View Full Version : Win32.Agent.pz not being removed by Spybot
kdyteejay
2009-05-11, 23:17
Hi there, I'm currently battling with the win32.agent.pz virus and have been for 3 days. I have run out of ideas so here I am.
I ran spybot which said it found win32.agent.pz. Everytime I run it I click 'fix' and it says the items have been fixed, but when I restart my machine they reappear.
Hands up at this point. I have just read the 'Before you log' post and realise that I should not have run programs like combofix without being told, but as I say I was hunting round for solutions and only now that I am posting this did I read 'before you post'. I hope I have not made this any more difficult than it needs to be.
Please find my hijack logs to help out.. Thanks in advance Tom.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:40, on 11/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Spyware\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 15469 bytes
Hi kdyteejay
Please post next spybot report and fresh HijackThis log taken in normal mode :)
kdyteejay
2009-05-12, 21:01
Hi Shaba,
thank you for the assistance. Here are the Hijack This and Spybot reports as requested. I will post the spybot report as separate reply due to size.
For you information any time I click on an icon an installer window attempts to install Adobe Acrobat 8.1.0.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:59, on 12/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Apoint\HidFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Spyware\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\componentlauncher.exe
C:\WINDOWS\SoftwareDistribution\Download\491a2c8e1582f5cdd01f8b3da4b8ef7d\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 18207 bytes
kdyteejay
2009-05-12, 21:03
Hi Shaba
here is the spybot report
--- Search result list ---
Win32.Agent.pz: [SBI $7EC6899E] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID
Win32.Agent.pz: [SBI $8980C6CD] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID
Win32.Agent.pz: [SBI $0F1C75F7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-05-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-03-25 Includes\Adware.sbi (*)
2009-05-05 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-05-05 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-04-21 Includes\Hijackers.sbi (*)
2009-05-05 Includes\HijackersC.sbi (*)
2009-05-06 Includes\Keyloggers.sbi (*)
2009-05-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-05-05 Includes\Malware.sbi (*)
2009-05-05 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-05-05 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-05-05 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-05-05 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-04-29 Includes\Trojans.sbi (*)
2009-05-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows Media Encoder: Security Update for Windows Media Encoder (KB954156)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Security Update for Windows XP (KB944338-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB963027)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run, Acrobat Assistant 8.0
command: "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
size: 624248
MD5: 4D042B1F1375CF371AFBE0E0276BA627
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 176128
MD5: BDF765B33972A95AE8B5C5262D5E1325
Located: HK_LM:Run, BDRegion
command: C:\Program Files\Cyberlink\Shared Files\brs.exe
file: C:\Program Files\Cyberlink\Shared Files\brs.exe
size: 91432
MD5: 52D24864F876780D379409979921B263
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 52896
MD5: 1918A1D8E67A6452720797919FA520C9
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 696320
MD5: 4E984DF322DBEEFBD92A54C03DA43C37
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 802816
MD5: 8EDB7E5FEB26EA4E2BE78053831F32DC
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 7401472
MD5: F9BF123790ED9B0491147D7B8191CBEB
Located: HK_LM:Run, NVHotkey
command: rundll32.exe nvHotkey.dll,Start
file: C:\WINDOWS\system32\nvHotkey.dll
size: 73728
MD5: 0EA63EBB1D375217B96768463548DF6B
Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: AE0A7905C97BA30211C700C3E12DFD83
Located: HK_LM:Run, PDVD8LanguageShortcut
command: "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
file: C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
size: 50472
MD5: AA62A9A6CE962107761775C66F49AD53
Located: HK_LM:Run, RemoteControl8
command: "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
file: C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
size: 83240
MD5: 0A80BED61A1729DAB9499BC5A9B515A9
Located: HK_LM:Run, RoxioDragToDisc
command: "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
file: C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
size: 1116920
MD5: BD57A6AFA05DF87BCAE9BB11FB0C4DDE
Located: HK_LM:Run, SigmatelSysTrayApp
command: stsystra.exe
file: C:\WINDOWS\stsystra.exe
size: 282624
MD5: AD2506958DE1937C16C553C0A1BE0572
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 99984
MD5: EE77F6613CEF0F7A118D8B14A630C919
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
file: C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
size: 90112
MD5: 4B954730657F43B88A308C41FE570331
Located: HK_LM:Run, YBrowser
command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 129536
MD5: 2EF423CB1782744666C3A9B827C7AA9C
Located: HK_LM:Run, YOP
command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
file: C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 509224
MD5: 176A0FA6851AB08491AA4EFB4D0258EF
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, ctfmon.exe
where: PE_C_BACKUP...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, DAEMON Tools
where: PE_C_BACKUP...
command: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
file: C:\Program Files\DAEMON Tools\daemon.exe
size: 171464
MD5: FCB7866A653C9FD15E7A71EF3E8FA7E7
Located: HK_CU:Run, DellSupport
where: PE_C_BACKUP...
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 395776
MD5: 825EDDDB0521EB2183C7E3C45BB5FE97
Located: HK_CU:Run, ModemOnHold
where: PE_C_BACKUP...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1
Located: HK_CU:Run, BitTorrent
where: PE_C_TJONES.ANDREW...
command: "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
file: C:\Program Files\BitTorrent\bittorrent.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: PE_C_TJONES.ANDREW...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, EPSON Stylus Photo R220 Series
where: PE_C_TJONES.ANDREW...
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_S166.tmp" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
size: 177664
MD5: D6E641ECC09C3FBFBFAEA96C58230991
Located: HK_CU:Run, eyeBeam SIP Client
where: PE_C_TJONES.ANDREW...
command: "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
file: C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe
size: 19857408
MD5: D37AF5B764F454A6302B6084F51D8A75
Located: HK_CU:Run, ModemOnHold
where: PE_C_TJONES.ANDREW...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1
Located: HK_CU:Run, Yahoo! Pager
where: PE_C_TJONES.ANDREW...
command: C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, DellSupport
where: S-1-5-21-544167479-3238991017-1866274268-1005...
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 395776
MD5: 825EDDDB0521EB2183C7E3C45BB5FE97
Located: HK_CU:Run, ModemOnHold
where: S-1-5-21-544167479-3238991017-1866274268-1005...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1
Located: HK_CU:RunOnce, NeroHomeFirstStart
where: S-1-5-21-544167479-3238991017-1866274268-1005...
command: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
file: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Creative WebCam Tray
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: C:\Program Files\Creative\Shared Files\CamTray.exe
file: C:\Program Files\Creative\Shared Files\CamTray.exe
size: 299008
MD5: 2AA7EE2774035050512F438C2DF052A2
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, EPSON Stylus Photo R220 Series
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
size: 177664
MD5: D6E641ECC09C3FBFBFAEA96C58230991
Located: HK_CU:Run, eyeBeam SIP Client
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
file: C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe
size: 19857408
MD5: D37AF5B764F454A6302B6084F51D8A75
Located: HK_CU:Run, internat
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: C:\WINDOWS\internat.exe
file: C:\WINDOWS\internat.exe
size: 75264
MD5: 599618FCA313395BC5A6D73BC2D6B19F
Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: A8972A2F9A744DD5EE0BFE429D767F1C
Located: HK_CU:Run, SYS32DLL
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: SYS32DLL
file: SYS32DLL
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-544167479-3238991017-1866274268-1012...
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-544167479-3238991017-1866274268-1013...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, DellSupport
where: S-1-5-21-544167479-3238991017-1866274268-500...
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 395776
MD5: 825EDDDB0521EB2183C7E3C45BB5FE97
Located: HK_CU:Run, ModemOnHold
where: S-1-5-21-544167479-3238991017-1866274268-500...
command: C:\Program Files\NetWaiting\netWaiting.exe
file: C:\Program Files\NetWaiting\netWaiting.exe
size: 20480
MD5: 676B1D0BFA5EF8005395AB43F33DE1F1
Located: HK_CU:RunOnce, NeroHomeFirstStart
where: S-1-5-21-544167479-3238991017-1866274268-500...
command: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
file: C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: Startup (common), Windows Desktop Search.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 118784
MD5: 946467B375D696FA073A6B9370A4C6CE
Located: Startup (user), SpywareGuard.lnk
where: C:\Documents and Settings\admin\Start Menu\Programs\Startup...
