:04 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-09 19:56 . 2009-02-09 19:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-07 11:40 . 2009-02-07 11:30 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-07 11:30 . 2009-02-07 11:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-07 11:29 . 2009-02-07 11:30 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-03 16:35 . 2009-02-03 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-02-03 15:08 . 2009-02-03 15:09 <DIR> d-------- c:\program files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 09:55 5,112 ----a-w c:\windows\GPCIDrv.sys
2009-02-27 09:54 17,962 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2009-02-27 09:51 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-27 09:51 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-01-24 09:53 --------- d-----w c:\program files\Lavasoft
2009-01-23 10:48 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2009-01-23 10:48 2,117,632 ----a-w c:\windows\system32\python25.dll
2009-01-23 10:48 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2009-01-22 18:05 202,000 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-22 18:05 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-21 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\aHisoft
2009-01-21 09:35 --------- d-----w c:\program files\YouTube Downloader
2009-01-21 09:19 --------- d-----w c:\program files\Peer2Peer-EN
2009-01-21 09:19 --------- d-----w c:\program files\Conduit
2009-01-20 14:54 --------- d-----w c:\program files\VisualTool
2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-04 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-27 10:28 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-12-27 10:28 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-27 10:28 22,328 ----a-w c:\documents and settings\Simon\Application Data\PnkBstrK.sys
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-09 09:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2007-10-28 18:41 85,304 ----a-w c:\documents and settings\Simon\Application Data\GDIPFONTCACHEV1.DAT
2001-06-15 12:30 471,098 ------w c:\documents and settings\Simon\UNINSTAL.EXE
2001-06-14 13:25 1,040,384 ------w c:\documents and settings\Simon\SETUPENU.DLL
2001-06-14 11:44 135,989 ------w c:\documents and settings\Simon\fences.zip
2001-06-12 11:02 7,337 ------w c:\documents and settings\Simon\research.zip
2001-06-12 11:02 6,397,370 ------w c:\documents and settings\Simon\ui.zip
2001-06-12 11:02 3,635,656 ------w c:\documents and settings\Simon\scenario.zip
2001-06-12 11:02 24,146 ------w c:\documents and settings\Simon\items.zip
2001-06-12 11:02 2,514 ------w c:\documents and settings\Simon\ai.zip
2001-06-12 11:01 905,097 ------w c:\documents and settings\Simon\terrain.zip
2001-06-12 11:01 9,116,930 ------w c:\documents and settings\Simon\animals2.zip
2001-06-12 11:01 8,954,880 ------w c:\documents and settings\Simon\objects.zip
2001-06-12 11:01 687,504 ------w c:\documents and settings\Simon\staff.zip
2001-06-12 11:01 6,564 ------w c:\documents and settings\Simon\config.zip
2001-06-12 11:01 5,884 ------w c:\documents and settings\Simon\paths.zip
2001-06-12 11:01 357,129 ------w c:\documents and settings\Simon\guests.zip
2001-06-12 11:01 2,983,796 ------w c:\documents and settings\Simon\scenery.zip
2001-06-12 10:51 2,826,275 ------w c:\documents and settings\Simon\zoo.exe
2001-06-12 10:20 466,997 ------w c:\documents and settings\Simon\lang0.dll
2001-06-12 08:55 86,362,105 ------w c:\documents and settings\Simon\animals.zip
2001-06-11 03:21 14,240,209 ------w c:\documents and settings\Simon\global.zip
2001-06-07 13:38 118,784 ------w c:\documents and settings\Simon\res0.dll
2001-06-05 15:06 45,056 ------w c:\documents and settings\Simon\ImeUiRes.dll
2001-06-05 14:24 45,056 ------w c:\documents and settings\Simon\ImeUiResJpn.dll
2001-06-05 14:24 45,056 ------w c:\documents and settings\Simon\ImeUiResEnu.dll
2001-05-10 11:15 161,184 ------w c:\documents and settings\Simon\dw.exe
2001-05-10 11:15 1,112,504 ------w c:\documents and settings\Simon\dwdebug.exe
2001-03-28 16:10 55,809 ------w c:\documents and settings\Simon\tiles.zip
2001-03-14 14:29 53,300 ------w c:\documents and settings\Simon\EBUEula.dll
2001-01-03 22:29 10,043 ------w c:\documents and settings\Simon\fringe.zip
1997-12-19 13:12 832,000 ------r c:\documents and settings\Ceri\Ip.exe
1997-11-12 01:10 150,016 ------r c:\documents and settings\Ceri\automenu.exe
1997-01-29 15:10 26,112 ------r c:\documents and settings\Ceri\SETUP.EXE
1997-01-29 14:35 26,624 ------r c:\documents and settings\Ceri\AUTOSET.EXE
1994-05-31 22:00 265,396 ------r c:\documents and settings\Ceri\DOS4GW.EXE
.
