View Full Version : Agent2.ebw
My Avg has found this trojan on my pc and it cannot remove it.
Any help to resolve would be appreciated
Thx
Ed
Forgot to post Hjt log:sad:
Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:39, on 22/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPClientService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
C:\Program Files\Smile Brush\Smile Brush.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.virginmedia.com:3128
O1 - Hosts: 193.86.103.19 guru.grisoft.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CGreenPrintPDF Object - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GPPrinterNotify] "C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe"
O4 - HKLM\..\Run: [Ctetaqegayuxoxo] rundll32.exe "C:\WINDOWS\ogezires.dll",e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Smile Brush] "C:\Program Files\Smile Brush\Smile Brush.exe" a
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
O4 - Global Startup: GPLog.lnk = ?
O4 - Global Startup: GreenPrint Printer Notify.lnk = ?
O4 - Global Startup: GreenPrint TrayIcon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37940.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {20D5EAD2-CF47-49F5-A154-DB9CCC670C28} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\dbmsvinn32.dll
O20 - Winlogon Notify: a80c7ce2579 - C:\WINDOWS\System32\dbmsvinn32.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c0017416 - C:\WINDOWS\system32\__c0017416.dat (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GreenPrint Client Report Service (GPClientService) - Unknown owner - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPClientService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 11591 bytes
Hi eddd2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Hi,
Thanks for your help to clean my pc
Included logs as requested
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:57, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Smile Brush\Smile Brush.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.virginmedia.com:3128
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CGreenPrintPDF Object - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GPPrinterNotify] "C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Smile Brush] "C:\Program Files\Smile Brush\Smile Brush.exe" a
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
O4 - Global Startup: GPLog.lnk = ?
O4 - Global Startup: GreenPrint Printer Notify.lnk = ?
O4 - Global Startup: GreenPrint TrayIcon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37940.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\dbmsvinn32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GreenPrint Client Report Service (GPClientService) - Unknown owner - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPClientService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 11164 bytes
ComboFix 09-04-23.A1 - Ed 23/04/2009 13:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1026 [GMT 1:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ed\Application Data\02000000064dfb40579C.manifest
c:\documents and settings\Ed\Application Data\02000000064dfb40579O.manifest
c:\documents and settings\Ed\Application Data\02000000064dfb40579P.manifest
c:\documents and settings\Ed\Application Data\02000000064dfb40579S.manifest
c:\documents and settings\Ed\Application Data\inst.exe
c:\documents and settings\Ed\Application Data\Microsoft\SystemCertificates\Request
c:\windows\GnuHashes.ini
c:\windows\IE4 Error Log.txt
c:\windows\ldp1nd10.dll
c:\windows\patch.exe
c:\windows\system32\cmmgr32.exe
c:\windows\system32\GroupPolicy000.dat
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Legacy_ZESOFT
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.
2009-04-22 10:08 . 2009-04-22 10:08 -------- d-----w c:\program files\ERUNT
2009-04-20 17:56 . 2009-04-20 20:37 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-20 15:17 . 2009-04-20 17:44 -------- d-----w c:\documents and settings\Ed\.housecall6.6
2009-04-18 11:49 . 2009-04-18 11:49 -------- d-----w c:\documents and settings\Ed\Local Settings\Application Data\{724BF354-BD29-4FBD-A245-25408141C37B}
2009-04-18 10:59 . 2009-04-18 10:59 615 ----a-w c:\windows\system32\0vSFz.vbs
2009-04-18 10:58 . 2009-04-18 10:58 615 ----a-w c:\windows\system32\g5oZd4j.vbs
2009-04-18 10:44 . 2009-04-18 10:44 615 ----a-w c:\windows\system32\0StcOSRQPRC2yEV.vbs
2009-04-16 02:01 . 2009-04-16 02:06 1374 ----a-w c:\windows\imsins.BAK
2009-04-15 20:33 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-08 16:09 . 2009-04-08 16:09 -------- d-----w c:\documents and settings\Ed\Application Data\LogoManager
2009-04-08 16:08 . 2009-04-08 16:09 -------- d-----w c:\program files\Mobius Phone Explorer
2009-04-08 15:36 . 2009-04-20 13:42 -------- d-----w c:\program files\MobiMB Mobile Media Browser
2009-04-06 13:48 . 2009-04-06 13:48 -------- d-----w c:\program files\CCleaner
2009-03-31 17:23 . 2008-04-14 00:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-31 17:23 . 2008-04-14 00:12 18944 ----a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-03-31 17:22 . 2008-04-13 18:36 8832 ----a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-03-31 17:21 . 2008-04-13 18:45 17152 ----a-w c:\windows\system32\dllcache\usbohci.sys
2009-03-31 17:20 . 2008-04-14 00:12 82944 ----a-w c:\windows\system32\dllcache\tp4mon.exe
2009-03-31 17:20 . 2008-04-13 18:40 149376 ----a-w c:\windows\system32\dllcache\tffsport.sys
2009-03-31 17:20 . 2008-04-13 18:40 7552 ----a-w c:\windows\system32\dllcache\sonyait.sys
2009-03-31 17:20 . 2008-04-13 18:36 6912 ----a-w c:\windows\system32\dllcache\smbclass.sys
2009-03-31 17:19 . 2008-04-13 18:36 16000 ----a-w c:\windows\system32\dllcache\smbbatt.sys
2009-03-31 17:19 . 2008-04-13 18:45 11520 ----a-w c:\windows\system32\dllcache\scsiscan.sys
2009-03-31 17:19 . 2008-04-13 18:40 43904 ----a-w c:\windows\system32\dllcache\sbp2port.sys
2009-03-31 17:19 . 2008-04-14 00:12 29696 ----a-w c:\windows\system32\dllcache\rw450ext.dll
2009-03-31 17:19 . 2008-04-14 00:12 27648 ----a-w c:\windows\system32\dllcache\rw430ext.dll
2009-03-31 17:18 . 2008-04-13 18:40 79104 ----a-w c:\windows\system32\dllcache\rocket.sys
2009-03-31 17:18 . 2008-04-13 18:40 6016 ----a-w c:\windows\system32\dllcache\qic157.sys
2009-03-31 17:18 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\dllcache\ptpusd.dll
2009-03-31 17:18 . 2008-04-13 18:41 17664 ----a-w c:\windows\system32\dllcache\ppa3.sys
2009-03-31 17:18 . 2008-04-13 18:40 8832 ----a-w c:\windows\system32\dllcache\powerfil.sys
2009-03-31 17:18 . 2008-04-14 00:10 259328 ----a-w c:\windows\system32\dllcache\perm3dd.dll
2009-03-31 17:18 . 2008-04-13 18:44 28032 ----a-w c:\windows\system32\dllcache\perm3.sys
2009-03-31 17:18 . 2008-04-14 00:10 211584 ----a-w c:\windows\system32\dllcache\perm2dll.dll
2009-03-31 17:18 . 2008-04-13 18:44 27904 ----a-w c:\windows\system32\dllcache\perm2.sys
2009-03-31 17:17 . 2008-04-13 18:54 28672 ----a-w c:\windows\system32\dllcache\nscirda.sys
2009-03-31 17:17 . 2008-04-13 18:46 49024 ----a-w c:\windows\system32\dllcache\mstape.sys
2009-03-31 17:17 . 2008-04-13 18:54 22016 ----a-w c:\windows\system32\dllcache\msircomm.sys
2009-03-31 17:16 . 2008-04-13 18:41 26112 ----a-w c:\windows\system32\dllcache\memstpci.sys
2009-03-31 17:16 . 2008-04-13 18:40 7040 ----a-w c:\windows\system32\dllcache\ltotape.sys
2009-03-31 17:16 . 2008-04-13 18:40 34688 ----a-w c:\windows\system32\dllcache\lbrtfdc.sys
2009-03-31 17:16 . 2008-04-14 00:11 253952 ----a-w c:\windows\system32\dllcache\kdsusd.dll
2009-03-31 17:16 . 2008-04-14 00:11 48640 ----a-w c:\windows\system32\dllcache\kdsui.dll
2009-03-31 17:15 . 2008-04-14 00:09 6144 ----a-w c:\windows\system32\dllcache\kbd106.dll
2009-03-31 17:15 . 2008-04-13 18:54 88192 ----a-w c:\windows\system32\dllcache\irda.sys
2009-03-31 17:14 . 2002-08-29 05:00 10129408 ----a-w c:\windows\system32\dllcache\hwxkor.dll
2009-03-31 17:13 . 2008-04-13 18:36 20352 ----a-w c:\windows\system32\dllcache\hidbatt.sys
2009-03-31 17:13 . 2008-04-13 18:40 28288 ----a-w c:\windows\system32\dllcache\grserial.sys
2009-03-31 17:13 . 2008-04-13 18:45 59136 ----a-w c:\windows\system32\dllcache\gckernel.sys
2009-03-31 17:13 . 2008-04-13 18:45 10624 ----a-w c:\windows\system32\dllcache\gameenum.sys
2009-03-31 17:12 . 2008-04-14 00:12 20992 ----a-w c:\windows\system32\dllcache\dshowext.ax
2009-03-31 17:11 . 2008-04-13 18:39 206976 ----a-w c:\windows\system32\dllcache\dot4.sys