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61C028ABA5E49573A6332F4A7C744E87
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 45056
MD5: 4F08576DA1C93A5EC62EB2AD6EC3D084
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: yt.dll
Short name:
Date (created): 13/04/2007 22:27:12
Date (last access): 12/05/2009 18:30:26
Date (last write): 26/10/2006 10:28:40
Filesize: 440384
Attributes: archive
MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
CRC32: 9ED93A02
Version: 2006.10.26.1
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 23/10/2006 00:08:42
Date (last access): 12/05/2009 17:47:34
Date (last write): 23/10/2006 00:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 08/12/2007 17:20:00
Date (last access): 12/05/2009 17:47:34
Date (last write): 08/12/2007 17:20:00
Filesize: 370296
Attributes: archive
MD5: 4D630E9EF94CF8814DFD0E5938230822
CRC32: 02C3DBBF
Version: 1.0.0.522
{4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuard Download Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SpywareGuard Download Protection
CLSID name: SpywareGuardDLBLOCK.CBrowserHelper
description: SpywareGuard download protection
classification: Legitimate
known filename: dlprotect.dll
info link: http://www.wilderssecurity.net/spywareguard.html
info source: TonyKlein
Path: C:\Program Files\SpywareGuard\
Long name: dlprotect.dll
Short name: DLPROT~1.DLL
Date (created): 03/08/2003 00:24:02
Date (last access): 12/05/2009 17:47:34
Date (last write): 03/08/2003 00:24:02
Filesize: 192512
Attributes: readonly archive
MD5: 964621E8B2415FEAA99026ED4F29D198
CRC32: DC8CF59D
Version: 2.2.0.0
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 08/05/2009 19:29:06
Date (last access): 12/05/2009 17:47:34
Date (last write): 26/01/2009 15:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 23/03/2007 21:29:14
Date (last access): 12/05/2009 18:01:18
Date (last write): 31/10/2006 16:33:54
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 05/08/2008 22:26:36
Date (last access): 12/05/2009 18:30:26
Date (last write): 10/06/2008 04:27:02
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 17/02/2009 17:11:04
Date (last access): 12/05/2009 17:47:38
Date (last write): 17/02/2009 17:11:04
Filesize: 408440
Attributes: archive
MD5: 1A82C1B9BB43385695EFC3A84F6756A2
CRC32: 75E558CA
Version: 5.0.818.6
{9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ask Search Assistant BHO
CLSID name:
{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 04/11/2007 22:37:32
Date (last access): 12/05/2009 17:47:38
Date (last write): 10/05/2007 23:47:04
Filesize: 321120
Attributes: archive
MD5: FF29E3FB75E7726EE002B65A9F2D4A6E
CRC32: 1831F50E
Version: 8.1.0.0
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 19/10/2007 11:20:48
Date (last access): 12/05/2009 17:47:38
Date (last write): 19/10/2007 11:20:48
Filesize: 546320
Attributes: archive
MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
CRC32: 12446524
Version: 3.1.0.146
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: CBrowserHelperObject Object
Path: C:\Program Files\BAE\
Long name: BAE.dll
Short name:
Date (created): 12/03/2007 12:05:54
Date (last access): 12/05/2009 17:47:40
Date (last write): 17/11/2006 05:32:40
Filesize: 98304
Attributes: archive
MD5: 28E1B808DD272CBD8F5667959DEB61C1
CRC32: 1ED1D667
Version: 1.2.0.2
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (SidebarAutoLaunch Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\
Long name: YSidebarIEBHO.dll
Short name: YSIDEB~2.DLL
Date (created): 23/03/2007 21:27:54
Date (last access): 12/05/2009 18:01:18
Date (last write): 03/02/2005 18:07:08
Filesize: 124032
Attributes: archive
MD5: 0645DBCBDB3F4A69AEE13F4B5F9C4291
CRC32: 75CB3FBB
Version: 2004.8.3.1
{FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ask Toolbar BHO
CLSID name: Ask Toolbar BHO
Path: C:\Program Files\AskTBar\bar\1.bin\
Long name: ASKTBAR.DLL
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{00000055-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\fhg.inf
Codebase: http://codecs.microsoft.com/codecs/i386/fhg.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 04/11/2008 11:31:14
Date (last access): 10/05/2009 22:47:26
Date (last write): 04/11/2008 11:31:14
Filesize: 779568
Attributes: archive
MD5: 7977EEA67691BA941CED002B13633ECE
CRC32: 3C521BFC
Version: 7.55.90.70
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer: C:\Program Files\Yahoo!\common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: Yinsthelper20073151.dll
Short name: YINSTH~3.DLL
Date (created): 16/03/2007 02:49:04
Date (last access): 17/04/2009 03:03:52
Date (last write): 16/03/2007 02:49:04
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1
{48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control)
DPF name:
CLSID name: MySpace Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\MySpaceUploader.inf
Codebase: http://lads.myspace.com/upload/MySpaceUploader1006.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MySpaceUploader.ocx
Short name: MYSPAC~1.OCX
Date (created): 31/10/2007 14:03:14
Date (last access): 17/04/2009 03:03:54
Date (last write): 01/02/2008 04:17:04
Filesize: 2637440
Attributes: archive
MD5: 2245B3CAE09AF148D983F88F62153628
CRC32: A47295FA
Version: 1.0.0.6
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control)
DPF name:
CLSID name: Image Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
Codebase: http://www.microquiz.eu/ImageUploader5.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ImageUploader5.ocx
Short name: IMAGEU~2.OCX
Date (created): 12/09/2008 18:03:44
Date (last access): 17/04/2009 03:03:54
Date (last write): 12/09/2008 18:03:44
Filesize: 3552776
Attributes: archive
MD5: 74CD7B363F860B72EE605EFF90A61A82
CRC32: 0EA96110
Version: 5.5.6.0
{61628958-4627-48F4-99FD-30719188568D} (XCheck Control)
DPF name:
CLSID name: XCheck Control
Installer: C:\WINDOWS\Downloaded Program Files\XCheck.INF
Codebase: http://www.ifrontiers.com/ActiveX/XCheck.CAB
Path: C:\WINDOWS\system32\
Long name: XCheck.OCX
Short name:
Date (created): 17/08/2006 12:24:00
Date (last access): 17/04/2009 03:03:54
Date (last write): 17/08/2006 12:24:00
Filesize: 56632
Attributes: archive
MD5: EFD28B5EE575AF4215BF2AE1C6F7CF54
CRC32: 3A5FF5DA
Version: 1.0.0.5
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 11/08/2004 18:12:56
Date (last access): 12/05/2009 17:59:04
Date (last write): 16/10/2008 14:13:40
Filesize: 202776
Attributes: archive
MD5: 1865594AFE88C27A127FF4CF492734B0
CRC32: F48FD025
Version: 7.2.6001.788
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 28/02/2007 12:44:30
Date (last access): 12/05/2009 17:59:00
Date (last write): 16/10/2008 15:06:48
Filesize: 208744
Attributes: archive
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control)
DPF name:
CLSID name: Image Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf
Codebase: http://www.microquiz.eu/ImageUploader4.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ImageUploader4.ocx
Short name: IMAGEU~1.OCX
Date (created): 06/06/2007 19:34:50
Date (last access): 17/04/2009 03:03:54
Date (last write): 06/06/2007 19:34:50
Filesize: 2631480
Attributes: archive
MD5: A581AA0039CF0109C31D00DEDD51DCA6
CRC32: BA370685
Version: 4.5.4.0
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control)
DPF name:
CLSID name: Windows Live Photo Upload Control
Installer: C:\WINDOWS\Downloaded Program Files\MSNPUpld.inf
Codebase: http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 02/08/2007 11:31:32
Date (last access): 12/05/2009 17:54:50
Date (last write): 02/08/2007 11:31:32
Filesize: 360320
Attributes: archive
MD5: C670858E2347EAB5C9507A91A142210F
CRC32: B1C9923E
Version: 10.0.916.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-6u7.inf
Codebase: http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 17/04/2009 03:03:52
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 02/03/2006 14:52:58
Date (last access): 17/04/2009 03:03:54
Date (last write): 10/11/2005 14:22:12
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 12/05/2009 18:42:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10/06/2008 02:32:34
Date (last access): 12/05/2009 18:42:04
Date (last write): 10/06/2008 04:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10a.ocx
Short name:
Date (created): 05/10/2008 04:16:26
Date (last access): 10/05/2009 22:42:10
Date (last write): 05/10/2008 04:16:26
Filesize: 3789728
Attributes: readonly archive
MD5: 466C1355934925768822E380DA6E6E4A
CRC32: 48EC1E52
Version: 10.0.12.36
{E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class)
DPF name:
CLSID name: LoaderOnline Class
Installer: C:\WINDOWS\Downloaded Program Files\bootstrapXP.inf
Codebase: https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: bootstraponline.dll
Short name: BOOTST~1.DLL
Date (created): 09/09/2008 12:49:46
Date (last access): 09/05/2009 00:47:30
Date (last write): 09/09/2008 12:49:46
Filesize: 815104
Attributes: archive
MD5: 3B8EB18359619BEE000DDEA778567D31
CRC32: FD5D5415
Version: 2.6.10.107
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class)
DPF name:
CLSID name: Photo Upload Plugin Class
Installer: C:\WINDOWS\Downloaded Program Files\PCAXSetup.inf
Codebase: http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Photochannel.dll
Short name: PHOTOC~1.DLL
Date (created): 12/05/2008 17:54:50
Date (last access): 09/05/2009 00:47:32
Date (last write): 12/05/2008 17:54:50
Filesize: 367696
Attributes: archive
MD5: 461D111A58736ADA22F0C0465A8868FC
CRC32: 21FFAB03
Version: 2.0.0.11
{F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
DPF name:
CLSID name: Creative Software AutoUpdate Support Package
Installer: C:\WINDOWS\Downloaded Program Files\CTPID.inf
Codebase: http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
description:
classification: Legitimate
known filename: CTPID.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\
Long name: CTPID.ocx
Short name:
Date (created): 02/09/2008 17:59:30
Date (last access): 17/04/2009 03:03:56
Date (last write): 06/08/2008 11:41:46
Filesize: 37616
Attributes: archive
MD5: D69AA2D5EB073B9C8403A7EC16720F3E
CRC32: D4D7FA3E
Version: 1.0.48.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 1236 (1120) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1260 (1120) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1304 (1260) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 37561F8D4160D62DA86D24AE41FAE8DE
PID: 1316 (1260) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1504 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1572 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1612 (1304) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1664 (1304) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 434176
MD5: 788C72B145C75A7EE5F5D6A32542D912
PID: 1744 (1304) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 946176
MD5: C17C3A529CE14012F9731A6E264C1911
PID: 1764 (1304) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
size: 290816
MD5: 22516ED8E0D89323D4E0D9CCC2848819
PID: 1876 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2000 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 416 (1304) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 456 (1304) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
PID: 564 (1304) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 192160
MD5: 0A6786C95A6F8715AA4285E3C27F201F
PID: 604 (1304) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169632
MD5: 3B4898CF051BB04FB76E94361E336A83
PID: 636 (1304) C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
size: 32768
MD5: F8146A2B29866884A6C785FF40EB38A9
PID: 660 (1304) C:\WINDOWS\system32\DVDRAMSV.exe
size: 106496
MD5: 77C4901986FC7A83E853B300E80D234B
PID: 676 (1304) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
size: 113664
MD5: 3FCCE2927E79A3F84AAAE90250F3F8F2
PID: 728 (1304) C:\Program Files\Common Files\Motive\McciCMService.exe
size: 303104
MD5: 67B6F4E0DB57DD2020A2415294BA4ED8
PID: 772 (1304) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 880 (1304) C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
size: 610304
MD5: AC37351CEF1D50C3010B04A73B27665C
PID: 936 (1304) C:\WINDOWS\system32\nvsvc32.exe
size: 143428
MD5: F99A2F3A79E8E37D6B4AE2A269AEFEEA
PID: 968 (1304) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 327680
MD5: D8894ACEFE1A607DE7D0E628285BFFF4
PID: 1032 (1304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 152 (1304) C:\WINDOWS\system32\Pen_Tablet.exe
size: 3032360
MD5: 5781D4C12D0D204447F9936D421C1B80
PID: 1172 (1304) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
size: 49152
MD5: CA90D2C55EB3BB90687677BEA3DB0B59
PID: 1232 (1304) C:\WINDOWS\system32\SearchIndexer.exe
size: 300032
MD5: 2EC497AA4B728D1B1A368ACF2E309E8B
PID: 2752 (1504) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 3100 (1304) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 4052 (3956) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2268 (4052) C:\Program Files\Apoint\Apoint.exe
size: 176128
MD5: BDF765B33972A95AE8B5C5262D5E1325
PID: 2908 (2268) C:\Program Files\Apoint\HidFind.exe
size: 45056
MD5: DFCB0A7BCBC97922F2EE24FE11318C6C
PID: 2676 (2896) C:\Program Files\Apoint\Apntex.exe
size: 45056
MD5: 4C737FE32049AF0547827C3EB49AC3C0
PID: 3468 (2500) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 360 (4052) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 332 (1612) C:\WINDOWS\system32\wuauclt.exe
size: 51224
MD5: E654B78D2F1D791B30D0ED9A8195EC22
PID: 3472 (1232) C:\WINDOWS\system32\SearchProtocolHost.exe
size: 182784
MD5: 4B0EA20D942AF11584D2D72A8419E3CB
PID: 1952 (1232) C:\WINDOWS\system32\SearchFilterHost.exe
size: 76800
MD5: 0B57A82B223AA3CFDD264D9DB8491D43
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/05/2009 18:42:06
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{49F1A700-EBEB-48CB-8D44-BC117B134704}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{49F1A700-EBEB-48CB-8D44-BC117B134704}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DDED692B-0923-4F7D-89A2-26AC23E2F305}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DDED692B-0923-4F7D-89A2-26AC23E2F305}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC745C70-080F-444F-A411-593D311AFB8A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC745C70-080F-444F-A411-593D311AFB8A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB546E9D-4931-4AC8-A9A4-462E1A837DAA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB546E9D-4931-4AC8-A9A4-462E1A837DAA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA219350-B25F-4304-B0A7-CA6C15D25C3F}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA219350-B25F-4304-B0A7-CA6C15D25C3F}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E796049-C0F7-459A-8107-BC4DBD6F56C1}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E796049-C0F7-459A-8107-BC4DBD6F56C1}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F485B183-4D61-4967-8F02-B0E94EA9FEBB}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F485B183-4D61-4967-8F02-B0E94EA9FEBB}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste the file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
C:\WINDOWS\system32\pavuppad.exe
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
kdyteejay
2009-05-12, 23:01
Hi Shaba,
I cannot find this file. I ensured I was checking for hidden files in the search
kdyteejay
2009-05-12, 23:14
Hi Shaba,
I can find it id I start windows in safe mode. but cannot access internet in this mode. Also if I try to copy the file I get message 'cannot copy - it is used by another program' Any ideas?
kdyteejay
2009-05-12, 23:32
Hi Shaba, managed to get what you wanted
File pavuppad.exe received on 05.12.2009 22:28:37 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 5/40 (12.5%)
Loading server information...