((((((((((((((((((((((((((((( SnapShot@2009-02-26_19.31.36.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-14 18:39:16 30,208 ----a-w c:\windows\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\i386\SHPACM.sys
+ 2008-01-14 18:39:16 6,656 ----a-w c:\windows\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\i386\SHPACMFilter.sys
+ 2008-01-14 18:39:16 25,600 ----a-w c:\windows\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\i386\SHPUSB.sys
- 2009-02-19 09:56:40 58,666 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-27 01:27:34 58,666 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-19 09:56:40 392,694 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-27 01:27:34 392,694 ----a-w c:\windows\system32\perfh009.dat
+ 2007-05-02 11:11:16 83,592 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_bus.sys
+ 2007-05-02 11:11:16 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys
+ 2007-05-02 11:11:18 15,112 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys
+ 2007-05-02 11:11:18 109,704 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_mdm.sys
+ 2007-05-02 11:11:18 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\i386\ss_whnt.sys
+ 2007-05-02 11:11:12 72,968 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2007-05-02 11:12:34 83,592 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_bus.sys
+ 2007-05-02 11:12:34 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys
+ 2007-05-02 11:12:36 15,112 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys
+ 2007-05-02 11:12:36 109,704 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys
+ 2007-05-02 11:12:36 12,424 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys
+ 2007-05-02 11:12:28 72,968 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2008-02-22 15:33:00 87,936 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdbus.sys
+ 2008-02-22 15:33:00 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
+ 2008-02-22 15:33:02 14,976 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
+ 2008-02-22 15:33:02 114,304 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
+ 2008-02-22 15:33:02 94,336 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdserd.sys
+ 2008-02-22 15:33:02 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
+ 2008-02-22 15:32:58 73,728 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2007-07-05 12:37:34 83,456 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdbus.sys
+ 2007-07-05 12:37:34 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys
+ 2007-07-05 12:37:34 14,848 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys
+ 2007-07-05 12:37:34 109,696 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmdm.sys
+ 2007-07-05 12:37:34 103,808 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys
+ 2007-07-05 12:37:36 99,712 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdobex.sys
+ 2007-07-05 12:37:36 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys
+ 2007-07-19 09:44:10 70,904 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2007-07-05 12:38:14 83,328 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\i386\ssbcbus.sys
+ 2007-07-05 12:38:16 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\i386\ssbccmnt.sys
+ 2007-07-05 12:38:16 14,848 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\i386\ssbcmdfl.sys
+ 2007-07-05 12:38:16 109,696 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\i386\ssbcmdm.sys
+ 2007-07-05 12:38:16 12,160 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\i386\ssbcwhnt.sys
+ 2007-07-05 12:38:12 73,728 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
+ 2009-02-27 09:52:10 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_72c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2009-02-11 21:31 1881112 --a------ c:\program files\Peer2Peer-EN\tbPee1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2007-10-09 544768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-19 590848]
"Acronis*True*Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-07-29 419408]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-07-29 69632]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-19 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=c:\documents and settings\Simon\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2006-11-17 02:05 1953792 c:\windows\system32\JMRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-07-29 15:17 69632 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis*True*Image Monitor]
--a------ 2007-07-29 15:17 419408 c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-02-07 11:30 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-10-19 13:05 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2007-05-07 19:10 312240 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-31 05:44 36864 c:\windows\JM\JMInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-03-05 13:40 20480 c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-05-07 19:07 435120 c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 21:35 1961984 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
--a------ 2006-01-25 11:52 145136 c:\program files\Nova Development\Greeting Card Factory Express\ReminderApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-05 20:25 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil]
--a------ 2007-10-09 09:35 544768 c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-11-14 10:21 16270848 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\lxdipswx.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\LXDItime.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdijswx.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-07 64160]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-18 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2008-02-26 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2007-07-28 17962]
R4 atidgllk;atidgllk;c:\program files\GigaByte\VGA Utility Manager\atidgllk.sys [2007-07-28 12048]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-08-28 99248]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S4 iteraid;iteraid;c:\windows\system32\drivers\iteraid.sys [1980-01-01 16459]
S4 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1980-01-01 75904]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - STAROPEN
.
Contents of the 'Scheduled Tasks' folder
2009-02-26 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []
2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-07 11:30]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
TCP: {196C64F3-5ABD-4CCF-A605-DA67F5CDDB53} = 192.168.0.1
TCP: {864A2E1F-038E-4330-B9C8-5EF9672100FE} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\eor007ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Ceri\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 16:44:32
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-746137067-776561741-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4c,56,cb,3c,ea,29,95,a8,92,d3,30,ef,74,8b,57,86,29,b2,45,03,55,a8,1c,
5f,db,9a,5c,ce,0c,60,4a,bb,44,76,a8,5c,a8,cf,08,c8,eb,08,d6,ad,6d,ee,16,ca,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-27 16:45:41
ComboFix-quarantined-files.txt 2009-02-27 16:45:40
ComboFix2.txt 2009-02-26 19:32:38
Pre-Run: 31,330,304,000 bytes free
Post-Run: 31,320,637,440 bytes free
377 --- E O F --- 2009-02-27 04:26:26
scoobyman82
2009-02-27, 20:59
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 27, 2009 16:40:12
Records in database: 1852888
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 127376
Threat name: 22
Infected objects: 43
Suspicious objects: 1
Duration of the scan: 01:37:51
File name / Threat name / Threats count
C:\WINDOWS\system32\xvtliaek.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ctq 1
C:\WINDOWS\system32\hugksk.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ctq 1
C:\WINDOWS\system32\yuhmsqou.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.dmq 1
C:\WINDOWS\system32\siznqi.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.dmq 1
C:\WINDOWS\system32\jxkmgwkj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ctq 1
C:\WINDOWS\system32\nsmytl.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ctq 1
C:\WINDOWS\system32\auaqtcpe.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.dgy 1
C:\WINDOWS\system32\beylzr.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.dgy 1
C:\WINDOWS\system32\hepiaarx.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ctr 1
C:\WINDOWS\system32\dfxhyh.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ctr 1
C:\WINDOWS\system32\difoomfd.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ctr 1
C:\WINDOWS\system32\qutfmb.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ctr 1
C:\Documents and Settings\Ceri\My Documents\LimeWire\Saved\catz 4.zip Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Documents and Settings\Ceri\My Documents\LimeWire\Saved\Atomic Kitten - Bliss.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\Connie Talbot - Three Little Birds.wma Infected: Trojan-Downloader.WMA.GetCodec.b 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\help for heroes x factor - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\leona lewis - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\alexandra burke silent night.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\somtimes eoghan quigg.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\bill funny money.mpg Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\Diana Vickers - Hallelujah.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\im not girl diana vickers.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\diana vickers - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\lets do this- hannah montanna.mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\everybody hurts rem.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\ContextAdvisor\ContextAdvisor-1.dll Infected: not-a-virus:AdWare.Win32.Agent.ahl 1
C:\Program Files\VisualTool\VisualTool-1.dll Infected: not-a-virus:AdWare.Win32.Agent.edp 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP440\A0231866.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP440\A0231867.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP407\A0221096.vbs Infected: Trojan-Downloader.JS.Psyme.amv 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP407\A0221188.exe Infected: Trojan.Win32.Obfuscated.abcn 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP414\A0222794.vbs Infected: Trojan-Downloader.JS.Psyme.amv 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP414\A0222835.vbs Suspicious: Trojan-Downloader.JS.gen 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP414\A0227118.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ep 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP430\A0230694.exe Infected: Trojan.Win32.Obfuscated.xze 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP430\A0230697.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP430\A0230698.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP430\A0230699.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP430\A0230700.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP430\A0230704.exe Infected: Trojan-Downloader.Win32.Injecter.cgv 1
C:\System Volume Information\_restore{F7E29129-309F-4F05-BD53-E35482F25877}\RP431\A0230759.dll Infected: not-a-virus:AdWare.Win32.Agent.vm 1
C:\Qoobox\Quarantine\C\Program Files\ContextTool\ContextTool-3.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.vm 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Long slow road itch\delete vga.exe.vir Infected: Trojan.Win32.Obfuscated.gen 1
C:\Qoobox\Quarantine\C\Documents and Settings\Ceri\Application Data\stop bags\Bits Part Idol.exe.vir Infected: Trojan.Win32.Obfuscated.gen 1
The selected area was scanned.