2009-03-31 17:11 . 2008-04-13 18:40 8320 ----a-w c:\windows\system32\dllcache\dlttape.sys
2009-03-31 17:11 . 2008-04-14 00:11 249856 ----a-w c:\windows\system32\dllcache\ctmasetp.dll
2009-03-31 17:11 . 2008-04-13 18:36 10240 ----a-w c:\windows\system32\dllcache\compbatt.sys
2009-03-31 17:10 . 2008-04-13 18:36 13952 ----a-w c:\windows\system32\dllcache\cmbatt.sys
2009-03-31 17:10 . 2008-04-13 18:40 8192 ----a-w c:\windows\system32\dllcache\changer.sys
2009-03-31 17:10 . 2008-04-14 00:11 121856 ----a-w c:\windows\system32\dllcache\camext30.dll
2009-03-31 17:09 . 2008-04-13 18:36 14208 ----a-w c:\windows\system32\dllcache\battc.sys
2009-03-31 17:09 . 2008-04-13 18:46 13696 ----a-w c:\windows\system32\dllcache\avcstrm.sys
2009-03-31 17:09 . 2008-04-13 18:40 96512 ----a-w c:\windows\system32\dllcache\atapi.sys
2009-03-31 17:08 . 2008-04-13 18:40 12288 ----a-w c:\windows\system32\dllcache\4mmdat.sys
2009-03-30 12:17 . 2009-03-30 12:17 -------- d-----w c:\program files\Microsoft
2009-03-30 12:17 . 2009-03-30 12:17 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-25 08:59 . 2009-03-30 12:17 -------- d-----w c:\program files\MSN Messenger
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 12:35 . 2008-04-13 10:27 716180 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 12:35 . 2008-04-13 10:27 61435936 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 12:12 . 2008-08-29 16:56 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 11:53 . 2004-03-10 19:56 -------- d-----w c:\documents and settings\Ed\Application Data\MailWasherPro
2009-04-22 13:36 . 2004-08-12 11:40 -------- d-----w c:\program files\AVerTV2K
2009-04-22 11:44 . 2007-03-03 19:01 -------- d-----w c:\documents and settings\Ed\Application Data\MyPhoneExplorer
2009-04-21 19:02 . 2008-08-13 18:26 34 ----a-w c:\documents and settings\Ed\jagex_runescape_preferences.dat
2009-04-20 15:18 . 2005-04-03 16:29 -------- d-----w c:\program files\SpywareBlaster
2009-04-20 13:43 . 2006-09-22 13:14 -------- d-----w c:\program files\MSN Password Recovery
2009-04-20 09:33 . 2007-07-17 13:57 -------- d-----w c:\program files\a-squared Free
2009-04-19 23:19 . 2004-05-14 22:22 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-19 22:21 . 2008-04-25 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-19 20:37 . 2004-05-14 22:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 18:03 . 2004-03-14 14:49 -------- d-----w c:\documents and settings\Ed\Application Data\sb_temp
2009-04-19 17:49 . 2008-04-25 11:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-19 17:49 . 2008-04-25 11:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-19 17:48 . 2008-04-25 11:26 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
2009-04-18 10:59 . 2008-01-03 16:09 -------- d-----w c:\documents and settings\Ed\Application Data\BitTorrent
2009-04-14 10:55 . 2007-03-03 19:01 -------- d-----w c:\program files\MyPhoneExplorer
2009-04-14 08:35 . 2004-03-14 17:17 -------- d-----w c:\program files\mIRC
2009-04-13 10:13 . 2004-05-08 16:39 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-08 17:18 . 2009-04-13 19:42 156446 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2009-04-08 16:09 . 2006-07-25 14:22 -------- d-----w c:\program files\Common Files\LogoManager
2009-04-07 12:57 . 2005-08-02 08:16 -------- d-----w c:\documents and settings\Ed\Application Data\dvdcss
2009-04-05 09:43 . 2006-12-10 13:03 21282574 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-30 12:17 . 2008-03-05 23:01 -------- d-----w c:\program files\Windows Live
2009-03-26 13:14 . 2006-08-10 19:15 -------- d-----w c:\documents and settings\Ed\Application Data\Skype
2009-03-26 10:02 . 2008-08-25 20:24 -------- d-----w c:\documents and settings\Ed\Application Data\skypePM
2009-03-23 14:12 . 2004-03-15 11:28 71592 ----a-w c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-23 14:03 . 2009-03-23 14:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 13:48 . 2009-03-23 13:48 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-23 13:48 . 2004-02-26 14:48 -------- d-----w c:\program files\Java
2009-03-23 11:45 . 2004-07-07 08:58 -------- d-----w c:\program files\PestPatrol
2009-03-21 14:06 . 2002-08-29 05:00 989696 ----a-w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-15 10:55 . 2009-03-15 10:57 2191872 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\DLLCACHE\pdh.dll
2009-03-02 23:04 . 2004-01-21 16:15 1499136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-02-20 08:11 . 2004-07-07 17:37 3068416 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-02-20 08:10 . 2004-02-06 17:05 666112 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-02-20 08:10 . 2004-02-06 17:05 666112 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-02-20 08:10 . 2004-01-21 16:20 619520 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2009-02-20 08:10 . 2004-08-10 23:04 81920 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
2009-02-20 08:10 . 2004-08-10 23:04 81920 ------w c:\windows\SYSTEM32\ieencode.dll
2009-02-19 19:02 . 2009-02-19 19:04 104960 ----a-w c:\windows\Internet Logs\xDB29.tmp
2009-02-19 10:09 . 2009-02-19 10:11 1406976 ----a-w c:\windows\Internet Logs\xDB28.tmp
2009-02-18 17:32 . 2004-08-08 18:19 929 ----a-w C:\avi_log.txt
2009-02-09 12:10 . 2002-08-29 05:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2002-08-29 05:00 729088 ----a-w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2009-02-09 12:10 . 2004-05-04 18:49 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 12:10 . 2004-05-04 18:49 401408 ----a-w c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
2009-02-09 12:10 . 2002-08-29 05:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2002-08-29 05:00 714752 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntdll.dll
2009-02-09 12:10 . 2002-08-29 05:00 617472 ----a-w c:\windows\SYSTEM32\DLLCACHE\advapi32.dll
2009-02-09 12:10 . 2002-08-29 05:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 12:10 . 2002-08-29 05:00 473600 ----a-w c:\windows\SYSTEM32\DLLCACHE\fastprox.dll
2009-02-09 12:10 . 2002-08-29 05:00 453120 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmiprvsd.dll
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\win32k(2)(2).sys
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-07 18:02 . 1980-01-01 00:00 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-07 18:02 . 1980-01-01 00:00 2066048 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\SYSTEM32\sirenacm.dll
2009-02-06 11:11 . 2002-08-29 05:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:11 . 2002-08-29 05:00 110592 ----a-w c:\windows\SYSTEM32\DLLCACHE\services.exe
2009-02-06 11:08 . 1980-01-01 00:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 11:08 . 1980-01-01 00:00 2189056 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 00:27 2145280 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\DLLCACHE\sc.exe
2009-02-06 10:32 . 2008-10-15 00:27 2023936 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 10:10 . 2002-08-29 05:00 227840 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmiprvse.exe
2009-02-03 19:59 . 2002-08-29 05:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2009-02-03 19:59 . 2002-08-29 05:00 56832 ----a-w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2009-01-23 16:49 . 2009-02-14 11:25 18320 ----a-w c:\windows\SYSTEM32\GPPDF.dll
2009-01-23 16:49 . 2009-02-14 11:25 16280 ----a-w c:\windows\SYSTEM32\GPMailPDF.dll
2009-01-23 16:48 . 2009-02-14 11:25 17296 ----a-w c:\windows\SYSTEM32\gpmon.dll
2007-07-07 10:09 . 2007-07-07 10:09 47360 ----a-w c:\documents and settings\Ed\Application Data\pcouffin.sys
2006-07-11 18:07 . 2006-07-11 18:07 63888 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-03-24 20:35 . 2006-03-24 20:35 137 ----a-w c:\documents and settings\NetworkService\Local Settings\Application Data\fusioncache.dat
2004-08-09 20:45 . 2004-08-09 20:45 125 ----a-w c:\documents and settings\Ed\Local Settings\Application Data\fusioncache.dat
2009-01-03 01:2006-01-22 21:07 37:38 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-03 01:2006-01-22 21:07 37:38 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-03 01:2007-06-13 18:56 37:38 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-03 01:2007-06-13 18:56 37:43 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-03 01:2006-01-22 21:07 37:43 . c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Smile Brush"="c:\program files\Smile Brush\Smile Brush.exe" [2003-05-10 217088]