Your file is queued in position: 6.
Estimated start time is between 77 and 110 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.12 -
AhnLab-V3 5.0.0.2 2009.05.12 -
AntiVir 7.9.0.166 2009.05.12 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.05.12 -
Authentium 5.1.2.4 2009.05.12 -
Avast 4.8.1335.0 2009.05.12 -
AVG 8.5.0.327 2009.05.12 -
BitDefender 7.2 2009.05.12 -
CAT-QuickHeal 10.00 2009.05.12 -
ClamAV 0.94.1 2009.05.12 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.12 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6501 2009.05.12 -
F-Prot 4.4.4.56 2009.05.12 -
F-Secure 8.0.14470.0 2009.05.12 Trojan-Spy.Win32.Zbot.tml
Fortinet 3.117.0.0 2009.05.12 -
GData 19 2009.05.12 -
Ikarus T3.1.1.49.0 2009.05.12 -
K7AntiVirus 7.10.732 2009.05.11 -
Kaspersky 7.0.0.125 2009.05.12 Trojan-Spy.Win32.Zbot.tml
McAfee 5613 2009.05.12 -
McAfee+Artemis 5613 2009.05.12 -
McAfee-GW-Edition 6.7.6 2009.05.12 Trojan.Dropper.Gen
Microsoft 1.4602 2009.05.12 -
NOD32 4068 2009.05.12 -
Norman 6.01.05 2009.05.12 -
nProtect 2009.1.8.0 2009.05.12 -
Panda 10.0.0.14 2009.05.12 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.12 -
Rising 21.29.14.00 2009.05.12 -
Sophos 4.41.0 2009.05.12 Mal/Dorf-F
Sunbelt 3.2.1858.2 2009.05.12 -
Symantec 1.4.4.12 2009.05.12 -
TheHacker 6.3.4.1.325 2009.05.12 -
TrendMicro 8.950.0.1092 2009.05.12 -
VBA32 3.12.10.4 2009.05.12 -
ViRobot 2009.5.12.1731 2009.05.12 -
VirusBuster 4.6.5.0 2009.05.12 -
Additional information
File size: 384000 bytes
MD5...: 990bb9014035f42fdde62283632a4f96
SHA1..: ae5c7a1fc787760c2be8ec887452169144e1bcd3
SHA256: e4b6446ee122fb97448cd2e47abbcd86a1300dc339356a8f7510654bfd593082
SHA512: 4498bea56712b44620d8e064d1adb6015a242f258c25f89bd8a4bfbe0907ae1c
bae99d96774908af89d78d566bd047907b33616a98f640c481947afe290c76f2
ssdeep: 6144:XUWLbHZnQBuuYHHwsGA9oFG/zVLsvx9SDb4fUaasJn8UELgrF:kau0CPwNV
LsvQcWsqUmy
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x6207
timedatestamp.....: 0x47fa7367 (Mon Apr 07 19:17:59 2008)
machinetype.......: 0x14c (I386)
( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf740 0xf800 7.04 97d89224077d79aafb1a60549bd0ebe6
.rdata 0x11000 0x507e 0x200 0.48 3fd29e3c251758358bffd3f8484aa9d3
( 4 imports )
> KERNEL32.dll: GetUserDefaultUILanguage, GetLocalTime, CreateMutexW, VirtualAlloc, VirtualProtect, GetModuleHandleA
> ADVAPI32.dll: CryptGetHashParam, CryptAcquireContextW, RegCreateKeyExA, GetUserNameW, RegSetValueExA, RegEnumKeyExA
> SHLWAPI.dll: StrCmpNIA, StrStrW
> USER32.dll: CloseWindowStation, CharLowerBuffA
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post
kdyteejay
2009-05-13, 14:16
Hi Shaba,
I have already changed passwords from my 2nd pc. I will as suggested contact the relevant people.
Can we try to cleanse.
Sure :)
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt and a fresh HijackThis log in your next reply for further review.
kdyteejay
2009-05-14, 11:34
Hi Shaba,
ran combofix in live mode , not 'safe mode', is that what you wanted? I also ran disconnected from internet.
here are the reports:
1. combofix
ComboFix 09-05-09.05 - admin 14/05/2009 9:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1530 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-13 18:00 . 2009-05-13 18:30 -------- d-----w C:\xfer
2009-05-11 19:56 . 2009-05-11 19:57 -------- d-----w c:\program files\ERUNT
2009-05-10 22:07 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-10 15:24 . 2002-08-29 12:00 31232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
2009-05-10 15:23 . 2002-08-29 12:00 229439 -c--a-w c:\windows\system32\dllcache\multibox.dll
2009-05-10 15:22 . 2002-08-29 12:00 36864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
2009-05-10 15:21 . 2003-03-24 15:52 188480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\author.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\author.dll
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\admin.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\admin.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 ----a-w c:\windows\system32\catsrvut.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 09:35 . 2009-05-09 09:36 -------- d-----w C:\SAV32CLI
2009-05-08 18:18 . 2009-05-08 18:18 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-08 15:30 . 2009-05-08 15:30 -------- d-----w c:\windows\repair
2009-05-08 14:55 . 2002-08-29 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-08 14:52 . 2002-08-29 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-05-08 12:40 . 2009-05-08 12:40 45056 ----a-w c:\windows\system32\DeleteNotifyDll.dll
2009-05-08 12:37 . 2008-04-14 00:12 23040 ----a-w c:\windows\system32\AAP.DLL
2009-05-08 12:35 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\AAK.dll
2009-05-08 12:35 . 2009-02-09 12:10 617472 ----a-w c:\windows\system32\AAD.DLL
2009-05-08 12:34 . 2009-05-08 12:39 -------- d-----w c:\program files\Adware Away
2009-05-06 22:58 . 2009-05-06 22:58 75264 ----a-w c:\windows\internat.exe
2009-05-05 21:20 . 2009-05-05 23:01 -------- d-----w c:\program files\PXL Soft
2009-04-30 21:01 . 1999-10-15 11:50 1056768 ----a-w c:\windows\system32\ROBOEX32.DLL
2009-04-30 21:01 . 2006-07-22 18:37 49152 ----a-w c:\windows\system32\INETWH32.dll
2009-04-17 19:48 . 2008-09-17 13:24 49996376 ----a-w C:\avg_free_stf_en_8_169a1359.exe
2009-04-16 18:27 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 07:49 . 2007-03-12 10:38 144264 ----a-w c:\windows\system32\nvModes.dat
2009-05-10 15:37 . 2009-05-10 15:37 65024 ----a-w C:\calc.exe
2009-05-10 15:20 . 2004-08-11 17:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-10 15:18 . 2004-08-11 17:12 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-10 15:18 . 2009-05-10 15:18 1663 ----a-w c:\windows\inf\COM1ED.tmp
2009-05-08 18:30 . 2007-03-19 14:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 12:29 . 2008-11-30 12:53 -------- d-----w c:\program files\SpywareGuard
2009-05-02 17:04 . 2008-11-28 17:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-05-02 17:02 . 2008-11-29 20:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-04-30 21:18 . 2007-03-12 11:08 36368 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 21:01 . 2007-04-18 22:17 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-04-30 21:00 . 2007-04-18 22:17 -------- d-----w c:\program files\Ulead Systems
2009-04-30 21:00 . 2007-03-12 10:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 23:28 . 2007-06-07 19:46 -------- d-----w c:\program files\NO1 Video Converter
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\Windows Installer Clean Up
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\MSECACHE
2009-03-17 20:44 . 2009-03-17 20:36 -------- d-----w c:\program files\hkSFV
2009-03-06 14:44 . 2004-08-04 05:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 21:09 . 2009-03-02 21:09 2368 ----a-w c:\windows\system32\SVKP.sys
2009-02-20 08:30 . 2004-08-04 05:56 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-04 05:56 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-14 13:58 . 2009-02-14 13:58 664 ----a-w c:\windows\system32\d3d9caps.dat
2003-12-19 19:36 . 2007-06-12 21:56 40960 ----a-w c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-10_22.12.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 17:12 . 2008-10-16 14:08 34328 c:\windows\system32\wups.dll
+ 2004-08-04 05:56 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 50176 c:\windows\system32\utilman.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 05:56 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 05:56 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 55808 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-11 17:00 . 2009-05-14 07:53 81120 c:\windows\system32\perfc009.dat
- 2004-08-11 17:00 . 2009-05-10 21:45 81120 c:\windows\system32\perfc009.dat
+ 2004-08-04 05:56 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 53760 c:\windows\system32\narrator.exe
+ 2004-08-11 17:11 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 05:56 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 17:11 . 2004-08-04 05:56 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 05:56 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2004-08-04 05:56 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 72704 c:\windows\system32\magnify.exe
+ 2004-08-04 05:56 . 2008-06-10 08:17 96768 c:\windows\system32\logagent.exe
- 2004-08-04 05:56 . 2004-08-11 00:45 96768 c:\windows\system32\logagent.exe
+ 2004-08-04 05:56 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 96256 c:\windows\system32\inseng.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
+ 2004-08-11 17:12 . 2008-10-16 14:08 34328 c:\windows\system32\dllcache\wups.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 50176 c:\windows\system32\dllcache\utilman.exe
+ 2004-08-04 05:56 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-04 05:56 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 05:56 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-04 05:56 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 05:56 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 53760 c:\windows\system32\dllcache\narrator.exe
+ 2004-08-11 17:11 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-04 05:56 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-11 17:11 . 2004-08-04 05:56 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 05:56 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-04 05:56 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-04 05:56 . 2008-06-10 08:17 96768 c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 05:56 . 2004-08-11 00:45 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 05:56 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-11 17:12 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2004-08-11 17:12 . 2004-08-04 05:56 18432 c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-11 17:11 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-10 22:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-10 22:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-10 22:10 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-03-16 15:41 . 2009-05-14 07:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 17:11 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-04 05:56 . 2007-10-27 16:40 227328 c:\windows\system32\wmasf.dll
+ 2004-08-04 05:56 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 351232 c:\windows\system32\winhttp.dll
+ 2004-08-11 17:11 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 17:11 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 17:11 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 05:56 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
+ 2004-08-04 05:56 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 05:56 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 144896 c:\windows\system32\schannel.dll
+ 2004-08-04 05:56 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-11 17:00 . 2009-05-14 07:53 468916 c:\windows\system32\perfh009.dat
- 2004-08-11 17:00 . 2009-05-10 21:45 468916 c:\windows\system32\perfh009.dat
+ 2004-08-04 05:56 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 215552 c:\windows\system32\osk.exe
+ 2004-08-04 05:56 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 05:56 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2004-08-04 05:56 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-04 05:56 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 05:56 . 2007-12-18 14:40 450560 c:\windows\system32\jscript.dll
+ 2004-08-11 17:12 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 05:56 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 04:07 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 04:14 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 04:14 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2002-08-29 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-04 04:15 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 04:10 . 2008-06-13 13:10 272128 c:\windows\system32\drivers\bthport.sys