scoobyman82
2009-02-27, 21:01
DDS (Ver_09-02-01.01) - FAT32x86
Run by Simon at 19:00:06.48 on 27/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1178 [GMT 0:00]
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Simon\Desktop\Malware Removal\dds.com
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uURLSearchHooks: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: {0D28E24F-C290-4ABF-854A-ABFE3A089971} - No File
BHO: {0D39A900-0F3A-4C29-A254-3E65244FDC34} - No File
BHO: {0EBFF9BC-7BC3-41B6-BCC3-4780D520D505} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: {18295F5F-96C0-4384-897B-F0D807D6C54E} - No File
BHO: {24EB94EF-9DC6-43B4-B9E5-0697857B03A9} - No File
BHO: {2F85D76C-0569-466F-A488-493E6BD0E955} - No File
BHO: {33742D2D-A16D-44DE-A9EF-958A67101A3D} - No File
BHO: {493D5FF6-DAAB-4BD2-8576-2B494C71CDC4} - No File
BHO: {4E99E002-AF40-49E0-BEAE-8BDEF5336A98} - No File
BHO: {5117990B-D54C-420B-800B-D72D12CC0E74} - No File
BHO: {51617804-3EC1-4176-B427-7BB326716A90} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {5EDA2C21-AC9F-4C04-8A0D-3CE4D21A1CED} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7D94D171-0DAA-4D1B-9C58-57565B2DA2FD} - No File
BHO: {809EC91B-B593-441D-A6E4-818408A30687} - No File
BHO: {87E68009-29A8-D669-F7C2-B31D08635C50} - No File
BHO: {8BC03CA2-60EA-4C3D-8C2E-684DD8DD8693} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9362BBBD-AF19-4CCE-A232-483026607CF6} - No File
BHO: {9B263D9B-AD49-4D81-8DEA-3CE688268561} - No File
BHO: {9F39E08C-6C97-4F0F-B217-9FA36557D24A} - No File
BHO: {a3e27598-f158-4fb2-b27c-9f53019222ec} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: {AA64C339-0F29-4CC6-97B1-7941C83D0613} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: {C40270B4-B569-42F9-ADEB-13307B8B5F9C} - No File
BHO: {C56B06D5-C8B5-4198-86C6-F61DE0580EC6} - No File
BHO: {C8DB8914-5CC1-4707-BCB7-E62E8803B344} - No File
BHO: {C8F091F9-F183-4978-B1BC-62AAC2C0480B} - No File
BHO: {CC979789-4B0F-4AB4-9185-347CB43C0BDC} - No File
BHO: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EAB2F644-184B-434B-AC2A-6585EDCFE205} - No File
BHO: {EE109A36-E64C-46FF-8333-7101A0E3883C} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [VGAUtil] c:\program files\gigabyte\vga utility manager\G-VGA.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Acronis*True*Image Monitor] "c:\program files\acronis\trueimage\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ROAD ITCH AMOK PING] c:\documents and settings\all users\application data\long slow road itch\Bleh option.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://ceriduroe.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {196C64F3-5ABD-4CCF-A605-DA67F5CDDB53} = 192.168.0.1
TCP: {864A2E1F-038E-4330-B9C8-5EF9672100FE} = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\eor007ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\ceri\application data\videoegg\loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-2-19 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2008-2-19 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2008-2-19 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2008-2-19 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-2-19 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-2-19 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2008-2-19 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2008-2-19 4960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-18 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2008-2-26 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2007-7-28 17962]
R4 atidgllk;atidgllk;c:\program files\gigabyte\vga utility manager\atidgllk.sys [2007-7-28 12048]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-8-28 99248]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S4 iteraid;iteraid;c:\windows\system32\drivers\iteraid.sys [1980-1-1 16459]
S4 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1980-1-1 75904]
=============== Created Last 30 ================
2009-02-27 16:41 <DIR> --d----- C:\ComboFix
2009-02-27 01:52 <DIR> --d----- c:\docume~1\simon\applic~1\Samsung
2009-02-27 01:50 174,592 a------- c:\windows\system32\framedyn.dll
2009-02-27 01:50 114,304 a------- c:\windows\system32\drivers\sscdmdm.sys
2009-02-27 01:50 14,976 a------- c:\windows\system32\drivers\sscdmdfl.sys
2009-02-27 01:50 12,160 a------- c:\windows\system32\drivers\sscdcmnt.sys
2009-02-27 01:50 12,160 a------- c:\windows\system32\drivers\sscdcm.sys
2009-02-27 01:50 87,936 a------- c:\windows\system32\drivers\sscdbus.sys
2009-02-27 01:50 12,160 a------- c:\windows\system32\drivers\sscdwhnt.sys
2009-02-27 01:50 12,160 a------- c:\windows\system32\drivers\sscdwh.sys
2009-02-27 01:49 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-02-27 01:25 766 a------- c:\windows\system32\Uninstall.ico
2009-02-27 01:25 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-02-27 01:25 <DIR> --d----- c:\program files\Samsung
2009-02-26 20:24 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-02-26 19:24 <DIR> a-dshr-- C:\cmdcons
2009-02-26 19:23 161,792 a------- c:\windows\SWREG.exe
2009-02-26 19:23 98,816 a------- c:\windows\sed.exe
2009-02-21 10:08 <DIR> --d-h--- c:\windows\PIF
2009-02-21 01:50 <DIR> --d----- c:\docume~1\simon\applic~1\Windows Live Writer
2009-02-20 21:04 <DIR> --d----- c:\program files\Trend Micro
2009-02-18 10:43 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-15 06:49 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-09 20:08 <DIR> --d----- c:\documents and settings\simon\Tracing
2009-02-09 20:04 <DIR> --d----- c:\program files\Microsoft