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2004-09-28 157184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-03 4800512]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-19 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-13 155648]
"GPPrinterNotify"="c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe" [2009-01-23 599968]
"atwtusb"="atwtusb.exe" - c:\windows\SYSTEM32\atwtusb.exe [2002-08-29 188416]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\SYSTEM32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DriveSelect.lnk - c:\program files\321Studios\Xpress\DriveSelect.exe [2003-5-5 217088]
GPLog.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\LOGWnd.exe [2009-2-14 21904]
GreenPrint Printer Notify.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe [2009-2-14 599968]
GreenPrint TrayIcon.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPTray.exe [2009-2-14 272272]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-03-07 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-19 17:48 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dbmsvinn32.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ldp1nd10.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\KaZaA Lite\\Kazaa.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 GPClientService;GreenPrint Client Report Service;c:\program files\GreenPrint Technologies\GreenPrint World\GPClientService.exe [2008-12-30 126976]
R2 USBHSB;GeneLink File Transfer Driver; [x]
R3 ATHFMWDL;NETGEAR WG111T bootloader driver; [x]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\rt2500usb.sys [2004-07-16 140416]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\Drivers\pixmc10c.sys [2002-09-27 31232]
R3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\Drivers\pixmc10a.sys [2002-10-03 28060]
R3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\Drivers\pixmc10v.sys [2002-11-28 22652]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-19 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-19 108552]
S1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-01-07 19572]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-19 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-19 298264]
S2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\DRIVERS\BT848.sys [2001-12-07 260072]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2001-12-26 22016]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2001-08-22 13312]
S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [2004-11-01 237635]
S2 SVKP;SVKP;c:\windows\System32\SVKP.sys [2004-08-03 2368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Fax Machine - (no file)
Notify-a80c7ce2579 - c:\windows\System32\dbmsvinn32.dll
Notify-__c0017416 - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyServer = webcache.virginmedia.com:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://d:\content\include\XPPatchInstaller.CAB
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37940.cab
DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://d:\content\include\msSecUcd.cab
FF - ProfilePath - c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\xcylc0hx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.quidco.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 13:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,64,ca,56,b1,d0,
05,44,26,c8,28,51,af,b0,29,a3,98,2e,76,05,2c,46,b2,d2,64,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,fc,7a,49,aa,98,
32,c7,46,71,3b,04,66,8b,46,0d,96,a9,5b,9e,5a,ce,74,c4,1e,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,dd,37,6d,4d,05,
e3,4b,67,25,da,ec,7e,55,20,c9,26,a8,26,ef,54,4d,d8,7b,f5,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,bd,73,e8,34,70,
63,58,44,3e,1e,9e,e0,57,5a,93,61,da,60,b5,f9,2b,55,ac,09,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,a5,00,e2,8f,67,
68,88,5c,cd,44,cd,b9,a6,33,6c,cd,32,47,71,1b,ac,ac,a7,70,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,32,eb,00,87,41,
2a,57,bc,b0,18,ed,a7,3f,8d,37,a4,ee,94,d0,ac,53,90,5a,8a,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,33,b1,d0,dc,90,
2e,09,5c,31,77,e1,ba,b1,f8,68,02,36,42,1a,da,5f,72,7f,59,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,63,67,fb,48,0e,
76,a6,99,83,6c,56,8b,a0,85,96,ab,07,85,ab,9a,63,1b,73,76,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,6e,54,01,17,db,
3b,96,e0,51,fa,6e,91,28,9e,14,cc,88,94,fd,01,ed,d4,df,48,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,9b,5e,9e,d4,9c,
e5,09,c5,b1,cd,45,5a,a8,c4,f8,b9,ab,07,30,a1,15,33,b9,e4,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,b0,85,88,5d,64,
7e,6c,8f,e3,0e,66,d5,eb,bc,2f,6b,f6,21,e2,97,9b,37,0c,55,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,51,1a,87,d7,12,
85,c4,b7,fa,ea,66,7f,d4,3b,6b,70,64,89,6a,53,7f,ef,38,ef,6c,43,2d,1e,aa,22,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SYSTEM32\brss01a.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\SYSTEM32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\TCPSVCS.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-23 13:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-23 12:52
Pre-Run: 25,999,720,448 bytes free
Post-Run: 26,408,968,192 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
406 --- E O F --- 2009-04-16 02:06
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Hi Shaba
Here is txt file
3GP Video Converter 3
Ad-Aware
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
AnyDVD
a-squared Free 3.0
AutoRun SlideShow
Avery Wizard 2.5
AVG 8.5
Bandwidth Monitor Pro
Bazooka Spyware Scanner
BCM V.92 56K Modem
Belkin 54g USB Network Adapter
Brother MFL-Pro Suite
Caere Scan Manager 5.1
Canon iP4200
Canon ScanGear Toolbox CS 2.2
Canon Setup Utility 2.0
CCleaner (remove only)
CD-LabelPrint
Choice Guard
CloneCD
CloneDVD2
Creative Video Blaster WebCam 3 USB Driver
Cucusoft AVI to DVD/VCD/SVCD/MPEG Converter Pro 4.29
DAO
Digital Line Detect
Digital Picture Recovery
DVD Decrypter (Remove Only)
DVD Identifier
DVD Region-Free 3.65
DVD Shrink 3.2
DVDFab Platinum 3.1.4.0 Ghosthunter release
DVDInfoPro
DVDXCopy Xpress 2.0.1
Easy Video Splitter 1.26
EndItAll 2.0
EPSON Printer Software
EPSON Web-To-Page
ERUNT 1.1j
ESET Online Scanner
Express Rip Uninstall
exPressIT 5
Fax Machine 4.26
FilterSDK
FLV Player
Free Video to Mp3 Converter version 3.1
Free YouTube Download 2.2
Freez FLV to AVI/MPEG/WMV Converter
Google Earth
GreenPrint World
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
iGO POI Explorer beta
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
IrfanView (remove only)
IsoBuster 1.6
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Kaspersky Online Scanner
KeyMaestro Input Device Driver V2.0.U-123AC MUL
LiveUpdate BVRP Software
Macromedia Shockwave Player
MailWasher Pro
Malwarebytes' Anti-Malware
MediaMonkey 2.5
MemoriesOnTV 2.1.5
MGI PhotoSuite SE (Remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
MIKSOFT Mobile AMR converter
mIRC
Mobile Media Converter
mobile PhoneTools
Mobius Phone Explorer
Modem Helper
Mozilla Firefox (2.0.0.20)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Munnin 2.2
My DSC
MyPhoneExplorer
Nero 6 Ultra Edition
NeroVision Express 2
Network Stumbler 0.4.0 (remove only)
Nimo Codecs Pack v5.0 (Remove Only)
NISIS USB Tablet Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPage Pro 9.0
OpenMG Limited Patch 4.0-04-11-28-01
OpenMG Secure Module 4.0.05
Opera
Outlook Express Backup Wizard
PaperPort
PerfectDisk
Photocopier Pro Version 2.03b
Photodex Presenter
PictureToTV 1.4.4
PimpFish Basic
Power MP3 WMA Converter 1.14
PowerDVD
ProShow Gold
QuickTime
Real Alternative 1.22
Redtube Video Downloader 3.15
save2pc Light 3.26
save2pc Pro 3.31
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Segoe UI
SetupPPUpdater
Skype™ 3.8
SmartSound Quicktracks Plugin
Smile Brush
SPX Instant Screen Capture
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
SpywareBlaster 4.1
SVCD2DVD 2.1
SVCD2DVD 2.5
Terrapin FTP
TMPGEnc DVD Author 1.5
TMPGEnc Plus 2.5
TMPGEnc Sound Player
Turbo Lister
Ulead VideoStudio 10
UnderCoverXP 1.08
Uninstall 1.0.0.1
Uninstall MPEG2 Plugin
Uninstall MultiCoverPrint 2.03
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.2
Virtual Earth 3D (Beta)
Web Album Generator 1.8.2
WIDCOMM Bluetooth Software
WinAVI Video Converter 5.8
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
ZoneAlarm
Please do a search:
Go "Start">"Search">"All Files and Folders"
Enter serwvdrv.dll
Select "More advanced options"
Check-mark "Search System Folders", "Search hidden files and folders", and "Search subfolders".