+ 2004-08-04 04:14 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 05:56 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2004-08-11 17:11 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-11 17:11 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2004-08-11 17:11 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 05:56 . 2007-10-27 16:40 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 05:56 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 05:56 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 04:07 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-04 04:14 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-04 05:56 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 04:14 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2004-08-04 05:56 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 05:56 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2004-08-04 05:56 . 2004-08-04 05:56 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 05:56 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2002-08-29 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
- 2004-08-04 05:56 . 2004-08-04 05:56 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 05:56 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 215552 c:\windows\system32\dllcache\osk.exe
+ 2004-08-04 05:56 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe
+ 2004-08-04 05:56 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 05:56 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 05:56 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-11 17:11 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2004-08-11 17:12 . 2004-08-04 05:56 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-11 17:12 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-05-10 21:48 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-04 05:56 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-04 05:56 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 05:56 . 2007-12-18 14:40 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-11 17:12 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 05:56 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-11 17:11 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 05:56 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 04:14 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
- 2004-08-04 05:56 . 2004-08-04 05:56 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 05:56 . 2006-08-16 11:58 100352 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 616960 c:\windows\system32\advapi32.dll
+ 2004-08-04 05:56 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 100352 c:\windows\system32\6to4svc.dll
+ 2004-08-04 05:56 . 2006-08-16 11:58 100352 c:\windows\system32\6to4svc.dll
+ 2009-05-11 19:58 . 2005-10-20 11:02 163328 c:\windows\ERDNT\11-05-2009\ERDNT.EXE
+ 2009-05-10 21:48 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-05-10 22:07 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
- 2009-05-08 18:13 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2009-05-10 21:49 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2004-08-04 05:57 . 2008-06-10 10:57 2364472 c:\windows\system32\WMVCore.dll
+ 2004-08-04 05:56 . 2008-06-10 10:37 1026048 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 04:17 . 2009-02-09 10:19 1846272 c:\windows\system32\win32k.sys
+ 2004-08-04 05:56 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-04 05:56 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 1287680 c:\windows\system32\quartz.dll
+ 2004-08-04 05:56 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2004-08-04 04:18 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 05:56 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 3059712 c:\windows\system32\mshtml.dll
+ 2004-08-11 17:06 . 2009-05-12 19:42 1455784 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 05:57 . 2008-06-10 10:57 2364472 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 05:56 . 2008-06-10 10:37 1026048 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-04 04:17 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 05:56 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 05:56 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 05:56 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2004-08-04 05:56 . 2004-08-04 05:56 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2009-05-10 21:49 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-05-10 21:49 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-05-10 21:49 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-05-10 21:49 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 05:56 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 3059712 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
+ 2004-08-04 05:56 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
+ 2009-05-10 21:49 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-05-10 21:49 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-05-10 21:49 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-05-10 21:49 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SYS32DLL"="SYS32DLL" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"eyeBeam SIP Client"="c:\program files\BT Broadband Talk Softphone\BTSoftphone.exe" [2006-07-31 19857408]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"internat"="c:\windows\internat.exe" [2009-05-06 75264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-11-19 99984]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 185896]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\pavuppad.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-1002\Scripts\Logon\0\0]
"Script"=remedylastlogin.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-3814\Scripts\Logon\0\0]
"Script"=remedylastlogin.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\VoiceLine SoftPhone\\VoiceLine.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [12/06/2007 22:59 9344]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15/05/2008 13:07 61424]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [19/03/2007 14:58 15793]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [02/03/2009 22:09 2368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [26/12/2008 14:44 3032360]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [13/08/2007 17:04 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [13/08/2007 17:04 23296]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [02/09/2008 17:56 178913]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [26/12/2008 14:44 15144]
S4 MSExchangeMGMT;Microsoft Exchange Management;c:\program files\Exchsrvr\bin\exmgmt.exe [16/03/2007 17:21 3117568]
.
Contents of the 'Scheduled Tasks' folder
2009-05-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {61628958-4627-48F4-99FD-30719188568D} - hxxp://www.ifrontiers.com/ActiveX/XCheck.CAB
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 09:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat = c:\windows\internat.exe????????????????????|?????????????P@?????? ??????? ??????S
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1316)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3884)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-14 9:29
ComboFix-quarantined-files.txt 2009-05-14 08:29
ComboFix2.txt 2009-05-11 17:28
ComboFix3.txt 2009-05-10 22:21
Pre-Run: 20,462,804,992 bytes free
Post-Run: 20,485,726,208 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
435 --- E O F --- 2009-05-12 17:00
2. HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:31:05, on 14/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 17065 bytes
Have you set this?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
kdyteejay
2009-05-14, 20:31
Not that I am aware of - what is it?
It is proxy server set in Internet explorer. If you haven't set it, we can remove it :)
kdyteejay
2009-05-14, 20:45
ok tell me what I have to do
Before that, this is the next step:
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
kdyteejay
2009-05-15, 00:02
Hi Shaba,
as requested
55mm v6 for Adobe Photoshop & Compatible Applications
Acronis*True*Image*Workstation
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Common File Installer
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
Adware Away v2.2.8.7
AHV content for Acrobat and Flash
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Artizen TMO PS Plugins 1.0
Avaya Integrated Management Administration Tools 3.1
AVI DivX MPEG to DVD Converter & Burner Pro 2.9
AVI DivX to DVD SVCD VCD Converter 2.2.2
Avidemux 2.4
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Bamboo Scribe 2.6
Bamboo Scribe Shared Files
BHA B's Recorder GOLD BASIC 7.57 (Update)
BitLord 1.1
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Advanced Control Suite
BT Broadband Desktop Help
BT Home Hub
BT Softphone 1.5.3.6
BT Wireless Connection Manager
BT Yahoo! Applications
Capture NX 2
Color Efex Pro 3.0 Complete
CombineZM
Conexant HDA D110 MDC V.92 Modem
CopyToDVD
Creative Live! Cam Center
Creative Live! Cam Vista IM Driver (1.01.03.1104)
Creative Live! Cam Vista IM User's Guide (English)
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
CyberLink PowerDVD 8
DameWare Mini Remote Control
Dell Support 3.2.1
Dfine 2.0
Dg Foto Art - Training
Digital Line Detect
Disc2Phone
DivX Codec
DivX Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
DVDFab Decrypter 3.0.8.6
DVD-RAM Driver
E.M. Youtube Video Download Tool 2.30
Easy CD Ripper 2.26
EPSON Printer Software
Ergo Print Monitor xp86
ERUNT 1.1j
FastStone Photo Resizer 2.6
File Uploader
FinePixViewer Ver.4.0
FixerBundle
Fuji Internet Printing
FUJIFILM USB Driver
Genuine Fractals 5.0
HandicapMaster Version 5
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
hkSFV (remove only)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 1.1 - Photosmart Cameras
ImageMixer VCD for FinePix
ImgBurn (Remove Only)
Intel(R) PROSet/Wireless Software
iPassConnect Corporate
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
K-Lite Codec Pack 2.34 Full
Leadbetter Interactive
LiveUpdate 1.80 (Symantec Corporation)
Magic ISO Maker v5.3 (build 0221)
MagicDisc 2.7.105
Map Button (Windows Live Toolbar)
Mask Pro 4.1
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Exchange
Microsoft Office Standard Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
MicroStaff WINASPI NT
mIWA
mLogView
mMHouse
Modem Helper
Motorola Software Update
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Multimedia Launcher
mWlsSafe
mWMI
mXML
mZConfig
neroxml
NetWaiting
Nikon Message Center
NVIDIA Drivers
Offline Course Player
PDF Settings
PDFCreator
Pen Tablet
PhotoFrame Pro 3.1
Photomatix Pro version 3.0.1
Picasa 2
Picture Control Utility
Portrait Professional Max 6.3
PowerISO
PowerProducer
QuickSet
QuickTime
RAW FILE CONVERTER LE
RAYflect Four Seasons 1.0
RealPlayer
Remote Administrator v2.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Sharpener Pro 3.0
Silver Efex Pro
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SmartSound Quicktracks Plugin
Sonic Activation Module
Sonic Update Manager
Sony Ericsson PC Suite 1.20.173
Spybot - Search & Destroy
Spyder2express
SpywareBlaster 4.1
SpywareGuard v2.2
SSC Service Utility v4.30
Super Screen Capture 4.0
Symantec AntiVirus
Symantec AntiVirus Client
SyncToy
TomTom HOME 2.5.2.60
Tone Mapping Plug-In 1.2
TorrentQ version 2.1.0.0
Total Video Converter 3.14 080930
Ulead PhotoImpact 12
Ulead VideoStudio 8.0
Update for Windows XP (KB925720)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VC_MergeModuleToMSI
VideoLAN VLC media player 0.8.6a
ViewNX
Visual Watermark 2.9.12
Viveza
Vodafone 804SS USB driver Software
Vodafone Mobile Connect
VoiceLine SoftPhone
WinAVI Video Converter
Windows Communication Foundation
Windows Installer Clean Up
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Server 2003 Service Pack 1 Administration Tools Pack
Windows Workflow Foundation
WinRAR archiver
WinZip
WP Pro 1.1
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitLord 1.1
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please run a new uninstall list scan when finished and post the log back here.
kdyteejay
2009-05-15, 09:49
done.