2009-02-09 20:03 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-09 19:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-07 11:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-07 11:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-07 11:29 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
==================== Find3M ====================
2009-02-27 09:55 5,112 a------- c:\windows\GPCIDrv.sys
2009-02-27 09:54 17,962 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-02-27 09:51 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-27 09:51 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-01-23 10:48 2,117,632 a------- c:\windows\system32\python25.dll
2009-01-23 10:48 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-01-23 10:48 114,688 a------- c:\windows\system32\pywintypes25.dll
2009-01-22 18:05 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 18:05 202,000 a------- c:\windows\system32\PnkBstrB.exe
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-27 10:28 22,328 a------- c:\docume~1\simon\applic~1\PnkBstrK.sys
2008-12-27 10:28 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-27 10:28 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-19 09:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-09 09:58 410,984 a------- c:\windows\system32\deploytk.dll
2007-10-28 18:41 85,304 a------- c:\docume~1\simon\applic~1\GDIPFONTCACHEV1.DAT
2001-06-15 12:30 471,098 -------- c:\documents and settings\simon\UNINSTAL.EXE
2001-06-14 13:25 1,040,384 -------- c:\documents and settings\simon\SETUPENU.DLL
2001-06-14 11:44 135,989 -------- c:\documents and settings\simon\fences.zip
2001-06-12 11:02 3,635,656 -------- c:\documents and settings\simon\scenario.zip
2001-06-12 11:02 7,337 -------- c:\documents and settings\simon\research.zip
2001-06-12 11:02 24,146 -------- c:\documents and settings\simon\items.zip
2001-06-12 11:02 2,514 -------- c:\documents and settings\simon\ai.zip
2001-06-12 11:02 6,397,370 -------- c:\documents and settings\simon\ui.zip
2001-06-12 11:01 905,097 -------- c:\documents and settings\simon\terrain.zip
2001-06-12 11:01 687,504 -------- c:\documents and settings\simon\staff.zip
2001-06-12 11:01 2,983,796 -------- c:\documents and settings\simon\scenery.zip
2001-06-12 11:01 8,954,880 -------- c:\documents and settings\simon\objects.zip
2001-06-12 11:01 357,129 -------- c:\documents and settings\simon\guests.zip
2001-06-12 11:01 9,116,930 -------- c:\documents and settings\simon\animals2.zip
2001-06-12 11:01 6,564 -------- c:\documents and settings\simon\config.zip
2001-06-12 11:01 5,884 -------- c:\documents and settings\simon\paths.zip
2001-06-12 10:51 2,826,275 -------- c:\documents and settings\simon\zoo.exe
2001-06-12 10:20 466,997 -------- c:\documents and settings\simon\lang0.dll
2001-06-12 08:55 86,362,105 -------- c:\documents and settings\simon\animals.zip
2001-06-11 03:21 14,240,209 -------- c:\documents and settings\simon\global.zip
2001-06-07 13:38 118,784 -------- c:\documents and settings\simon\res0.dll
2001-06-05 15:06 45,056 -------- c:\documents and settings\simon\ImeUiRes.dll
2001-06-05 14:24 45,056 -------- c:\documents and settings\simon\ImeUiResJpn.dll
2001-06-05 14:24 45,056 -------- c:\documents and settings\simon\ImeUiResEnu.dll
2001-05-10 11:15 1,112,504 -------- c:\documents and settings\simon\dwdebug.exe
2001-05-10 11:15 161,184 -------- c:\documents and settings\simon\dw.exe
2001-03-28 16:10 55,809 -------- c:\documents and settings\simon\tiles.zip
2001-03-14 14:29 53,300 -------- c:\documents and settings\simon\EBUEula.dll
2001-01-03 22:29 10,043 -------- c:\documents and settings\simon\fringe.zip
============= FINISH: 19:00:38.92 ===============
Hi
Seems that you enabled TeaTimer bringing back all registry entries we had fixed. Since there's not TeaTimer "resetter" available at the moment please uninstall Spybot for now. You may reinstall it after we've finished the cleaning process :)
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\xvtliaek.dll
C:\WINDOWS\system32\hugksk.dll
C:\WINDOWS\system32\yuhmsqou.dll
C:\WINDOWS\system32\siznqi.dll
C:\WINDOWS\system32\jxkmgwkj.dll
C:\WINDOWS\system32\nsmytl.dll
C:\WINDOWS\system32\auaqtcpe.dll
C:\WINDOWS\system32\beylzr.dll
C:\WINDOWS\system32\hepiaarx.dll
C:\WINDOWS\system32\dfxhyh.dll
C:\WINDOWS\system32\difoomfd.dll
C:\WINDOWS\system32\qutfmb.dll
C:\Documents and Settings\Ceri\My Documents\LimeWire\Saved\catz 4.zip
C:\Documents and Settings\Ceri\My Documents\LimeWire\Saved\Atomic Kitten - Bliss.wma
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\Connie Talbot - Three Little Birds.wma
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\help for heroes x factor - greatest hits.wma
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\leona lewis - greatest hits.wma
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\alexandra burke silent night.mp3
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\somtimes eoghan quigg.mp3
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\bill funny money.mpg
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\Diana Vickers - Hallelujah.mp3
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\im not girl diana vickers.mp3
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\diana vickers - greatest hits.wma
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\lets do this- hannah montanna.mp3
C:\Documents and Settings\Simon\My Documents\LimeWire\Saved\everybody hurts rem.mp3
C:\Program Files\ContextAdvisor\ContextAdvisor-1.dll
C:\Program Files\VisualTool\VisualTool-1.dll
DDS::
BHO: {0D28E24F-C290-4ABF-854A-ABFE3A089971} - No File