Click "Search".
Repeat for ldp1nd10.dll
Post back results, please
serwvdrv.dll
c:\I386
c:\WINDOWS\SYSTEM32
c:\WINDOWS\SYSTEM32\DLLCACHE
ldp1nd10.dll
c:\Qoobox\Quarantine\c\Wndows
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
c:\windows\system32\0vSFz.vbs
c:\windows\system32\g5oZd4j.vbs
c:\windows\system32\0StcOSRQPRC2yEV.vbs
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\KaZaA Lite\\Kazaa.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 09-04-23.A1 - Ed 23/04/2009 19:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.936 [GMT 1:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ed\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
FILE ::
c:\windows\system32\0StcOSRQPRC2yEV.vbs
c:\windows\system32\0vSFz.vbs
c:\windows\system32\g5oZd4j.vbs
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\0StcOSRQPRC2yEV.vbs
c:\windows\system32\0vSFz.vbs
c:\windows\system32\g5oZd4j.vbs
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.
2009-04-22 10:08 . 2009-04-22 10:08 -------- d-----w c:\program files\ERUNT
2009-04-20 17:56 . 2009-04-20 20:37 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-20 15:17 . 2009-04-20 17:44 -------- d-----w c:\documents and settings\Ed\.housecall6.6
2009-04-18 11:49 . 2009-04-18 11:49 -------- d-----w c:\documents and settings\Ed\Local Settings\Application Data\{724BF354-BD29-4FBD-A245-25408141C37B}
2009-04-16 02:01 . 2009-04-16 02:06 1374 ----a-w c:\windows\imsins.BAK
2009-04-15 20:33 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-08 16:09 . 2009-04-08 16:09 -------- d-----w c:\documents and settings\Ed\Application Data\LogoManager
2009-04-08 16:08 . 2009-04-08 16:09 -------- d-----w c:\program files\Mobius Phone Explorer
2009-04-08 15:36 . 2009-04-20 13:42 -------- d-----w c:\program files\MobiMB Mobile Media Browser
2009-04-06 13:48 . 2009-04-06 13:48 -------- d-----w c:\program files\CCleaner
2009-03-31 17:23 . 2008-04-14 00:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-31 17:23 . 2008-04-14 00:12 18944 ----a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-03-31 17:22 . 2008-04-13 18:36 8832 ----a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-03-31 17:21 . 2008-04-13 18:45 17152 ----a-w c:\windows\system32\dllcache\usbohci.sys
2009-03-31 17:20 . 2008-04-14 00:12 82944 ----a-w c:\windows\system32\dllcache\tp4mon.exe
2009-03-31 17:20 . 2008-04-13 18:40 149376 ----a-w c:\windows\system32\dllcache\tffsport.sys
2009-03-31 17:20 . 2008-04-13 18:40 7552 ----a-w c:\windows\system32\dllcache\sonyait.sys
2009-03-31 17:20 . 2008-04-13 18:36 6912 ----a-w c:\windows\system32\dllcache\smbclass.sys
2009-03-31 17:19 . 2008-04-13 18:36 16000 ----a-w c:\windows\system32\dllcache\smbbatt.sys
2009-03-31 17:19 . 2008-04-13 18:45 11520 ----a-w c:\windows\system32\dllcache\scsiscan.sys
2009-03-31 17:19 . 2008-04-13 18:40 43904 ----a-w c:\windows\system32\dllcache\sbp2port.sys
2009-03-31 17:19 . 2008-04-14 00:12 29696 ----a-w c:\windows\system32\dllcache\rw450ext.dll
2009-03-31 17:19 . 2008-04-14 00:12 27648 ----a-w c:\windows\system32\dllcache\rw430ext.dll
2009-03-31 17:18 . 2008-04-13 18:40 79104 ----a-w c:\windows\system32\dllcache\rocket.sys
2009-03-31 17:18 . 2008-04-13 18:40 6016 ----a-w c:\windows\system32\dllcache\qic157.sys
2009-03-31 17:18 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\dllcache\ptpusd.dll
2009-03-31 17:18 . 2008-04-13 18:41 17664 ----a-w c:\windows\system32\dllcache\ppa3.sys
2009-03-31 17:18 . 2008-04-13 18:40 8832 ----a-w c:\windows\system32\dllcache\powerfil.sys
2009-03-31 17:18 . 2008-04-14 00:10 259328 ----a-w c:\windows\system32\dllcache\perm3dd.dll
2009-03-31 17:18 . 2008-04-13 18:44 28032 ----a-w c:\windows\system32\dllcache\perm3.sys
2009-03-31 17:18 . 2008-04-14 00:10 211584 ----a-w c:\windows\system32\dllcache\perm2dll.dll
2009-03-31 17:18 . 2008-04-13 18:44 27904 ----a-w c:\windows\system32\dllcache\perm2.sys
2009-03-31 17:17 . 2008-04-13 18:54 28672 ----a-w c:\windows\system32\dllcache\nscirda.sys
2009-03-31 17:17 . 2008-04-13 18:46 49024 ----a-w c:\windows\system32\dllcache\mstape.sys
2009-03-31 17:17 . 2008-04-13 18:54 22016 ----a-w c:\windows\system32\dllcache\msircomm.sys
2009-03-31 17:16 . 2008-04-13 18:41 26112 ----a-w c:\windows\system32\dllcache\memstpci.sys
2009-03-31 17:16 . 2008-04-13 18:40 7040 ----a-w c:\windows\system32\dllcache\ltotape.sys
2009-03-31 17:16 . 2008-04-13 18:40 34688 ----a-w c:\windows\system32\dllcache\lbrtfdc.sys
2009-03-31 17:16 . 2008-04-14 00:11 253952 ----a-w c:\windows\system32\dllcache\kdsusd.dll
2009-03-31 17:16 . 2008-04-14 00:11 48640 ----a-w c:\windows\system32\dllcache\kdsui.dll
2009-03-31 17:15 . 2008-04-14 00:09 6144 ----a-w c:\windows\system32\dllcache\kbd106.dll
2009-03-31 17:15 . 2008-04-13 18:54 88192 ----a-w c:\windows\system32\dllcache\irda.sys
2009-03-31 17:14 . 2002-08-29 05:00 10129408 ----a-w c:\windows\system32\dllcache\hwxkor.dll
2009-03-31 17:13 . 2008-04-13 18:36 20352 ----a-w c:\windows\system32\dllcache\hidbatt.sys
2009-03-31 17:13 . 2008-04-13 18:40 28288 ----a-w c:\windows\system32\dllcache\grserial.sys
2009-03-31 17:13 . 2008-04-13 18:45 59136 ----a-w c:\windows\system32\dllcache\gckernel.sys
2009-03-31 17:13 . 2008-04-13 18:45 10624 ----a-w c:\windows\system32\dllcache\gameenum.sys
2009-03-31 17:12 . 2008-04-14 00:12 20992 ----a-w c:\windows\system32\dllcache\dshowext.ax
2009-03-31 17:11 . 2008-04-13 18:39 206976 ----a-w c:\windows\system32\dllcache\dot4.sys
2009-03-31 17:11 . 2008-04-13 18:40 8320 ----a-w c:\windows\system32\dllcache\dlttape.sys
2009-03-31 17:11 . 2008-04-14 00:11 249856 ----a-w c:\windows\system32\dllcache\ctmasetp.dll
2009-03-31 17:11 . 2008-04-13 18:36 10240 ----a-w c:\windows\system32\dllcache\compbatt.sys
2009-03-31 17:10 . 2008-04-13 18:36 13952 ----a-w c:\windows\system32\dllcache\cmbatt.sys
2009-03-31 17:10 . 2008-04-13 18:40 8192 ----a-w c:\windows\system32\dllcache\changer.sys
2009-03-31 17:10 . 2008-04-14 00:11 121856 ----a-w c:\windows\system32\dllcache\camext30.dll
2009-03-31 17:09 . 2008-04-13 18:36 14208 ----a-w c:\windows\system32\dllcache\battc.sys
2009-03-31 17:09 . 2008-04-13 18:46 13696 ----a-w c:\windows\system32\dllcache\avcstrm.sys
2009-03-31 17:09 . 2008-04-13 18:40 96512 ----a-w c:\windows\system32\dllcache\atapi.sys
2009-03-31 17:08 . 2008-04-13 18:40 12288 ----a-w c:\windows\system32\dllcache\4mmdat.sys
2009-03-30 12:17 . 2009-03-30 12:17 -------- d-----w c:\program files\Microsoft
2009-03-30 12:17 . 2009-03-30 12:17 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-25 08:59 . 2009-03-30 12:17 -------- d-----w c:\program files\MSN Messenger
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 15:35 . 2008-08-13 18:26 34 ----a-w c:\documents and settings\Ed\jagex_runescape_preferences.dat
2009-04-23 14:35 . 2004-03-10 19:56 -------- d-----w c:\documents and settings\Ed\Application Data\MailWasherPro
2009-04-23 12:35 . 2008-04-13 10:27 716180 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 12:35 . 2008-04-13 10:27 61435936 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 12:12 . 2008-08-29 16:56 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-22 13:36 . 2004-08-12 11:40 -------- d-----w c:\program files\AVerTV2K
2009-04-22 11:44 . 2007-03-03 19:01 -------- d-----w c:\documents and settings\Ed\Application Data\MyPhoneExplorer
2009-04-20 15:18 . 2005-04-03 16:29 -------- d-----w c:\program files\SpywareBlaster
2009-04-20 13:43 . 2006-09-22 13:14 -------- d-----w c:\program files\MSN Password Recovery
2009-04-20 09:33 . 2007-07-17 13:57 -------- d-----w c:\program files\a-squared Free
2009-04-19 23:19 . 2004-05-14 22:22 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-19 22:21 . 2008-04-25 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-19 20:37 . 2004-05-14 22:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 18:03 . 2004-03-14 14:49 -------- d-----w c:\documents and settings\Ed\Application Data\sb_temp