55mm v6 for Adobe Photoshop & Compatible Applications
Acronis*True*Image*Workstation
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Common File Installer
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
Adware Away v2.2.8.7
AHV content for Acrobat and Flash
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Artizen TMO PS Plugins 1.0
Avaya Integrated Management Administration Tools 3.1
AVI DivX MPEG to DVD Converter & Burner Pro 2.9
AVI DivX to DVD SVCD VCD Converter 2.2.2
Avidemux 2.4
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Bamboo Scribe 2.6
Bamboo Scribe Shared Files
BHA B's Recorder GOLD BASIC 7.57 (Update)
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Advanced Control Suite
BT Broadband Desktop Help
BT Home Hub
BT Softphone 1.5.3.6
BT Wireless Connection Manager
BT Yahoo! Applications
Capture NX 2
Color Efex Pro 3.0 Complete
CombineZM
Conexant HDA D110 MDC V.92 Modem
CopyToDVD
Creative Live! Cam Center
Creative Live! Cam Vista IM Driver (1.01.03.1104)
Creative Live! Cam Vista IM User's Guide (English)
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
CyberLink PowerDVD 8
DameWare Mini Remote Control
Dell Support 3.2.1
Dfine 2.0
Dg Foto Art - Training
Digital Line Detect
Disc2Phone
DivX Codec
DivX Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
DVDFab Decrypter 3.0.8.6
DVD-RAM Driver
E.M. Youtube Video Download Tool 2.30
Easy CD Ripper 2.26
EPSON Printer Software
Ergo Print Monitor xp86
ERUNT 1.1j
FastStone Photo Resizer 2.6
File Uploader
FinePixViewer Ver.4.0
FixerBundle
Fuji Internet Printing
FUJIFILM USB Driver
Genuine Fractals 5.0
HandicapMaster Version 5
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
hkSFV (remove only)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 1.1 - Photosmart Cameras
ImageMixer VCD for FinePix
ImgBurn (Remove Only)
Intel(R) PROSet/Wireless Software
iPassConnect Corporate
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
K-Lite Codec Pack 2.34 Full
Leadbetter Interactive
LiveUpdate 1.80 (Symantec Corporation)
Magic ISO Maker v5.3 (build 0221)
MagicDisc 2.7.105
Map Button (Windows Live Toolbar)
Mask Pro 4.1
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Exchange
Microsoft Office Standard Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
MicroStaff WINASPI NT
mIWA
mLogView
mMHouse
Modem Helper
Motorola Software Update
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Multimedia Launcher
mWlsSafe
mWMI
mXML
mZConfig
neroxml
NetWaiting
Nikon Message Center
NVIDIA Drivers
Offline Course Player
PDF Settings
PDFCreator
Pen Tablet
PhotoFrame Pro 3.1
Photomatix Pro version 3.0.1
Picasa 2
Picture Control Utility
Portrait Professional Max 6.3
PowerISO
PowerProducer
QuickSet
QuickTime
RAW FILE CONVERTER LE
RAYflect Four Seasons 1.0
RealPlayer
Remote Administrator v2.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Sharpener Pro 3.0
Silver Efex Pro
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SmartSound Quicktracks Plugin
Sonic Activation Module
Sonic Update Manager
Sony Ericsson PC Suite 1.20.173
Spybot - Search & Destroy
Spyder2express
SpywareBlaster 4.1
SpywareGuard v2.2
SSC Service Utility v4.30
Super Screen Capture 4.0
Symantec AntiVirus
Symantec AntiVirus Client
SyncToy
TomTom HOME 2.5.2.60
Tone Mapping Plug-In 1.2
TorrentQ version 2.1.0.0
Total Video Converter 3.14 080930
Ulead PhotoImpact 12
Ulead VideoStudio 8.0
Update for Windows XP (KB925720)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VC_MergeModuleToMSI
VideoLAN VLC media player 0.8.6a
ViewNX
Visual Watermark 2.9.12
Viveza
Vodafone 804SS USB driver Software
Vodafone Mobile Connect
VoiceLine SoftPhone
WinAVI Video Converter
Windows Communication Foundation
Windows Installer Clean Up
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Server 2003 Service Pack 1 Administration Tools Pack
Windows Workflow Foundation
WinRAR archiver
WinZip
WP Pro 1.1
Open HijackThis, click do a system scan only and checkmark these:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
Close all windows including browser and press fix checked.
Reboot.
Delete if present:
C:\WINDOWS\system32\pavuppad.exe
Empty Recycle Bin.
Post back a fresh HijackThis log, please.
kdyteejay
2009-05-15, 20:46
Hi Shaba,
I was unable to delete the file either in normal mode or in safe mode: message 'Cannot delete - being used by another person or program'.
Current situation after rebooting and attempting to delete the file is this
- when I boot in normal mode the following happens in this order
1. message saying ifrmewrk.exe application error - the application failed to initialize properly (0xc0000142). click ok to terminate
2.spywareguard browser protection alert: An attempt to change Internet Explorer settings has been detected. your internet explorer current user search bar has been changed from
http://www.microsoft.com/ispi/redir.dll?prd=iear=iesearch
to
<none>
I get the optio to accept or change back. I just close the window and do nothing
Here is the current HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:18, on 15/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 17623 bytes
1) is related to Intel(R) PROSet/Wireless. Uninstalling/reinstalling might help.
2) is normal one, you can ignore it.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\WINDOWS\system32\pavuppad.exe
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
kdyteejay
2009-05-15, 21:41
do this in live mode?
What do you mean by live mode?
kdyteejay
2009-05-15, 21:50
I mean when I startup the pc, I let it boot normally. I do not press F8 and start in safe mode
Yes, in normal mode, please.
kdyteejay
2009-05-15, 22:18
Hi Shaba,
log file as requested
ComboFix 09-05-09.05 - admin 15/05/2009 19:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1389 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\pavuppad.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.
2009-05-13 18:00 . 2009-05-13 18:30 -------- d-----w C:\xfer
2009-05-11 19:56 . 2009-05-11 19:57 -------- d-----w c:\program files\ERUNT
2009-05-10 22:07 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-10 15:24 . 2002-08-29 12:00 31232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
2009-05-10 15:23 . 2002-08-29 12:00 229439 -c--a-w c:\windows\system32\dllcache\multibox.dll
2009-05-10 15:22 . 2002-08-29 12:00 36864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
2009-05-10 15:21 . 2003-03-24 15:52 188480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\author.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\author.dll
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\admin.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\admin.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 ----a-w c:\windows\system32\catsrvut.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 09:35 . 2009-05-09 09:36 -------- d-----w C:\SAV32CLI
2009-05-08 18:18 . 2009-05-08 18:18 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-08 15:30 . 2009-05-08 15:30 -------- d-----w c:\windows\repair
2009-05-08 14:55 . 2002-08-29 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-08 14:52 . 2002-08-29 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-05-08 12:40 . 2009-05-08 12:40 45056 ----a-w c:\windows\system32\DeleteNotifyDll.dll
2009-05-08 12:37 . 2008-04-14 00:12 23040 ----a-w c:\windows\system32\AAP.DLL
2009-05-08 12:35 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\AAK.dll
2009-05-08 12:35 . 2009-02-09 12:10 617472 ----a-w c:\windows\system32\AAD.DLL
2009-05-08 12:34 . 2009-05-08 12:39 -------- d-----w c:\program files\Adware Away
2009-05-06 22:58 . 2009-05-06 22:58 75264 ----a-w c:\windows\internat.exe
2009-05-05 21:20 . 2009-05-05 23:01 -------- d-----w c:\program files\PXL Soft
2009-04-30 21:01 . 1999-10-15 11:50 1056768 ----a-w c:\windows\system32\ROBOEX32.DLL
2009-04-30 21:01 . 2006-07-22 18:37 49152 ----a-w c:\windows\system32\INETWH32.dll
2009-04-17 19:48 . 2008-09-17 13:24 49996376 ----a-w C:\avg_free_stf_en_8_169a1359.exe
2009-04-16 18:27 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 18:41 . 2007-03-12 10:38 144264 ----a-w c:\windows\system32\nvModes.dat
2009-05-15 06:45 . 2007-04-12 18:43 -------- d-----w c:\program files\BitLord
2009-05-10 15:37 . 2009-05-10 15:37 65024 ----a-w C:\calc.exe
2009-05-10 15:20 . 2004-08-11 17:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-10 15:18 . 2004-08-11 17:12 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-10 15:18 . 2009-05-10 15:18 1663 ----a-w c:\windows\inf\COM1ED.tmp
2009-05-08 18:30 . 2007-03-19 14:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 12:29 . 2008-11-30 12:53 -------- d-----w c:\program files\SpywareGuard
2009-05-02 17:04 . 2008-11-28 17:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-05-02 17:02 . 2008-11-29 20:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-04-30 21:18 . 2007-03-12 11:08 36368 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 21:01 . 2007-04-18 22:17 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-04-30 21:00 . 2007-04-18 22:17 -------- d-----w c:\program files\Ulead Systems
2009-04-30 21:00 . 2007-03-12 10:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 23:28 . 2007-06-07 19:46 -------- d-----w c:\program files\NO1 Video Converter
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\Windows Installer Clean Up
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\MSECACHE
2009-03-17 20:44 . 2009-03-17 20:36 -------- d-----w c:\program files\hkSFV
2009-03-06 14:44 . 2004-08-04 05:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 21:09 . 2009-03-02 21:09 2368 ----a-w c:\windows\system32\SVKP.sys
2009-02-20 08:30 . 2004-08-04 05:56 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-04 05:56 81920 ----a-w c:\windows\system32\ieencode.dll
2003-12-19 19:36 . 2007-06-12 21:56 40960 ----a-w c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-05-14_08.20.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 17:00 . 2009-05-14 07:53 81120 c:\windows\system32\perfc009.dat
+ 2004-08-11 17:00 . 2009-05-15 18:45 81120 c:\windows\system32\perfc009.dat
+ 2007-03-16 15:41 . 2009-05-15 18:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-15 18:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-15 18:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 17:00 . 2009-05-15 18:45 468916 c:\windows\system32\perfh009.dat
- 2004-08-11 17:00 . 2009-05-14 07:53 468916 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"eyeBeam SIP Client"="c:\program files\BT Broadband Talk Softphone\BTSoftphone.exe" [2006-07-31 19857408]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"internat"="c:\windows\internat.exe" [2009-05-06 75264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-11-19 99984]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 185896]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\pavuppad.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-1002\Scripts\Logon\0\0]
"Script"=remedylastlogin.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-3814\Scripts\Logon\0\0]
"Script"=remedylastlogin.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\VoiceLine SoftPhone\\VoiceLine.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [12/06/2007 22:59 9344]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15/05/2008 13:07 61424]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [19/03/2007 14:58 15793]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [02/03/2009 22:09 2368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [26/12/2008 14:44 3032360]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [13/08/2007 17:04 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [13/08/2007 17:04 23296]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [02/09/2008 17:56 178913]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [26/12/2008 14:44 15144]
S4 MSExchangeMGMT;Microsoft Exchange Management;c:\program files\Exchsrvr\bin\exmgmt.exe [16/03/2007 17:21 3117568]
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {61628958-4627-48F4-99FD-30719188568D} - hxxp://www.ifrontiers.com/ActiveX/XCheck.CAB
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 20:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat = c:\windows\internat.exe????????????????????|?????????????P@?????? ??????? ??????S
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(2492)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-15 20:14
ComboFix-quarantined-files.txt 2009-05-15 19:14
ComboFix2.txt 2009-05-14 08:29
ComboFix3.txt 2009-05-11 17:28
ComboFix4.txt 2009-05-10 22:21
Pre-Run: 20,438,478,848 bytes free
Post-Run: 20,417,626,112 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
231 --- E O F --- 2009-05-12 17:00
Is this a personal computer?
kdyteejay
2009-05-15, 22:39
yes it is
If it is, how would you explain these?
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-1002\Scripts\Logon\0\0]
"Script"=remedylastlogin.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-3814\Scripts\Logon\0\0]
"Script"=remedylastlogin.vbs
kdyteejay
2009-05-16, 10:12
Hi Shaba,
I have just taken early retirement from my job and was allowed to keep my laptop. If anything needs t be removed from it I will be happy to remove it.
Thank you for information.