BHO: {0D39A900-0F3A-4C29-A254-3E65244FDC34} - No File
BHO: {0EBFF9BC-7BC3-41B6-BCC3-4780D520D505} - No File
BHO: {18295F5F-96C0-4384-897B-F0D807D6C54E} - No File
BHO: {24EB94EF-9DC6-43B4-B9E5-0697857B03A9} - No File
BHO: {2F85D76C-0569-466F-A488-493E6BD0E955} - No File
BHO: {33742D2D-A16D-44DE-A9EF-958A67101A3D} - No File
BHO: {493D5FF6-DAAB-4BD2-8576-2B494C71CDC4} - No File
BHO: {4E99E002-AF40-49E0-BEAE-8BDEF5336A98} - No File
BHO: {5117990B-D54C-420B-800B-D72D12CC0E74} - No File
BHO: {51617804-3EC1-4176-B427-7BB326716A90} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {5EDA2C21-AC9F-4C04-8A0D-3CE4D21A1CED} - No File
BHO: {7D94D171-0DAA-4D1B-9C58-57565B2DA2FD} - No File
BHO: {809EC91B-B593-441D-A6E4-818408A30687} - No File
BHO: {87E68009-29A8-D669-F7C2-B31D08635C50} - No File
BHO: {8BC03CA2-60EA-4C3D-8C2E-684DD8DD8693} - No File
BHO: {9362BBBD-AF19-4CCE-A232-483026607CF6} - No File
BHO: {9B263D9B-AD49-4D81-8DEA-3CE688268561} - No File
BHO: {9F39E08C-6C97-4F0F-B217-9FA36557D24A} - No File
BHO: {a3e27598-f158-4fb2-b27c-9f53019222ec} - No File
BHO: {AA64C339-0F29-4CC6-97B1-7941C83D0613} - No File
BHO: {C40270B4-B569-42F9-ADEB-13307B8B5F9C} - No File
BHO: {C56B06D5-C8B5-4198-86C6-F61DE0580EC6} - No File
BHO: {C8DB8914-5CC1-4707-BCB7-E62E8803B344} - No File
BHO: {C8F091F9-F183-4978-B1BC-62AAC2C0480B} - No File
BHO: {CC979789-4B0F-4AB4-9185-347CB43C0BDC} - No File
BHO: {EAB2F644-184B-434B-AC2A-6585EDCFE205} - No File
BHO: {EE109A36-E64C-46FF-8333-7101A0E3883C} - No File
mRun: [ROAD ITCH AMOK PING] c:\documents and settings\all users\application data\long slow road itch\Bleh option.exe
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt. How's the system running?
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
scoobyman82
2009-02-28, 12:04
Hi there. System is running great. Also freed up about 20GB of space on my hard drive.
Sorry about the teatimer, it even asked me about the changes and i thought i told it to allow them.:oops:
ComboFix 09-02-27.01 - Simon 2009-02-28 9:51:40.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1548 [GMT 0:00]
Running from: c:\documents and settings\Simon\Desktop\Malware Removal\ComboFix.exe
Command switches used :: c:\documents and settings\Simon\Desktop\Malware Removal\CFScript.txt
AV: AVG 7.5.557 *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\documents and settings\Ceri\My Documents\LimeWire\Saved\Atomic Kitten - Bliss.wma
c:\documents and settings\Ceri\My Documents\LimeWire\Saved\catz 4.zip
c:\documents and settings\Simon\My Documents\LimeWire\Saved\alexandra burke silent night.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\bill funny money.mpg
c:\documents and settings\Simon\My Documents\LimeWire\Saved\Connie Talbot - Three Little Birds.wma
c:\documents and settings\Simon\My Documents\LimeWire\Saved\diana vickers - greatest hits.wma
c:\documents and settings\Simon\My Documents\LimeWire\Saved\Diana Vickers - Hallelujah.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\everybody hurts rem.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\help for heroes x factor - greatest hits.wma
c:\documents and settings\Simon\My Documents\LimeWire\Saved\im not girl diana vickers.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\leona lewis - greatest hits.wma
c:\documents and settings\Simon\My Documents\LimeWire\Saved\lets do this- hannah montanna.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\somtimes eoghan quigg.mp3
c:\program files\ContextAdvisor\ContextAdvisor-1.dll
c:\program files\VisualTool\VisualTool-1.dll
c:\windows\system32\auaqtcpe.dll
c:\windows\system32\beylzr.dll
c:\windows\system32\dfxhyh.dll
c:\windows\system32\difoomfd.dll
c:\windows\system32\hepiaarx.dll
c:\windows\system32\hugksk.dll
c:\windows\system32\jxkmgwkj.dll
c:\windows\system32\nsmytl.dll
c:\windows\system32\qutfmb.dll
c:\windows\system32\siznqi.dll
c:\windows\system32\xvtliaek.dll
c:\windows\system32\yuhmsqou.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ceri\My Documents\LimeWire\Saved\Atomic Kitten - Bliss.wma
c:\documents and settings\Ceri\My Documents\LimeWire\Saved\catz 4.zip
c:\documents and settings\Simon\My Documents\LimeWire\Saved\alexandra burke silent night.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\bill funny money.mpg
c:\documents and settings\Simon\My Documents\LimeWire\Saved\Connie Talbot - Three Little Birds.wma
c:\documents and settings\Simon\My Documents\LimeWire\Saved\diana vickers - greatest hits.wma
c:\documents and settings\Simon\My Documents\LimeWire\Saved\Diana Vickers - Hallelujah.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\everybody hurts rem.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\help for heroes x factor - greatest hits.wma
c:\documents and settings\Simon\My Documents\LimeWire\Saved\im not girl diana vickers.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\leona lewis - greatest hits.wma
c:\documents and settings\Simon\My Documents\LimeWire\Saved\lets do this- hannah montanna.mp3
c:\documents and settings\Simon\My Documents\LimeWire\Saved\somtimes eoghan quigg.mp3
c:\program files\ContextAdvisor\ContextAdvisor-1.dll
c:\program files\VisualTool\VisualTool-1.dll
c:\windows\system32\auaqtcpe.dll
c:\windows\system32\beylzr.dll
c:\windows\system32\dfxhyh.dll
c:\windows\system32\difoomfd.dll
c:\windows\system32\hepiaarx.dll
c:\windows\system32\hugksk.dll
c:\windows\system32\jxkmgwkj.dll
c:\windows\system32\nsmytl.dll
c:\windows\system32\qutfmb.dll
c:\windows\system32\siznqi.dll
c:\windows\system32\xvtliaek.dll
c:\windows\system32\yuhmsqou.dll
.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.