2009-04-19 17:49 . 2008-04-25 11:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-19 17:49 . 2008-04-25 11:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-19 17:48 . 2008-04-25 11:26 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
2009-04-18 10:59 . 2008-01-03 16:09 -------- d-----w c:\documents and settings\Ed\Application Data\BitTorrent
2009-04-14 10:55 . 2007-03-03 19:01 -------- d-----w c:\program files\MyPhoneExplorer
2009-04-14 08:35 . 2004-03-14 17:17 -------- d-----w c:\program files\mIRC
2009-04-13 10:13 . 2004-05-08 16:39 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-08 17:18 . 2009-04-13 19:42 156446 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2009-04-08 16:09 . 2006-07-25 14:22 -------- d-----w c:\program files\Common Files\LogoManager
2009-04-07 12:57 . 2005-08-02 08:16 -------- d-----w c:\documents and settings\Ed\Application Data\dvdcss
2009-04-05 09:43 . 2006-12-10 13:03 21282574 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-30 12:17 . 2008-03-05 23:01 -------- d-----w c:\program files\Windows Live
2009-03-26 13:14 . 2006-08-10 19:15 -------- d-----w c:\documents and settings\Ed\Application Data\Skype
2009-03-26 10:02 . 2008-08-25 20:24 -------- d-----w c:\documents and settings\Ed\Application Data\skypePM
2009-03-23 14:12 . 2004-03-15 11:28 71592 ----a-w c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-23 14:03 . 2009-03-23 14:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 13:48 . 2009-03-23 13:48 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-23 13:48 . 2004-02-26 14:48 -------- d-----w c:\program files\Java
2009-03-23 11:45 . 2004-07-07 08:58 -------- d-----w c:\program files\PestPatrol
2009-03-21 14:06 . 2002-08-29 05:00 989696 ----a-w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-15 10:55 . 2009-03-15 10:57 2191872 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\DLLCACHE\pdh.dll
2009-03-02 23:04 . 2004-01-21 16:15 1499136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-02-20 08:11 . 2004-07-07 17:37 3068416 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-02-20 08:10 . 2004-02-06 17:05 666112 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-02-20 08:10 . 2004-02-06 17:05 666112 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-02-20 08:10 . 2004-01-21 16:20 619520 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2009-02-20 08:10 . 2004-08-10 23:04 81920 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
2009-02-20 08:10 . 2004-08-10 23:04 81920 ------w c:\windows\SYSTEM32\ieencode.dll
2009-02-19 19:02 . 2009-02-19 19:04 104960 ----a-w c:\windows\Internet Logs\xDB29.tmp
2009-02-19 10:09 . 2009-02-19 10:11 1406976 ----a-w c:\windows\Internet Logs\xDB28.tmp
2009-02-18 17:32 . 2004-08-08 18:19 929 ----a-w C:\avi_log.txt
2009-02-09 12:10 . 2002-08-29 05:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2002-08-29 05:00 729088 ----a-w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2009-02-09 12:10 . 2004-05-04 18:49 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 12:10 . 2004-05-04 18:49 401408 ----a-w c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
2009-02-09 12:10 . 2002-08-29 05:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2002-08-29 05:00 714752 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntdll.dll
2009-02-09 12:10 . 2002-08-29 05:00 617472 ----a-w c:\windows\SYSTEM32\DLLCACHE\advapi32.dll
2009-02-09 12:10 . 2002-08-29 05:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 12:10 . 2002-08-29 05:00 473600 ----a-w c:\windows\SYSTEM32\DLLCACHE\fastprox.dll
2009-02-09 12:10 . 2002-08-29 05:00 453120 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmiprvsd.dll
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\win32k(2)(2).sys
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-07 18:02 . 1980-01-01 00:00 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-07 18:02 . 1980-01-01 00:00 2066048 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\SYSTEM32\sirenacm.dll
2009-02-06 11:11 . 2002-08-29 05:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:11 . 2002-08-29 05:00 110592 ----a-w c:\windows\SYSTEM32\DLLCACHE\services.exe
2009-02-06 11:08 . 1980-01-01 00:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 11:08 . 1980-01-01 00:00 2189056 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 00:27 2145280 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\DLLCACHE\sc.exe
2009-02-06 10:32 . 2008-10-15 00:27 2023936 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 10:10 . 2002-08-29 05:00 227840 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmiprvse.exe
2009-02-03 19:59 . 2002-08-29 05:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2009-02-03 19:59 . 2002-08-29 05:00 56832 ----a-w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2007-07-07 10:09 . 2007-07-07 10:09 47360 ----a-w c:\documents and settings\Ed\Application Data\pcouffin.sys
2006-07-11 18:07 . 2006-07-11 18:07 63888 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-03-24 20:35 . 2006-03-24 20:35 137 ----a-w c:\documents and settings\NetworkService\Local Settings\Application Data\fusioncache.dat
2004-08-09 20:45 . 2004-08-09 20:45 125 ----a-w c:\documents and settings\Ed\Local Settings\Application Data\fusioncache.dat
2009-01-03 01:2006-01-22 21:07 37:38 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-03 01:2006-01-22 21:07 37:38 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-03 01:2007-06-13 18:56 37:38 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-03 01:2007-06-13 18:56 37:43 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-03 01:2006-01-22 21:07 37:43 . c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_12.39.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-13 18:26 . 2009-04-21 19:02 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-08-13 18:26 . 2009-04-23 15:35 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-08-13 18:26 . 2009-04-23 15:35 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-08-13 18:26 . 2009-04-21 19:02 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Smile Brush"="c:\program files\Smile Brush\Smile Brush.exe" [2003-05-10 217088]
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2004-09-28 157184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-03 4800512]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-19 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-13 155648]
"GPPrinterNotify"="c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe" [2009-01-23 599968]
"atwtusb"="atwtusb.exe" - c:\windows\SYSTEM32\atwtusb.exe [2002-08-29 188416]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\SYSTEM32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DriveSelect.lnk - c:\program files\321Studios\Xpress\DriveSelect.exe [2003-5-5 217088]
GPLog.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\LOGWnd.exe [2009-2-14 21904]
GreenPrint Printer Notify.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe [2009-2-14 599968]
GreenPrint TrayIcon.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPTray.exe [2009-2-14 272272]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-03-07 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-19 17:48 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 GPClientService;GreenPrint Client Report Service;c:\program files\GreenPrint Technologies\GreenPrint World\GPClientService.exe [2008-12-30 126976]
R2 USBHSB;GeneLink File Transfer Driver; [x]
R3 ATHFMWDL;NETGEAR WG111T bootloader driver; [x]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\rt2500usb.sys [2004-07-16 140416]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\Drivers\pixmc10c.sys [2002-09-27 31232]
R3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\Drivers\pixmc10a.sys [2002-10-03 28060]