Let's try this next:
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-1002\Scripts\Logon\0\0]
"Script"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2031643626-816787558-188441444-3814\Scripts\Logon\0\0]
"Script"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
kdyteejay
2009-05-16, 13:34
Hi Shaba,,log file as requested
ComboFix 09-05-09.05 - admin 16/05/2009 11:16.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1342 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-13 18:00 . 2009-05-13 18:30 -------- d-----w C:\xfer
2009-05-11 19:56 . 2009-05-11 19:57 -------- d-----w c:\program files\ERUNT
2009-05-10 22:07 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-10 15:24 . 2002-08-29 12:00 31232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
2009-05-10 15:23 . 2002-08-29 12:00 229439 -c--a-w c:\windows\system32\dllcache\multibox.dll
2009-05-10 15:22 . 2002-08-29 12:00 36864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
2009-05-10 15:21 . 2003-03-24 15:52 188480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\author.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\author.dll
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\admin.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\admin.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 ----a-w c:\windows\system32\catsrvut.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 09:35 . 2009-05-09 09:36 -------- d-----w C:\SAV32CLI
2009-05-08 18:18 . 2009-05-08 18:18 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-08 15:30 . 2009-05-08 15:30 -------- d-----w c:\windows\repair
2009-05-08 14:55 . 2002-08-29 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-08 14:52 . 2002-08-29 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-05-08 12:40 . 2009-05-08 12:40 45056 ----a-w c:\windows\system32\DeleteNotifyDll.dll
2009-05-08 12:37 . 2008-04-14 00:12 23040 ----a-w c:\windows\system32\AAP.DLL
2009-05-08 12:35 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\AAK.dll
2009-05-08 12:35 . 2009-02-09 12:10 617472 ----a-w c:\windows\system32\AAD.DLL
2009-05-08 12:34 . 2009-05-08 12:39 -------- d-----w c:\program files\Adware Away
2009-05-06 22:58 . 2009-05-06 22:58 75264 ----a-w c:\windows\internat.exe
2009-05-05 21:20 . 2009-05-05 23:01 -------- d-----w c:\program files\PXL Soft
2009-04-30 21:01 . 1999-10-15 11:50 1056768 ----a-w c:\windows\system32\ROBOEX32.DLL
2009-04-30 21:01 . 2006-07-22 18:37 49152 ----a-w c:\windows\system32\INETWH32.dll
2009-04-17 19:48 . 2008-09-17 13:24 49996376 ----a-w C:\avg_free_stf_en_8_169a1359.exe
2009-04-16 18:27 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 10:07 . 2007-03-12 10:38 144249 ----a-w c:\windows\system32\nvModes.dat
2009-05-15 06:45 . 2007-04-12 18:43 -------- d-----w c:\program files\BitLord
2009-05-10 15:37 . 2009-05-10 15:37 65024 ----a-w C:\calc.exe
2009-05-10 15:20 . 2004-08-11 17:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-10 15:18 . 2004-08-11 17:12 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-10 15:18 . 2009-05-10 15:18 1663 ----a-w c:\windows\inf\COM1ED.tmp
2009-05-08 18:30 . 2007-03-19 14:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 12:29 . 2008-11-30 12:53 -------- d-----w c:\program files\SpywareGuard
2009-05-02 17:04 . 2008-11-28 17:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-05-02 17:02 . 2008-11-29 20:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-04-30 21:18 . 2007-03-12 11:08 36368 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 21:01 . 2007-04-18 22:17 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-04-30 21:00 . 2007-04-18 22:17 -------- d-----w c:\program files\Ulead Systems
2009-04-30 21:00 . 2007-03-12 10:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 23:28 . 2007-06-07 19:46 -------- d-----w c:\program files\NO1 Video Converter
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\Windows Installer Clean Up
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\MSECACHE
2009-03-17 20:44 . 2009-03-17 20:36 -------- d-----w c:\program files\hkSFV
2009-03-06 14:44 . 2004-08-04 05:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 21:09 . 2009-03-02 21:09 2368 ----a-w c:\windows\system32\SVKP.sys
2009-02-20 08:30 . 2004-08-04 05:56 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-04 05:56 81920 ----a-w c:\windows\system32\ieencode.dll
2003-12-19 19:36 . 2007-06-12 21:56 40960 ----a-w c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-05-14_08.20.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 17:00 . 2009-05-14 07:53 81120 c:\windows\system32\perfc009.dat
+ 2004-08-11 17:00 . 2009-05-16 10:11 81120 c:\windows\system32\perfc009.dat
+ 2007-03-16 15:41 . 2009-05-16 10:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-16 10:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-16 10:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 17:00 . 2009-05-16 10:11 468916 c:\windows\system32\perfh009.dat
- 2004-08-11 17:00 . 2009-05-14 07:53 468916 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"eyeBeam SIP Client"="c:\program files\BT Broadband Talk Softphone\BTSoftphone.exe" [2006-07-31 19857408]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"internat"="c:\windows\internat.exe" [2009-05-06 75264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-11-19 99984]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 185896]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\pavuppad.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\VoiceLine SoftPhone\\VoiceLine.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [12/06/2007 22:59 9344]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15/05/2008 13:07 61424]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [19/03/2007 14:58 15793]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [02/03/2009 22:09 2368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [26/12/2008 14:44 3032360]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [13/08/2007 17:04 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [13/08/2007 17:04 23296]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [02/09/2008 17:56 178913]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [26/12/2008 14:44 15144]
S4 MSExchangeMGMT;Microsoft Exchange Management;c:\program files\Exchsrvr\bin\exmgmt.exe [16/03/2007 17:21 3117568]
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {61628958-4627-48F4-99FD-30719188568D} - hxxp://www.ifrontiers.com/ActiveX/XCheck.CAB
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 11:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat = c:\windows\internat.exe????????????????????|?????????????P@?????? ??????? ??????S
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(2228)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-16 11:24
ComboFix-quarantined-files.txt 2009-05-16 10:24
ComboFix2.txt 2009-05-15 19:14
ComboFix3.txt 2009-05-14 08:29
ComboFix4.txt 2009-05-11 17:28
ComboFix5.txt 2009-05-16 10:15
Pre-Run: 20,399,763,456 bytes free
Post-Run: 20,383,129,600 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
225 --- E O F --- 2009-05-12 17:00
OK, that didn't work.
Please disable spywareguard and try again.
kdyteejay
2009-05-16, 14:35
new log
ComboFix 09-05-09.05 - admin 16/05/2009 12:02.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1377 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-13 18:00 . 2009-05-13 18:30 -------- d-----w C:\xfer
2009-05-11 19:56 . 2009-05-11 19:57 -------- d-----w c:\program files\ERUNT
2009-05-10 22:07 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-10 15:24 . 2002-08-29 12:00 31232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
2009-05-10 15:23 . 2002-08-29 12:00 229439 -c--a-w c:\windows\system32\dllcache\multibox.dll
2009-05-10 15:22 . 2002-08-29 12:00 36864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
2009-05-10 15:21 . 2003-03-24 15:52 188480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\author.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\author.dll
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\admin.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\admin.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 ----a-w c:\windows\system32\catsrvut.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 09:35 . 2009-05-09 09:36 -------- d-----w C:\SAV32CLI
2009-05-08 18:18 . 2009-05-08 18:18 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-08 15:30 . 2009-05-08 15:30 -------- d-----w c:\windows\repair
2009-05-08 14:55 . 2002-08-29 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-08 14:52 . 2002-08-29 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-05-08 12:40 . 2009-05-08 12:40 45056 ----a-w c:\windows\system32\DeleteNotifyDll.dll
2009-05-08 12:37 . 2008-04-14 00:12 23040 ----a-w c:\windows\system32\AAP.DLL
2009-05-08 12:35 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\AAK.dll
2009-05-08 12:35 . 2009-02-09 12:10 617472 ----a-w c:\windows\system32\AAD.DLL
2009-05-08 12:34 . 2009-05-08 12:39 -------- d-----w c:\program files\Adware Away
2009-05-06 22:58 . 2009-05-06 22:58 75264 ----a-w c:\windows\internat.exe
2009-05-05 21:20 . 2009-05-05 23:01 -------- d-----w c:\program files\PXL Soft
2009-04-30 21:01 . 1999-10-15 11:50 1056768 ----a-w c:\windows\system32\ROBOEX32.DLL
2009-04-30 21:01 . 2006-07-22 18:37 49152 ----a-w c:\windows\system32\INETWH32.dll
2009-04-17 19:48 . 2008-09-17 13:24 49996376 ----a-w C:\avg_free_stf_en_8_169a1359.exe
2009-04-16 18:27 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 10:54 . 2007-03-12 10:38 144264 ----a-w c:\windows\system32\nvModes.dat
2009-05-15 06:45 . 2007-04-12 18:43 -------- d-----w c:\program files\BitLord
2009-05-10 15:37 . 2009-05-10 15:37 65024 ----a-w C:\calc.exe
2009-05-10 15:20 . 2004-08-11 17:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-10 15:18 . 2004-08-11 17:12 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-10 15:18 . 2009-05-10 15:18 1663 ----a-w c:\windows\inf\COM1ED.tmp
2009-05-08 18:30 . 2007-03-19 14:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 12:29 . 2008-11-30 12:53 -------- d-----w c:\program files\SpywareGuard
2009-05-02 17:04 . 2008-11-28 17:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-05-02 17:02 . 2008-11-29 20:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-04-30 21:18 . 2007-03-12 11:08 36368 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 21:01 . 2007-04-18 22:17 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-04-30 21:00 . 2007-04-18 22:17 -------- d-----w c:\program files\Ulead Systems
2009-04-30 21:00 . 2007-03-12 10:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 23:28 . 2007-06-07 19:46 -------- d-----w c:\program files\NO1 Video Converter
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\Windows Installer Clean Up
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\MSECACHE
2009-03-17 20:44 . 2009-03-17 20:36 -------- d-----w c:\program files\hkSFV
2009-03-06 14:44 . 2004-08-04 05:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 21:09 . 2009-03-02 21:09 2368 ----a-w c:\windows\system32\SVKP.sys
2009-02-20 08:30 . 2004-08-04 05:56 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-04 05:56 81920 ----a-w c:\windows\system32\ieencode.dll
2003-12-19 19:36 . 2007-06-12 21:56 40960 ----a-w c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-05-14_08.20.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 17:00 . 2009-05-14 07:53 81120 c:\windows\system32\perfc009.dat
+ 2004-08-11 17:00 . 2009-05-16 10:58 81120 c:\windows\system32\perfc009.dat
+ 2007-03-16 15:41 . 2009-05-16 10:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-16 10:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-16 10:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 17:00 . 2009-05-16 10:58 468916 c:\windows\system32\perfh009.dat
- 2004-08-11 17:00 . 2009-05-14 07:53 468916 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"eyeBeam SIP Client"="c:\program files\BT Broadband Talk Softphone\BTSoftphone.exe" [2006-07-31 19857408]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"internat"="c:\windows\internat.exe" [2009-05-06 75264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-11-19 99984]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 185896]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\pavuppad.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\VoiceLine SoftPhone\\VoiceLine.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [12/06/2007 22:59 9344]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15/05/2008 13:07 61424]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [19/03/2007 14:58 15793]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [02/03/2009 22:09 2368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [26/12/2008 14:44 3032360]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [13/08/2007 17:04 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [13/08/2007 17:04 23296]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [02/09/2008 17:56 178913]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [26/12/2008 14:44 15144]
S4 MSExchangeMGMT;Microsoft Exchange Management;c:\program files\Exchsrvr\bin\exmgmt.exe [16/03/2007 17:21 3117568]
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {61628958-4627-48F4-99FD-30719188568D} - hxxp://www.ifrontiers.com/ActiveX/XCheck.CAB
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 12:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat = c:\windows\internat.exe????????????????????|?????????????P@?????? ??????? ??????S
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1324)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(1208)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-16 12:32
ComboFix-quarantined-files.txt 2009-05-16 11:31
ComboFix2.txt 2009-05-16 10:24
ComboFix3.txt 2009-05-15 19:14
ComboFix4.txt 2009-05-14 08:29
ComboFix5.txt 2009-05-16 10:59
Pre-Run: 20,356,333,568 bytes free
Post-Run: 20,333,481,984 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
225 --- E O F --- 2009-05-12 17:00
Please rerun script in safe mode next.