2009-02-27 01:52 . 2009-02-27 01:52 <DIR> d-------- c:\documents and settings\Simon\Application Data\Samsung
2009-02-27 01:50 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-02-27 01:50 . 2008-02-22 15:33 114,304 --a------ c:\windows\system32\drivers\sscdmdm.sys
2009-02-27 01:50 . 2008-02-22 15:33 87,936 --a------ c:\windows\system32\drivers\sscdbus.sys
2009-02-27 01:50 . 2008-02-22 15:33 14,976 --a------ c:\windows\system32\drivers\sscdmdfl.sys
2009-02-27 01:50 . 2008-02-22 15:33 12,160 --a------ c:\windows\system32\drivers\sscdwhnt.sys
2009-02-27 01:50 . 2008-02-22 15:33 12,160 --a------ c:\windows\system32\drivers\sscdwh.sys
2009-02-27 01:50 . 2008-02-22 15:33 12,160 --a------ c:\windows\system32\drivers\sscdcmnt.sys
2009-02-27 01:50 . 2008-02-22 15:33 12,160 --a------ c:\windows\system32\drivers\sscdcm.sys
2009-02-27 01:49 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-02-27 01:25 . 2009-02-27 01:25 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-02-27 01:25 . 2009-02-27 01:25 <DIR> d-------- c:\program files\Samsung
2009-02-27 01:25 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-02-27 01:20 . 2009-02-27 01:20 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-26 20:24 . 2009-02-26 20:24 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-21 10:08 . 2009-02-21 10:08 <DIR> d--h----- c:\windows\PIF
2009-02-21 01:50 . 2009-02-21 01:51 <DIR> d-------- c:\documents and settings\Simon\Application Data\Windows Live Writer
2009-02-20 21:04 . 2009-02-20 21:04 <DIR> d-------- c:\program files\Trend Micro
2009-02-18 10:43 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-15 06:49 . 2009-02-15 06:49 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-09 20:08 . 2009-02-09 20:08 <DIR> d-------- c:\documents and settings\Simon\Tracing
2009-02-09 20:06 . 2009-02-09 20:06 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-09 20:05 . 2009-02-09 20:05 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-09 20:04 . 2009-02-09 20:04 <DIR> d-------- c:\program files\Microsoft
2009-02-09 20:03 . 2009-02-09 20:04 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-09 19:56 . 2009-02-09 19:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-07 11:40 . 2009-02-07 11:30 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-07 11:30 . 2009-02-07 11:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-07 11:29 . 2009-02-07 11:30 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-03 16:35 . 2009-02-03 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-02-03 15:08 . 2009-02-03 15:09 <DIR> d-------- c:\program files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 09:47 5,112 ----a-w c:\windows\GPCIDrv.sys
2009-02-28 09:47 17,962 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2009-02-28 09:46 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-02-28 09:46 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-01-24 09:53 --------- d-----w c:\program files\Lavasoft
2009-01-23 10:48 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2009-01-23 10:48 2,117,632 ----a-w c:\windows\system32\python25.dll
2009-01-23 10:48 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2009-01-22 18:05 202,000 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-22 18:05 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-21 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\aHisoft
2009-01-21 09:35 --------- d-----w c:\program files\YouTube Downloader
2009-01-21 09:19 --------- d-----w c:\program files\Peer2Peer-EN
2009-01-21 09:19 --------- d-----w c:\program files\Conduit
2009-01-20 14:54 --------- d-----w c:\program files\VisualTool
2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-04 02:09 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-27 10:28 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-12-27 10:28 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-27 10:28 22,328 ----a-w c:\documents and settings\Simon\Application Data\PnkBstrK.sys
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-09 09:58 410,984 ----a-w c:\windows\system32\deploytk.dll
2007-10-28 18:41 85,304 ----a-w c:\documents and settings\Simon\Application Data\GDIPFONTCACHEV1.DAT
2001-06-15 12:30 471,098 ------w c:\documents and settings\Simon\UNINSTAL.EXE
2001-06-14 13:25 1,040,384 ------w c:\documents and settings\Simon\SETUPENU.DLL
2001-06-14 11:44 135,989 ------w c:\documents and settings\Simon\fences.zip
2001-06-12 11:02 7,337 ------w c:\documents and settings\Simon\research.zip
2001-06-12 11:02 6,397,370 ------w c:\documents and settings\Simon\ui.zip
2001-06-12 11:02 3,635,656 ------w c:\documents and settings\Simon\scenario.zip
2001-06-12 11:02 24,146 ------w c:\documents and settings\Simon\items.zip
2001-06-12 11:02 2,514 ------w c:\documents and settings\Simon\ai.zip
2001-06-12 11:01 905,097 ------w c:\documents and settings\Simon\terrain.zip
2001-06-12 11:01 9,116,930 ------w c:\documents and settings\Simon\animals2.zip
2001-06-12 11:01 8,954,880 ------w c:\documents and settings\Simon\objects.zip
2001-06-12 11:01 687,504 ------w c:\documents and settings\Simon\staff.zip
2001-06-12 11:01 6,564 ------w c:\documents and settings\Simon\config.zip
2001-06-12 11:01 5,884 ------w c:\documents and settings\Simon\paths.zip
2001-06-12 11:01 357,129 ------w c:\documents and settings\Simon\guests.zip
2001-06-12 11:01 2,983,796 ------w c:\documents and settings\Simon\scenery.zip
2001-06-12 10:51 2,826,275 ------w c:\documents and settings\Simon\zoo.exe
2001-06-12 10:20 466,997 ------w c:\documents and settings\Simon\lang0.dll
2001-06-12 08:55 86,362,105 ------w c:\documents and settings\Simon\animals.zip
2001-06-11 03:21 14,240,209 ------w c:\documents and settings\Simon\global.zip
2001-06-07 13:38 118,784 ------w c:\documents and settings\Simon\res0.dll
2001-06-05 15:06 45,056 ------w c:\documents and settings\Simon\ImeUiRes.dll
2001-06-05 14:24 45,056 ------w c:\documents and settings\Simon\ImeUiResJpn.dll
2001-06-05 14:24 45,056 ------w c:\documents and settings\Simon\ImeUiResEnu.dll
2001-05-10 11:15 161,184 ------w c:\documents and settings\Simon\dw.exe
2001-05-10 11:15 1,112,504 ------w c:\documents and settings\Simon\dwdebug.exe
2001-03-28 16:10 55,809 ------w c:\documents and settings\Simon\tiles.zip
2001-03-14 14:29 53,300 ------w c:\documents and settings\Simon\EBUEula.dll
2001-01-03 22:29 10,043 ------w c:\documents and settings\Simon\fringe.zip
1997-12-19 13:12 832,000 ------r c:\documents and settings\Ceri\Ip.exe
1997-11-12 01:10 150,016 ------r c:\documents and settings\Ceri\automenu.exe
1997-01-29 15:10 26,112 ------r c:\documents and settings\Ceri\SETUP.EXE
1997-01-29 14:35 26,624 ------r c:\documents and settings\Ceri\AUTOSET.EXE
1994-05-31 22:00 265,396 ------r c:\documents and settings\Ceri\DOS4GW.EXE
.