R3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\Drivers\pixmc10v.sys [2002-11-28 22652]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-19 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-19 108552]
S1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-01-07 19572]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-19 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-19 298264]
S2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\DRIVERS\BT848.sys [2001-12-07 260072]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2001-12-26 22016]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2001-08-22 13312]
S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [2004-11-01 237635]
S2 SVKP;SVKP;c:\windows\System32\SVKP.sys [2004-08-03 2368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyServer = webcache.virginmedia.com:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://d:\content\include\XPPatchInstaller.CAB
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37940.cab
DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://d:\content\include\msSecUcd.cab
FF - ProfilePath - c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\xcylc0hx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.quidco.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 19:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,64,ca,56,b1,d0,
05,44,26,c8,28,51,af,b0,29,a3,98,2e,76,05,2c,46,b2,d2,64,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,fc,7a,49,aa,98,
32,c7,46,71,3b,04,66,8b,46,0d,96,a9,5b,9e,5a,ce,74,c4,1e,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,dd,37,6d,4d,05,
e3,4b,67,25,da,ec,7e,55,20,c9,26,a8,26,ef,54,4d,d8,7b,f5,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,bd,73,e8,34,70,
63,58,44,3e,1e,9e,e0,57,5a,93,61,da,60,b5,f9,2b,55,ac,09,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,a5,00,e2,8f,67,
68,88,5c,cd,44,cd,b9,a6,33,6c,cd,32,47,71,1b,ac,ac,a7,70,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,32,eb,00,87,41,
2a,57,bc,b0,18,ed,a7,3f,8d,37,a4,ee,94,d0,ac,53,90,5a,8a,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,33,b1,d0,dc,90,
2e,09,5c,31,77,e1,ba,b1,f8,68,02,36,42,1a,da,5f,72,7f,59,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,63,67,fb,48,0e,
76,a6,99,83,6c,56,8b,a0,85,96,ab,07,85,ab,9a,63,1b,73,76,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,6e,54,01,17,db,
3b,96,e0,51,fa,6e,91,28,9e,14,cc,88,94,fd,01,ed,d4,df,48,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,9b,5e,9e,d4,9c,
e5,09,c5,b1,cd,45,5a,a8,c4,f8,b9,ab,07,30,a1,15,33,b9,e4,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,b0,85,88,5d,64,
7e,6c,8f,e3,0e,66,d5,eb,bc,2f,6b,f6,21,e2,97,9b,37,0c,55,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,51,1a,87,d7,12,
85,c4,b7,fa,ea,66,7f,d4,3b,6b,70,64,89,6a,53,7f,ef,38,ef,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-04-23 19:09
ComboFix-quarantined-files.txt 2009-04-23 18:09
ComboFix2.txt 2009-04-23 12:52
Pre-Run: 26,406,146,048 bytes free
Post-Run: 26,397,831,168 bytes free
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
358 --- E O F --- 2009-04-16 02:06
ComboFix 09-04-23.A1 - Ed 23/04/2009 19:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.936 [GMT 1:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ed\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
FILE ::
c:\windows\system32\0StcOSRQPRC2yEV.vbs
c:\windows\system32\0vSFz.vbs
c:\windows\system32\g5oZd4j.vbs
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\0StcOSRQPRC2yEV.vbs
c:\windows\system32\0vSFz.vbs
c:\windows\system32\g5oZd4j.vbs
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.
2009-04-22 10:08 . 2009-04-22 10:08 -------- d-----w c:\program files\ERUNT
2009-04-20 17:56 . 2009-04-20 20:37 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-20 15:17 . 2009-04-20 17:44 -------- d-----w c:\documents and settings\Ed\.housecall6.6
2009-04-18 11:49 . 2009-04-18 11:49 -------- d-----w c:\documents and settings\Ed\Local Settings\Application Data\{724BF354-BD29-4FBD-A245-25408141C37B}
2009-04-16 02:01 . 2009-04-16 02:06 1374 ----a-w c:\windows\imsins.BAK
2009-04-15 20:33 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-08 16:09 . 2009-04-08 16:09 -------- d-----w c:\documents and settings\Ed\Application Data\LogoManager
2009-04-08 16:08 . 2009-04-08 16:09 -------- d-----w c:\program files\Mobius Phone Explorer
2009-04-08 15:36 . 2009-04-20 13:42 -------- d-----w c:\program files\MobiMB Mobile Media Browser
2009-04-06 13:48 . 2009-04-06 13:48 -------- d-----w c:\program files\CCleaner
2009-03-31 17:23 . 2008-04-14 00:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-31 17:23 . 2008-04-14 00:12 18944 ----a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-03-31 17:22 . 2008-04-13 18:36 8832 ----a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-03-31 17:21 . 2008-04-13 18:45 17152 ----a-w c:\windows\system32\dllcache\usbohci.sys
2009-03-31 17:20 . 2008-04-14 00:12 82944 ----a-w c:\windows\system32\dllcache\tp4mon.exe
2009-03-31 17:20 . 2008-04-13 18:40 149376 ----a-w c:\windows\system32\dllcache\tffsport.sys
2009-03-31 17:20 . 2008-04-13 18:40 7552 ----a-w c:\windows\system32\dllcache\sonyait.sys
2009-03-31 17:20 . 2008-04-13 18:36 6912 ----a-w c:\windows\system32\dllcache\smbclass.sys
2009-03-31 17:19 . 2008-04-13 18:36 16000 ----a-w c:\windows\system32\dllcache\smbbatt.sys
2009-03-31 17:19 . 2008-04-13 18:45 11520 ----a-w c:\windows\system32\dllcache\scsiscan.sys
2009-03-31 17:19 . 2008-04-13 18:40 43904 ----a-w c:\windows\system32\dllcache\sbp2port.sys
2009-03-31 17:19 . 2008-04-14 00:12 29696 ----a-w c:\windows\system32\dllcache\rw450ext.dll
2009-03-31 17:19 . 2008-04-14 00:12 27648 ----a-w c:\windows\system32\dllcache\rw430ext.dll
2009-03-31 17:18 . 2008-04-13 18:40 79104 ----a-w c:\windows\system32\dllcache\rocket.sys
2009-03-31 17:18 . 2008-04-13 18:40 6016 ----a-w c:\windows\system32\dllcache\qic157.sys
2009-03-31 17:18 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\dllcache\ptpusd.dll
2009-03-31 17:18 . 2008-04-13 18:41 17664 ----a-w c:\windows\system32\dllcache\ppa3.sys
2009-03-31 17:18 . 2008-04-13 18:40 8832 ----a-w c:\windows\system32\dllcache\powerfil.sys
2009-03-31 17:18 . 2008-04-14 00:10 259328 ----a-w c:\windows\system32\dllcache\perm3dd.dll
2009-03-31 17:18 . 2008-04-13 18:44 28032 ----a-w c:\windows\system32\dllcache\perm3.sys
2009-03-31 17:18 . 2008-04-14 00:10 211584 ----a-w c:\windows\system32\dllcache\perm2dll.dll
2009-03-31 17:18 . 2008-04-13 18:44 27904 ----a-w c:\windows\system32\dllcache\perm2.sys
2009-03-31 17:17 . 2008-04-13 18:54 28672 ----a-w c:\windows\system32\dllcache\nscirda.sys
2009-03-31 17:17 . 2008-04-13 18:46 49024 ----a-w c:\windows\system32\dllcache\mstape.sys
2009-03-31 17:17 . 2008-04-13 18:54 22016 ----a-w c:\windows\system32\dllcache\msircomm.sys
2009-03-31 17:16 . 2008-04-13 18:41 26112 ----a-w c:\windows\system32\dllcache\memstpci.sys
2009-03-31 17:16 . 2008-04-13 18:40 7040 ----a-w c:\windows\system32\dllcache\ltotape.sys
2009-03-31 17:16 . 2008-04-13 18:40 34688 ----a-w c:\windows\system32\dllcache\lbrtfdc.sys
2009-03-31 17:16 . 2008-04-14 00:11 253952 ----a-w c:\windows\system32\dllcache\kdsusd.dll
2009-03-31 17:16 . 2008-04-14 00:11 48640 ----a-w c:\windows\system32\dllcache\kdsui.dll
2009-03-31 17:15 . 2008-04-14 00:09 6144 ----a-w c:\windows\system32\dllcache\kbd106.dll
2009-03-31 17:15 . 2008-04-13 18:54 88192 ----a-w c:\windows\system32\dllcache\irda.sys
2009-03-31 17:14 . 2002-08-29 05:00 10129408 ----a-w c:\windows\system32\dllcache\hwxkor.dll
2009-03-31 17:13 . 2008-04-13 18:36 20352 ----a-w c:\windows\system32\dllcache\hidbatt.sys
2009-03-31 17:13 . 2008-04-13 18:40 28288 ----a-w c:\windows\system32\dllcache\grserial.sys