kdyteejay
2009-05-16, 20:08
log from safe mode
ComboFix 09-05-09.05 - admin 16/05/2009 13:20.7 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1688 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-13 18:00 . 2009-05-13 18:30 -------- d-----w C:\xfer
2009-05-11 19:56 . 2009-05-11 19:57 -------- d-----w c:\program files\ERUNT
2009-05-10 22:07 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-10 15:24 . 2002-08-29 12:00 31232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys
2009-05-10 15:23 . 2002-08-29 12:00 229439 -c--a-w c:\windows\system32\dllcache\multibox.dll
2009-05-10 15:22 . 2002-08-29 12:00 36864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
2009-05-10 15:21 . 2003-03-24 15:52 188480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\author.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\author.dll
2009-05-10 15:21 . 2003-03-24 15:52 16439 -c--a-w c:\windows\system32\dllcache\admin.exe
2009-05-10 15:21 . 2003-03-24 15:52 20540 -c--a-w c:\windows\system32\dllcache\admin.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
2009-05-10 15:18 . 2004-08-04 05:56 628224 ----a-w c:\windows\system32\catsrvut.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-10 15:07 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-09 09:35 . 2009-05-09 09:36 -------- d-----w C:\SAV32CLI
2009-05-08 18:18 . 2009-05-08 18:18 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-08 18:11 . 2009-05-08 18:11 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-08 15:30 . 2009-05-08 15:30 -------- d-----w c:\windows\repair
2009-05-08 14:55 . 2002-08-29 12:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-05-08 14:52 . 2002-08-29 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-05-08 12:40 . 2009-05-08 12:40 45056 ----a-w c:\windows\system32\DeleteNotifyDll.dll
2009-05-08 12:37 . 2008-04-14 00:12 23040 ----a-w c:\windows\system32\AAP.DLL
2009-05-08 12:35 . 2009-03-21 14:06 989696 ----a-w c:\windows\system32\AAK.dll
2009-05-08 12:35 . 2009-02-09 12:10 617472 ----a-w c:\windows\system32\AAD.DLL
2009-05-08 12:34 . 2009-05-08 12:39 -------- d-----w c:\program files\Adware Away
2009-05-06 22:58 . 2009-05-13 17:38 -------- d-sh--w c:\windows\system32\bookls
2009-05-06 22:58 . 2009-05-06 22:58 75264 ----a-w c:\windows\internat.exe
2009-05-05 21:20 . 2009-05-05 23:01 -------- d-----w c:\program files\PXL Soft
2009-04-30 21:01 . 1999-10-15 11:50 1056768 ----a-w c:\windows\system32\ROBOEX32.DLL
2009-04-30 21:01 . 2006-07-22 18:37 49152 ----a-w c:\windows\system32\INETWH32.dll
2009-04-17 19:48 . 2008-09-17 13:24 49996376 ----a-w C:\avg_free_stf_en_8_169a1359.exe
2009-04-16 18:27 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 10:54 . 2007-03-12 10:38 144264 ----a-w c:\windows\system32\nvModes.dat
2009-05-15 06:45 . 2007-04-12 18:43 -------- d-----w c:\program files\BitLord
2009-05-10 15:37 . 2009-05-10 15:37 65024 ----a-w C:\calc.exe
2009-05-10 15:20 . 2004-08-11 17:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-10 15:18 . 2004-08-11 17:12 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-10 15:18 . 2009-05-10 15:18 1663 ----a-w c:\windows\inf\COM1ED.tmp
2009-05-08 18:30 . 2007-03-19 14:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 12:29 . 2008-11-30 12:53 -------- d-----w c:\program files\SpywareGuard
2009-05-02 17:04 . 2008-11-28 17:21 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-05-02 17:02 . 2008-11-29 20:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-04-30 21:18 . 2007-03-12 11:08 36368 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 21:01 . 2007-04-18 22:17 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-04-30 21:00 . 2007-04-18 22:17 -------- d-----w c:\program files\Ulead Systems
2009-04-30 21:00 . 2007-03-12 10:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 23:28 . 2007-06-07 19:46 -------- d-----w c:\program files\NO1 Video Converter
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\Windows Installer Clean Up
2009-03-18 08:31 . 2009-03-18 08:31 -------- d-----w c:\program files\MSECACHE
2009-03-17 20:44 . 2009-03-17 20:36 -------- d-----w c:\program files\hkSFV
2009-03-06 14:44 . 2004-08-04 05:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 21:09 . 2009-03-02 21:09 2368 ----a-w c:\windows\system32\SVKP.sys
2009-02-20 08:30 . 2004-08-04 05:56 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-04 05:56 81920 ----a-w c:\windows\system32\ieencode.dll
2003-12-19 19:36 . 2007-06-12 21:56 40960 ----a-w c:\program files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-05-14_08.20.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 17:00 . 2009-05-16 10:58 81120 c:\windows\system32\perfc009.dat
- 2004-08-11 17:00 . 2009-05-14 07:53 81120 c:\windows\system32\perfc009.dat
+ 2007-03-16 15:41 . 2009-05-16 12:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-16 12:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-03-16 15:41 . 2009-05-16 12:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-16 15:41 . 2009-05-14 07:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-11 17:00 . 2009-05-14 07:53 468916 c:\windows\system32\perfh009.dat
+ 2004-08-11 17:00 . 2009-05-16 10:58 468916 c:\windows\system32\perfh009.dat
+ 2004-08-04 05:56 . 2004-08-04 05:56 384000 c:\windows\system32\pavuppad.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2006-12-25 177664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"eyeBeam SIP Client"="c:\program files\BT Broadband Talk Softphone\BTSoftphone.exe" [2006-07-31 19857408]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"internat"="c:\windows\internat.exe" [2009-05-06 75264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-06-26 509224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-11-19 99984]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 185896]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\pavuppad.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\VoiceLine SoftPhone\\VoiceLine.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [12/06/2007 22:59 9344]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15/05/2008 13:07 61424]
S2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [19/03/2007 14:58 15793]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [02/03/2009 22:09 2368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [26/12/2008 14:44 3032360]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [13/08/2007 17:04 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [13/08/2007 17:04 23296]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [02/09/2008 17:56 178913]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [26/12/2008 14:44 15144]
S4 MSExchangeMGMT;Microsoft Exchange Management;c:\program files\Exchsrvr\bin\exmgmt.exe [16/03/2007 17:21 3117568]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {61628958-4627-48F4-99FD-30719188568D} - hxxp://www.ifrontiers.com/ActiveX/XCheck.CAB
DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} - hxxps://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 13:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat = c:\windows\internat.exe????????????????????|?????????????P@?????? ??????? ??????S
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(344)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-05-16 13:31
ComboFix-quarantined-files.txt 2009-05-16 12:30
ComboFix2.txt 2009-05-16 11:32
ComboFix3.txt 2009-05-16 10:24
ComboFix4.txt 2009-05-15 19:14
ComboFix5.txt 2009-05-16 12:18
Pre-Run: 22,493,933,568 bytes free
Post-Run: 22,474,129,408 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
218 --- E O F --- 2009-05-12 17:00
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:file
c:\windows\system32\pavuppad.exe
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
kdyteejay
2009-05-16, 21:30
ran in normal boot mode
SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 19:20 on 16/05/2009 by admin (Administrator - Elevation successful)
========== file ==========
c:\windows\system32\pavuppad.exe - Unable to find/read file.
I then ran in safe mode
SystemLook v1.0 by jpshortstuff (24.04.09)
Log created at 19:26 on 16/05/2009 by admin (Administrator - Elevation successful)
========== file ==========
c:\windows\system32\pavuppad.exe - Unable to find/read file.
-=End Of File=-
File is there - I checked
-=End Of File=-
So there is something fishy.
Download Avenger (http://swandog46.geekstogo.com/avenger2/download.php) by Swandog and unzip it to your Desktop.
Boot to safe mode.
Open Notepad and copy the contents of the following box to a new file.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,"
Save it as fix.reg (save type: "All files" (*.*)) to your desktop.
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Go to Desktop, double-click fix.reg and merge the infomation with the registry.
Open the Avenger folder and double click Avenger.exe to launch the programme.
Copy the text in the code box below and Paste it into the Input script here: box.
Files to delete:
c:\windows\system32\pavuppad.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Ensure the following:
Scan for Rootkits is checked.
Automatically disable any rootkits found is Unchecked.
Press the Execute key.
Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
Post the log back here please. (it can also be found at C:\avenger.txt)
kdyteejay
2009-05-17, 11:22
Hi Shba,
log file as requested
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\pavuppad.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Error: Script file not found!
Could not open script file! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Abort!
Good :)
Now please post back also a fresh HijackThis log.
kdyteejay
2009-05-17, 11:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42:51, on 17/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\admin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 14683 bytes
Please post a fresh HijackThis log taken in normal mode :)
kdyteejay
2009-05-17, 11:54
avenger ran on startup so I have attached log
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\pavuppad.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Error: Script file not found!
Could not open script file! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Abort!
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:51:55, on 17/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 17302 bytes
Please tell me next if this exists:
C:\WINDOWS\system32\pavuppad.exe
kdyteejay
2009-05-17, 12:02
Hi Shaba,
no trace in normal mode. Shall I check in safe mode?
No need.
Please then rerun fix.reg in normal mode, reboot and post back a fresh HijackThis log.
kdyteejay
2009-05-17, 13:20
Hi Shaba,
apologies but I ran in safe mode before you replied. I still see the file pavuppad.exe in this mode so I have reran the fix.reg and avenger again in safe mode. Here is the log from safe mode:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\pavuppad.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Error: Script file not found!
Could not open script file! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Abort!
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\pavuppad.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
I have rebooted in normal mode and again avenger ran. Here is the log
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\pavuppad.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Error: Script file not found!
Could not open script file! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Abort!
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\pavuppad.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
I then ran fix.reg and reran HJT. here is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:36, on 17/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 17283 bytes
That is not promising at all.
Are you able to keep infected computer totally offline and transfer logs/tools via another computer?
kdyteejay
2009-05-17, 13:29
Hi Shaba,
the infected pc has been offline and I have been downloading the tools you asked me to use via another pc and als communicating to you this way. I have been transferring everything via a usb stick. I have been using the usb stick to transfer the log files between pc's
I see.
So then let's check this:
Locate if present the following file & delete it:
C:\windows\ntbtlog.txt
Restart the computer
Just before the OS loading screen starts hit F8 as if going to safe mode.
From the advanced boot menu choose "enable boot logging" then hit enter.