((((((((((((((((((((((((((((( SnapShot_2009-02-27_16.44.46.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-28 09:46:42 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_740.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2009-02-11 21:31 1881112 --a------ c:\program files\Peer2Peer-EN\tbPee1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-02-11 1881112]
[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2007-10-09 544768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-28 590848]
"Acronis*True*Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-07-29 419408]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-07-29 69632]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-19 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTmKAQ]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Simon^Start Menu^Programs^Startup^OpenOffice.org 1.1.4.lnk]
path=c:\documents and settings\Simon\Start Menu\Programs\Startup\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2006-11-17 02:05 1953792 c:\windows\system32\JMRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-07-29 15:17 69632 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis*True*Image Monitor]
--a------ 2007-07-29 15:17 419408 c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-02-07 11:30 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2009-02-28 09:36 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2007-05-07 19:10 312240 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-31 05:44 36864 c:\windows\JM\JMInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
--a------ 2007-03-05 13:40 20480 c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
--a------ 2007-05-07 19:07 435120 c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 21:35 1961984 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
--a------ 2006-01-25 11:52 145136 c:\program files\Nova Development\Greeting Card Factory Express\ReminderApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-05 20:25 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil]
--a------ 2007-10-09 09:35 544768 c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-11-14 10:21 16270848 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\lxdipswx.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\W32X86\\3\\LXDItime.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdijswx.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-07 64160]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-18 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2008-02-26 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2007-07-28 17962]
R4 atidgllk;atidgllk;c:\program files\GigaByte\VGA Utility Manager\atidgllk.sys [2007-07-28 12048]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-08-28 99248]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S4 iteraid;iteraid;c:\windows\system32\drivers\iteraid.sys [1980-01-01 16459]
S4 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1980-01-01 75904]
.
Contents of the 'Scheduled Tasks' folder
2009-02-27 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []
2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-07 11:30]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
TCP: {196C64F3-5ABD-4CCF-A605-DA67F5CDDB53} = 192.168.0.1
TCP: {864A2E1F-038E-4330-B9C8-5EF9672100FE} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\eor007ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\Ceri\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 09:53:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-746137067-776561741-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4c,56,cb,3c,ea,29,95,a8,92,d3,30,ef,74,8b,57,86,29,b2,45,03,55,a8,1c,
5f,db,9a,5c,ce,0c,60,4a,bb,44,76,a8,5c,a8,cf,08,c8,eb,08,d6,ad,6d,ee,16,ca,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-28 9:54:23
ComboFix-quarantined-files.txt 2009-02-28 09:54:22
ComboFix3.txt 2009-02-26 19:32:38
ComboFix2.txt 2009-02-27 16:45:44
Pre-Run: 31,065,014,272 bytes free
Post-Run: 31,151,652,864 bytes free
376 --- E O F --- 2009-02-27 04:26:26
scoobyman82
2009-02-28, 12:06
DDS (Ver_09-02-01.01) - FAT32x86
Run by Simon at 10:04:31.46 on 28/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1429 [GMT 0:00]
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon\Desktop\Malware Removal\dds.com
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uURLSearchHooks: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Peer2Peer-EN Toolbar: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - c:\program files\peer2peer-en\tbPee1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [VGAUtil] c:\program files\gigabyte\vga utility manager\G-VGA.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Acronis*True*Image Monitor] "c:\program files\acronis\trueimage\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://ceriduroe.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {196C64F3-5ABD-4CCF-A605-DA67F5CDDB53} = 192.168.0.1
TCP: {864A2E1F-038E-4330-B9C8-5EF9672100FE} = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\eor007ju.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\ceri\application data\videoegg\loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-2-19 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2008-2-19 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2008-2-19 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2008-2-19 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-2-19 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-2-19 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2008-2-19 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2008-2-19 4960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-18 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2008-2-26 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2007-7-28 17962]
R4 atidgllk;atidgllk;c:\program files\gigabyte\vga utility manager\atidgllk.sys [2007-7-28 12048]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-8-28 99248]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S4 iteraid;iteraid;c:\windows\system32\drivers\iteraid.sys [1980-1-1 16459]
S4 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [1980-1-1 75904]
=============== Created Last 30 ================
2009-02-28 09:49 <DIR> --d----- C:\ComboFix
2009-02-27 01:52 <DIR> --d----- c:\docume~1\simon\applic~1\Samsung
2009-02-27 01:50 174,592 a------- c:\windows\system32\framedyn.dll
2009-02-27 01:50 114,304 a------- c:\windows\system32\drivers\sscdmdm.sys
2009-02-27 01:50 14,976 a------- c:\windows\system32\drivers\sscdmdfl.sys
2009-02-27 01:50 12,160 a------- c:\windows\system32\drivers\sscdcmnt.sys
2009-02-27 01:50 12,160 a------- c:\windows\system32\drivers\sscdcm.sys
2009-02-27 01:50 87,936 a------- c:\windows\system32\drivers\sscdbus.sys
2009-02-27 01:50 12,160 a------- c:\windows\system32\drivers\sscdwhnt.sys
2009-02-27 01:50 12,160 a------- c:\windows\system32\drivers\sscdwh.sys
2009-02-27 01:49 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-02-27 01:25 766 a------- c:\windows\system32\Uninstall.ico
2009-02-27 01:25 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-02-27 01:25 <DIR> --d----- c:\program files\Samsung