2009-03-31 17:13 . 2008-04-13 18:45 59136 ----a-w c:\windows\system32\dllcache\gckernel.sys
2009-03-31 17:13 . 2008-04-13 18:45 10624 ----a-w c:\windows\system32\dllcache\gameenum.sys
2009-03-31 17:12 . 2008-04-14 00:12 20992 ----a-w c:\windows\system32\dllcache\dshowext.ax
2009-03-31 17:11 . 2008-04-13 18:39 206976 ----a-w c:\windows\system32\dllcache\dot4.sys
2009-03-31 17:11 . 2008-04-13 18:40 8320 ----a-w c:\windows\system32\dllcache\dlttape.sys
2009-03-31 17:11 . 2008-04-14 00:11 249856 ----a-w c:\windows\system32\dllcache\ctmasetp.dll
2009-03-31 17:11 . 2008-04-13 18:36 10240 ----a-w c:\windows\system32\dllcache\compbatt.sys
2009-03-31 17:10 . 2008-04-13 18:36 13952 ----a-w c:\windows\system32\dllcache\cmbatt.sys
2009-03-31 17:10 . 2008-04-13 18:40 8192 ----a-w c:\windows\system32\dllcache\changer.sys
2009-03-31 17:10 . 2008-04-14 00:11 121856 ----a-w c:\windows\system32\dllcache\camext30.dll
2009-03-31 17:09 . 2008-04-13 18:36 14208 ----a-w c:\windows\system32\dllcache\battc.sys
2009-03-31 17:09 . 2008-04-13 18:46 13696 ----a-w c:\windows\system32\dllcache\avcstrm.sys
2009-03-31 17:09 . 2008-04-13 18:40 96512 ----a-w c:\windows\system32\dllcache\atapi.sys
2009-03-31 17:08 . 2008-04-13 18:40 12288 ----a-w c:\windows\system32\dllcache\4mmdat.sys
2009-03-30 12:17 . 2009-03-30 12:17 -------- d-----w c:\program files\Microsoft
2009-03-30 12:17 . 2009-03-30 12:17 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-25 08:59 . 2009-03-30 12:17 -------- d-----w c:\program files\MSN Messenger
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 15:35 . 2008-08-13 18:26 34 ----a-w c:\documents and settings\Ed\jagex_runescape_preferences.dat
2009-04-23 14:35 . 2004-03-10 19:56 -------- d-----w c:\documents and settings\Ed\Application Data\MailWasherPro
2009-04-23 12:35 . 2008-04-13 10:27 716180 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 12:35 . 2008-04-13 10:27 61435936 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 12:12 . 2008-08-29 16:56 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-22 13:36 . 2004-08-12 11:40 -------- d-----w c:\program files\AVerTV2K
2009-04-22 11:44 . 2007-03-03 19:01 -------- d-----w c:\documents and settings\Ed\Application Data\MyPhoneExplorer
2009-04-20 15:18 . 2005-04-03 16:29 -------- d-----w c:\program files\SpywareBlaster
2009-04-20 13:43 . 2006-09-22 13:14 -------- d-----w c:\program files\MSN Password Recovery
2009-04-20 09:33 . 2007-07-17 13:57 -------- d-----w c:\program files\a-squared Free
2009-04-19 23:19 . 2004-05-14 22:22 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-19 22:21 . 2008-04-25 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-19 20:37 . 2004-05-14 22:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 18:03 . 2004-03-14 14:49 -------- d-----w c:\documents and settings\Ed\Application Data\sb_temp
2009-04-19 17:49 . 2008-04-25 11:26 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-19 17:49 . 2008-04-25 11:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-19 17:48 . 2008-04-25 11:26 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
2009-04-18 10:59 . 2008-01-03 16:09 -------- d-----w c:\documents and settings\Ed\Application Data\BitTorrent
2009-04-14 10:55 . 2007-03-03 19:01 -------- d-----w c:\program files\MyPhoneExplorer
2009-04-14 08:35 . 2004-03-14 17:17 -------- d-----w c:\program files\mIRC
2009-04-13 10:13 . 2004-05-08 16:39 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-08 17:18 . 2009-04-13 19:42 156446 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2009-04-08 16:09 . 2006-07-25 14:22 -------- d-----w c:\program files\Common Files\LogoManager
2009-04-07 12:57 . 2005-08-02 08:16 -------- d-----w c:\documents and settings\Ed\Application Data\dvdcss
2009-04-05 09:43 . 2006-12-10 13:03 21282574 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-30 12:17 . 2008-03-05 23:01 -------- d-----w c:\program files\Windows Live
2009-03-26 13:14 . 2006-08-10 19:15 -------- d-----w c:\documents and settings\Ed\Application Data\Skype
2009-03-26 10:02 . 2008-08-25 20:24 -------- d-----w c:\documents and settings\Ed\Application Data\skypePM
2009-03-23 14:12 . 2004-03-15 11:28 71592 ----a-w c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-23 14:03 . 2009-03-23 14:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-23 13:48 . 2009-03-23 13:48 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-23 13:48 . 2004-02-26 14:48 -------- d-----w c:\program files\Java
2009-03-23 11:45 . 2004-07-07 08:58 -------- d-----w c:\program files\PestPatrol
2009-03-21 14:06 . 2002-08-29 05:00 989696 ----a-w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-15 10:55 . 2009-03-15 10:57 2191872 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\DLLCACHE\pdh.dll
2009-03-02 23:04 . 2004-01-21 16:15 1499136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-02-20 08:11 . 2004-07-07 17:37 3068416 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-02-20 08:10 . 2004-02-06 17:05 666112 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-02-20 08:10 . 2004-02-06 17:05 666112 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-02-20 08:10 . 2004-01-21 16:20 619520 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
2009-02-20 08:10 . 2004-08-10 23:04 81920 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
2009-02-20 08:10 . 2004-08-10 23:04 81920 ------w c:\windows\SYSTEM32\ieencode.dll
2009-02-19 19:02 . 2009-02-19 19:04 104960 ----a-w c:\windows\Internet Logs\xDB29.tmp
2009-02-19 10:09 . 2009-02-19 10:11 1406976 ----a-w c:\windows\Internet Logs\xDB28.tmp
2009-02-18 17:32 . 2004-08-08 18:19 929 ----a-w C:\avi_log.txt
2009-02-09 12:10 . 2002-08-29 05:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2002-08-29 05:00 729088 ----a-w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2009-02-09 12:10 . 2004-05-04 18:49 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 12:10 . 2004-05-04 18:49 401408 ----a-w c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
2009-02-09 12:10 . 2002-08-29 05:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2002-08-29 05:00 714752 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntdll.dll
2009-02-09 12:10 . 2002-08-29 05:00 617472 ----a-w c:\windows\SYSTEM32\DLLCACHE\advapi32.dll
2009-02-09 12:10 . 2002-08-29 05:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 12:10 . 2002-08-29 05:00 473600 ----a-w c:\windows\SYSTEM32\DLLCACHE\fastprox.dll
2009-02-09 12:10 . 2002-08-29 05:00 453120 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmiprvsd.dll
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\win32k(2)(2).sys
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-07 18:02 . 1980-01-01 00:00 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-07 18:02 . 1980-01-01 00:00 2066048 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\SYSTEM32\sirenacm.dll
2009-02-06 11:11 . 2002-08-29 05:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:11 . 2002-08-29 05:00 110592 ----a-w c:\windows\SYSTEM32\DLLCACHE\services.exe
2009-02-06 11:08 . 1980-01-01 00:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 11:08 . 1980-01-01 00:00 2189056 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 00:27 2145280 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\DLLCACHE\sc.exe
2009-02-06 10:32 . 2008-10-15 00:27 2023936 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 10:10 . 2002-08-29 05:00 227840 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmiprvse.exe
2009-02-03 19:59 . 2002-08-29 05:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2009-02-03 19:59 . 2002-08-29 05:00 56832 ----a-w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2007-07-07 10:09 . 2007-07-07 10:09 47360 ----a-w c:\documents and settings\Ed\Application Data\pcouffin.sys
2006-07-11 18:07 . 2006-07-11 18:07 63888 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-03-24 20:35 . 2006-03-24 20:35 137 ----a-w c:\documents and settings\NetworkService\Local Settings\Application Data\fusioncache.dat
2004-08-09 20:45 . 2004-08-09 20:45 125 ----a-w c:\documents and settings\Ed\Local Settings\Application Data\fusioncache.dat
2009-01-03 01:2006-01-22 21:07 37:38 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-03 01:2006-01-22 21:07 37:38 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-03 01:2007-06-13 18:56 37:38 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-03 01:2007-06-13 18:56 37:43 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-03 01:2006-01-22 21:07 37:43 . c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_12.39.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-13 18:26 . 2009-04-21 19:02 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-08-13 18:26 . 2009-04-23 15:35 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-08-13 18:26 . 2009-04-23 15:35 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-08-13 18:26 . 2009-04-21 19:02 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Smile Brush"="c:\program files\Smile Brush\Smile Brush.exe" [2003-05-10 217088]
"Bandwidth Monitor Pro"="c:\program files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2004-09-28 157184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-03 4800512]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-19 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-13 155648]
"GPPrinterNotify"="c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe" [2009-01-23 599968]
"atwtusb"="atwtusb.exe" - c:\windows\SYSTEM32\atwtusb.exe [2002-08-29 188416]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\SYSTEM32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DriveSelect.lnk - c:\program files\321Studios\Xpress\DriveSelect.exe [2003-5-5 217088]
GPLog.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\LOGWnd.exe [2009-2-14 21904]
GreenPrint Printer Notify.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe [2009-2-14 599968]
GreenPrint TrayIcon.lnk - c:\program files\GreenPrint Technologies\GreenPrint World\GPTray.exe [2009-2-14 272272]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-03-07 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-19 17:48 10520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 GPClientService;GreenPrint Client Report Service;c:\program files\GreenPrint Technologies\GreenPrint World\GPClientService.exe [2008-12-30 126976]
R2 USBHSB;GeneLink File Transfer Driver; [x]
R3 ATHFMWDL;NETGEAR WG111T bootloader driver; [x]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\rt2500usb.sys [2004-07-16 140416]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\Drivers\pixmc10c.sys [2002-09-27 31232]
R3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\Drivers\pixmc10a.sys [2002-10-03 28060]
R3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\Drivers\pixmc10v.sys [2002-11-28 22652]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-19 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-19 108552]
S1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-01-07 19572]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-19 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-19 298264]
S2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\DRIVERS\BT848.sys [2001-12-07 260072]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2001-12-26 22016]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2001-08-22 13312]
S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [2004-11-01 237635]
S2 SVKP;SVKP;c:\windows\System32\SVKP.sys [2004-08-03 2368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyServer = webcache.virginmedia.com:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://d:\content\include\XPPatchInstaller.CAB
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37940.cab
DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://d:\content\include\msSecUcd.cab
FF - ProfilePath - c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\xcylc0hx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.quidco.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 19:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,64,ca,56,b1,d0,
05,44,26,c8,28,51,af,b0,29,a3,98,2e,76,05,2c,46,b2,d2,64,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,fc,7a,49,aa,98,
32,c7,46,71,3b,04,66,8b,46,0d,96,a9,5b,9e,5a,ce,74,c4,1e,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,dd,37,6d,4d,05,
e3,4b,67,25,da,ec,7e,55,20,c9,26,a8,26,ef,54,4d,d8,7b,f5,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,bd,73,e8,34,70,
63,58,44,3e,1e,9e,e0,57,5a,93,61,da,60,b5,f9,2b,55,ac,09,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,a5,00,e2,8f,67,
68,88,5c,cd,44,cd,b9,a6,33,6c,cd,32,47,71,1b,ac,ac,a7,70,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,32,eb,00,87,41,
2a,57,bc,b0,18,ed,a7,3f,8d,37,a4,ee,94,d0,ac,53,90,5a,8a,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,33,b1,d0,dc,90,
2e,09,5c,31,77,e1,ba,b1,f8,68,02,36,42,1a,da,5f,72,7f,59,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,63,67,fb,48,0e,
76,a6,99,83,6c,56,8b,a0,85,96,ab,07,85,ab,9a,63,1b,73,76,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,6e,54,01,17,db,
3b,96,e0,51,fa,6e,91,28,9e,14,cc,88,94,fd,01,ed,d4,df,48,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,9b,5e,9e,d4,9c,
e5,09,c5,b1,cd,45,5a,a8,c4,f8,b9,ab,07,30,a1,15,33,b9,e4,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,b0,85,88,5d,64,
7e,6c,8f,e3,0e,66,d5,eb,bc,2f,6b,f6,21,e2,97,9b,37,0c,55,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,51,1a,87,d7,12,
85,c4,b7,fa,ea,66,7f,d4,3b,6b,70,64,89,6a,53,7f,ef,38,ef,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-04-23 19:09
ComboFix-quarantined-files.txt 2009-04-23 18:09
ComboFix2.txt 2009-04-23 12:52
Pre-Run: 26,406,146,048 bytes free
Post-Run: 26,397,831,168 bytes free
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
358 --- E O F --- 2009-04-16 02:06
Here are the Logs
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, April 24, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, April 24, 2009 09:11:47
Records in database: 2074498
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 89208
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:16:54
File name / Threat name / Threats count
C:\Documents and Settings\Ed\Desktop\Stuff\MiRC.v6.16.WinALL.Incl.Keygen-NGEN\Mirc\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\Ed\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Downloader.Win32.Agent.aqj 1
C:\Documents and Settings\Ed\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Spy.HTML.Bayfraud.ev 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 1
C:\Qoobox\Quarantine\C\WINDOWS\ldp1nd10.dll.vir Infected: Trojan.Win32.Agent.ccmr 1
The selected area was scanned.
Delete this:
C:\Documents and Settings\Ed\Desktop\Stuff\MiRC.v6.16.WinALL.Incl.Keygen-NGEN
Empty this folder:
C:\Qoobox\Quarantine
Empty Recycle Bin.
Still problems?
Deleted the 3 files
Are these email files harmfull?
Outlook Express\Inbox.dbx Infected: Trojan-Downloader.Win32.Agent.aqj 1
Microsoft\Outlook\Outlook.pst Infected: Trojan-Spy.HTML.Bayfraud.ev 1
They are but unfortunately kaspersky doesn't list any more individual infected emails.
You can of course delete all suspect emails from those mailboxes.
I will have a browse through emails to see if I can find the culprits!
I am ever so gratefull for the help and time that you have afforded
me and wish you well....Keep up the good work :bigthumb:
Should I uninstal Combofix?
Regards
Eddd2
Great :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Hi Shaba,
Have completed your instructions
to remove Combofix and installed & run CCleaner
Once again many thanks for your assistance
regards
Eddd2
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.