2009-02-26 20:24 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-02-26 19:24 <DIR> a-dshr-- C:\cmdcons
2009-02-26 19:23 161,792 a------- c:\windows\SWREG.exe
2009-02-26 19:23 98,816 a------- c:\windows\sed.exe
2009-02-21 10:08 <DIR> --d-h--- c:\windows\PIF
2009-02-21 01:50 <DIR> --d----- c:\docume~1\simon\applic~1\Windows Live Writer
2009-02-20 21:04 <DIR> --d----- c:\program files\Trend Micro
2009-02-18 10:43 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-15 06:49 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-09 20:08 <DIR> --d----- c:\documents and settings\simon\Tracing
2009-02-09 20:04 <DIR> --d----- c:\program files\Microsoft
2009-02-09 20:03 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-09 19:56 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-07 11:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-07 11:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-07 11:29 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
==================== Find3M ====================
2009-02-28 09:47 5,112 a------- c:\windows\GPCIDrv.sys
2009-02-28 09:47 17,962 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-02-28 09:46 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-28 09:46 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-01-23 10:48 2,117,632 a------- c:\windows\system32\python25.dll
2009-01-23 10:48 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-01-23 10:48 114,688 a------- c:\windows\system32\pywintypes25.dll
2009-01-22 18:05 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 18:05 202,000 a------- c:\windows\system32\PnkBstrB.exe
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-27 10:28 22,328 a------- c:\docume~1\simon\applic~1\PnkBstrK.sys
2008-12-27 10:28 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-27 10:28 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-19 09:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-09 09:58 410,984 a------- c:\windows\system32\deploytk.dll
2007-10-28 18:41 85,304 a------- c:\docume~1\simon\applic~1\GDIPFONTCACHEV1.DAT
2001-06-15 12:30 471,098 -------- c:\documents and settings\simon\UNINSTAL.EXE
2001-06-14 13:25 1,040,384 -------- c:\documents and settings\simon\SETUPENU.DLL
2001-06-14 11:44 135,989 -------- c:\documents and settings\simon\fences.zip
2001-06-12 11:02 3,635,656 -------- c:\documents and settings\simon\scenario.zip
2001-06-12 11:02 7,337 -------- c:\documents and settings\simon\research.zip
2001-06-12 11:02 24,146 -------- c:\documents and settings\simon\items.zip
2001-06-12 11:02 2,514 -------- c:\documents and settings\simon\ai.zip
2001-06-12 11:02 6,397,370 -------- c:\documents and settings\simon\ui.zip
2001-06-12 11:01 905,097 -------- c:\documents and settings\simon\terrain.zip
2001-06-12 11:01 687,504 -------- c:\documents and settings\simon\staff.zip
2001-06-12 11:01 2,983,796 -------- c:\documents and settings\simon\scenery.zip
2001-06-12 11:01 8,954,880 -------- c:\documents and settings\simon\objects.zip
2001-06-12 11:01 357,129 -------- c:\documents and settings\simon\guests.zip
2001-06-12 11:01 9,116,930 -------- c:\documents and settings\simon\animals2.zip
2001-06-12 11:01 6,564 -------- c:\documents and settings\simon\config.zip
2001-06-12 11:01 5,884 -------- c:\documents and settings\simon\paths.zip
2001-06-12 10:51 2,826,275 -------- c:\documents and settings\simon\zoo.exe
2001-06-12 10:20 466,997 -------- c:\documents and settings\simon\lang0.dll
2001-06-12 08:55 86,362,105 -------- c:\documents and settings\simon\animals.zip
2001-06-11 03:21 14,240,209 -------- c:\documents and settings\simon\global.zip
2001-06-07 13:38 118,784 -------- c:\documents and settings\simon\res0.dll
2001-06-05 15:06 45,056 -------- c:\documents and settings\simon\ImeUiRes.dll
2001-06-05 14:24 45,056 -------- c:\documents and settings\simon\ImeUiResJpn.dll
2001-06-05 14:24 45,056 -------- c:\documents and settings\simon\ImeUiResEnu.dll
2001-05-10 11:15 1,112,504 -------- c:\documents and settings\simon\dwdebug.exe
2001-05-10 11:15 161,184 -------- c:\documents and settings\simon\dw.exe
2001-03-28 16:10 55,809 -------- c:\documents and settings\simon\tiles.zip
2001-03-14 14:29 53,300 -------- c:\documents and settings\simon\EBUEula.dll
2001-01-03 22:29 10,043 -------- c:\documents and settings\simon\fringe.zip
============= FINISH: 10:04:47.64 ===============
It's all right :)
Start hjt, do a system scan, check (if found):
O20 - Winlogon Notify: tuvTmKAQ - tuvTmKAQ.dll (file missing)
Close browsers and fix checked.
Reboot and post a fresh hjt log.
scoobyman82
2009-03-01, 12:08
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice\program\quickstart.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.peernetworksuk.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ceriduroe.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{196C64F3-5ABD-4CCF-A605-DA67F5CDDB53}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{864A2E1F-038E-4330-B9C8-5EF9672100FE}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{196C64F3-5ABD-4CCF-A605-DA67F5CDDB53}: NameServer = 192.168.0.1
O20 - Winlogon Notify: tuvTmKAQ - C:\WINDOWS\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11939 bytes
Hi
Fix these with hjt:
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O20 - Winlogon Notify: tuvTmKAQ - C:\WINDOWS\
Reboot and post a fresh hjt log (this time with header details included).
scoobyman82
2009-03-01, 17:10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:49, on 01/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acronis*True*Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice\program\quickstart.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.peernetworksuk.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photobox.co.uk/sg/common/ImageUploader4.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ceriduroe.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{196C64F3-5ABD-4CCF-A605-DA67F5CDDB53}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{864A2E1F-038E-4330-B9C8-5EF9672100FE}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{196C64F3-5ABD-4CCF-A605-DA67F5CDDB53}: NameServer = 192.168.0.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11544 bytes
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now type "c:\documents and settings\Simon\Desktop\Malware Removal\ComboFix.exe" /u in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!).
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
scoobyman82
2009-03-02, 20:26
Hi there.
All seems well now, many many thanks. http://forums.spybot.info/images/smilies/woo1.gif
A couple of things to ask, do i need to actually visit the microsoft website to update or is it ok to have auto update ON in the security centre?
Also is the standard windows firewall any good? I used to have Comodo firewall but couldn't get on with it.Kio
Kind regards.
Hi
Having automatic updates on is enough :)
Windows XP internal firewall is better than nothing but since it won't monitor outgoing traffic it's strongly recommended to use either hardware firewall (like router behind NAT) or some 3rd party software solution.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.