Post the following file:
C:\windows\ntbtlog.txt
kdyteejay
2009-05-17, 13:47
Hi Shaba,
here is the data you requested. Sorry but I need to go to work now. I will check for your response when I return
Service Pack 2 5 17 2009 11:37:37.359
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver DRVMCDB.SYS
Loaded driver BsStor.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver timntr.sys
Loaded driver snapman.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\NETw3x32.sys
Loaded driver \SystemRoot\system32\DRIVERS\b57xp32.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\cdrbsdrv.SYS
Loaded driver \SystemRoot\system32\drivers\pfc.sys
Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS
Loaded driver \SystemRoot\System32\Drivers\DLACDBHM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\wacomvhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\WacomVKHid.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\odysseyIM3.sys
Loaded driver \SystemRoot\System32\Drivers\Pcouffin.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\omci.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\wacommousefilter.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\sthda.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSX_DPV.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Loaded driver \??\C:\Program Files\Symantec\SYMEVENT.SYS
Loaded driver \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\cdrbsvsd.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\Drivers\DLARTL_M.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\Drivers\Udfs.SYS
Loaded driver \SystemRoot\System32\Drivers\meiudf.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\SYMTDI.SYS
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver \SystemRoot\System32\Drivers\Tosrfcom.SYS
Loaded driver \SystemRoot\System32\Drivers\SCDEmu.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\Aspi32.SYS
Loaded driver \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
Loaded driver \SystemRoot\System32\Drivers\tcusb.sys
Loaded driver \SystemRoot\System32\Drivers\oz776.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\DRVNDDM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\tifsfilt.sys
Loaded driver \SystemRoot\System32\DLA\DLADResM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAIFS_M.SYS
Loaded driver \SystemRoot\System32\DLA\DLAOPIOM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAPoolM.SYS
Loaded driver \SystemRoot\System32\DLA\DLABMFSM.SYS
Loaded driver \SystemRoot\System32\DLA\DLABOIOM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAUDFAM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAUDF_M.SYS
Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdc80211.sys
Loaded driver \SystemRoot\system32\DRIVERS\s24trans.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
Loaded driver \??\C:\WINDOWS\system32\SVKP.sys
Loaded driver \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \??\C:\PROGRA~1\SYMANT~2\SYMANT~1\NAVAP.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090508.003\NAVEX15.sys
Loaded driver \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090508.003\NAVENG.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Please download OTViewIt (http://oldtimer.geekstogo.com/OTViewIt.exe) by OldTimer... save it to your desktop.
Double click on OTViewIt.exe to run it.
Click on the Run Scan...button.
When completed...2 files will be produced.
Notepad will open a with the contents of file named "OTViewIt.Txt".
Another log file named "Extras.Txt" will also created.
Note: The files are created in the same location where OTViewIt is run. If you ran OTViewIt from your desktop... these files will be on your desktop.
Please post the contents of both log files: "OTViewIt.Txt" and "Extras.Txt" in your next reply.
kdyteejay
2009-05-17, 23:22
having to split reports up due to size:
OTViewIt logfile created on: 17/05/2009 20:57:33 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.98% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 19.01 Gb Free Space | 25.53% Space Free | Partition Type: NTFS
Drive D: | 692.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 1.16 Gb Free Space | 15.59% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AASTJONESD620XP
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2006/10/18 19:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2006/10/18 18:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2006/10/18 19:01:34 | 00,290,816 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2006/07/19 20:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2006/07/19 20:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2003/05/21 02:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[2003/05/23 05:38:26 | 00,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2006/12/15 05:01:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2008/08/29 00:53:18 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
[2003/06/20 05:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/06/29 13:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[2003/05/21 02:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[2006/01/19 09:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/10/18 18:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2008/05/01 23:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2007/02/05 16:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2009/02/06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/02/05 16:32:28 | 00,182,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2008/05/01 23:41:38 | 00,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
[2008/05/01 23:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
[2004/08/04 06:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/10/07 13:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2006/10/18 19:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2004/06/28 22:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
[2005/07/27 15:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2006/10/18 18:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2006/07/19 20:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2006/07/21 17:19:46 | 00,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
[2007/06/26 14:48:14 | 00,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
[2006/03/03 14:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
[2003/05/21 02:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[2007/12/08 17:19:42 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/08/17 09:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
[2008/03/20 21:23:22 | 00,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
[2008/05/19 21:24:46 | 00,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
[2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[2006/03/24 17:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2004/08/04 06:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2005/10/27 11:00:22 | 00,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe
[2006/10/18 18:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2007/02/16 13:20:32 | 00,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
[2007/02/05 16:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[2003/08/29 20:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
[2007/08/30 18:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2007/02/05 16:31:10 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe
[2009/05/17 20:49:06 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/03/20 22:15:06 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
[2005/08/30 18:36:00 | 00,188,416 | ---- | M] (Cambridge Silicon Radio) -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service [Disabled | Stopped])
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2006/07/19 20:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2006/07/19 20:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/05/21 02:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2003/05/23 05:38:26 | 00,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2006/12/15 05:01:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
[2006/10/18 19:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2007/11/04 22:15:19 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/01/04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2002/08/07 10:04:28 | 01,541,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/08/29 00:53:18 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
[2003/06/20 05:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2003/06/24 08:00:00 | 03,117,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT [Disabled | Stopped])
[2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/06/29 13:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
File not found -- -- (NMIndexingService [Disabled | Stopped])
[2003/05/21 02:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
[2006/01/19 09:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 18:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/10/18 18:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2006/10/18 18:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2006/08/07 17:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2006/04/11 18:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
[2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2006/09/27 21:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [On_Demand | Stopped])
[2008/05/01 23:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen [Auto | Running])
[2004/02/26 09:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 19:01:34 | 00,290,816 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2007/02/05 16:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])
[2003/05/19 17:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService [On_Demand | Stopped])
========== Driver Services ==========
[2004/08/03 23:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2007/03/12 12:01:20 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/10/08 02:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2002/08/29 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2005/09/28 19:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2002/08/29 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2002/08/29 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2003/06/13 04:04:10 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [System | Running])
[2004/08/03 23:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2005/11/10 10:25:14 | 00,142,720 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2002/06/06 01:07:00 | 00,009,344 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\BsStor.sys -- (BsStor [Boot | Running])
[2006/02/20 11:17:40 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running])
[2003/12/03 09:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [System | Running])
[2002/08/29 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2002/04/02 16:30:16 | 00,033,024 | ---- | M] (Colorvision Inc) -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2 [On_Demand | Stopped])
[2002/08/29 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
[2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2005/03/31 15:14:16 | 00,026,496 | ---- | M] (Option N.V.) -- C:\WINDOWS\system32\drivers\g3grumdm.sys -- (G3GRUMDM [On_Demand | Stopped])
[2005/03/31 15:14:16 | 00,023,296 | ---- | M] (Option N.V.) -- C:\WINDOWS\system32\drivers\g3gruser.sys -- (G3GRUSER [On_Demand | Stopped])
[2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/01/28 15:23:36 | 00,061,312 | ---- | M] (O2Micro) -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2 [On_Demand | Running])
[2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/12/01 01:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/12/01 01:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2005/06/03 13:46:52 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus [On_Demand | Stopped])
[2005/06/03 13:46:58 | 00,006,576 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped])
[2005/06/03 13:47:00 | 00,089,872 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm [On_Demand | Stopped])
[2005/06/03 13:47:04 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
[2005/06/03 13:47:06 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex [On_Demand | Stopped])
[2004/08/04 04:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/07/28 17:19:28 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Stopped])
[2007/03/19 14:58:29 | 00,015,793 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc80211.sys -- (MDC80211 [Auto | Running])
[2005/10/04 22:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2003/10/24 05:53:14 | 00,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2002/08/29 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/08/29 00:53:18 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [Disabled | Stopped])
[2008/08/29 00:53:18 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [Disabled | Stopped])
[2004/08/03 23:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2003/05/02 22:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Running])
[2003/05/02 22:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL [Auto | Running])
[2009/05/08 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VIRUSD~1\20090508.003\naveng.sys -- (NAVENG [On_Demand | Running])
[2009/05/08 09:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VIRUSD~1\20090508.003\navex15.sys -- (NAVEX15 [On_Demand | Running])
[2006/10/16 21:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2006/01/19 09:14:00 | 03,595,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/11/18 07:01:34 | 00,062,673 | ---- | M] (Funk Software, Inc.) -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3 [On_Demand | Running])
[2004/02/13 10:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2002/11/23 03:39:23 | 00,032,160 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
[2004/01/31 03:40:08 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2002/08/29 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/09 06:05:48 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2002/08/29 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2002/08/29 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2002/08/29 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2006/10/19 10:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2006/09/06 15:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Stopped])
[2006/09/06 15:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2007/04/09 13:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2004/07/17 17:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2007/03/20 12:14:17 | 00,099,776 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [Boot | Running])
[2002/08/29 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2006/04/11 18:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2007/09/14 22:47:52 | 00,685,816 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Stopped])
[2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2006/03/24 17:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2009/03/02 22:09:41 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\system32\SVKP.sys -- (SVKP [Auto | Running])
[2002/08/29 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2002/08/29 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2006/08/07 17:01:56 | 00,012,992 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Stopped])
[2006/09/18 18:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2006/08/07 17:02:02 | 00,110,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Stopped])
[2006/08/07 17:02:18 | 00,031,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Stopped])
[2006/08/07 17:02:14 | 00,028,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Stopped])
[2006/08/07 17:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])
[2006/08/07 17:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2002/08/29 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2002/08/29 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/01/16 10:36:40 | 00,028,800 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2007/03/20 12:14:20 | 00,032,288 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Running])
[2007/03/20 12:14:20 | 00,388,000 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [Boot | Running])
[2006/06/13 12:22:58 | 00,111,232 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd [On_Demand | Stopped])
[2005/08/01 17:45:08 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom [System | Stopped])
[2006/05/29 14:11:20 | 00,060,672 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid [On_Demand | Stopped])
[2006/06/09 22:40:00 | 00,040,192 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb [On_Demand | Stopped])
[2002/08/29 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/03 23:45:48 | 00,178,913 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0260Vid.sys -- (V0260VID [On_Demand | Stopped])
[2008/03/17 21:14:52 | 00,015,144 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Stopped])
[2007/02/16 20:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
[2008/01/15 21:11:46 | 00,013,480 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
[2007/02/16 01:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
[2005/12/01 01:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 07:05:44 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2008/05/15 13:07:00 | 00,061,424 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
"Default_Page_URL"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local;<local>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=msn
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local;<local>
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (HKLM) -- C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
kdyteejay
2009-05-17, 23:24
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{FE063DB9-4EC0-403E-8DD8-394C54984B2C}" (HKLM) -- C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
"{FE063DB9-4EC0-403E-8DD8-394C54984B2C}" (HKLM) -- C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVHotkey"=rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet ()
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" ()
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" (Cyberlink Corp.)
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"vptray"=C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe (Symantec Corporation)
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart (Yahoo! Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
"EPSON Stylus Photo R220 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
"eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" ()
"internat"=C:\WINDOWS\internat.exe ()
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
========== (O4) Startup Folders ==========
[2003/08/29 20:05:35 | 00,360,448 | ---- | M] () -- C:\Documents and Settings\admin\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
[2007/02/05 16:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoCDBurning"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"EditLevel"=0
"NoFileMenu"=0
"NoCommonGroups"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoRun"=0
"NoClose"=0
"NoSaveSettings"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2009/03/02 15:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: BT Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2007/03/12 15:02:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened.
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll -- Installation Support
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}: http://www.microquiz.eu/ImageUploader5.cab -- Image Uploader Control
{61628958-4627-48F4-99FD-30719188568D}: http://www.ifrontiers.com/ActiveX/XCheck.CAB -- XCheck Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946 -- MUWebControl Class
{6E5E167B-1566-4316-B27F-0DDAB3484CF7}: http://www.microquiz.eu/ImageUploader4.cab -- Image Uploader Control
{7FC1B346-83E6-4774-8D20-1A6B09B0E737}: http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab -- Windows Live Photo Upload Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{E33968CE-FF77-4DC3-A052-2921C0D60177}: https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab -- LoaderOnline Class
{F137B9BA-89EA-4B04-9C67-2074A9DF61FD}: http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab? -- Photo Upload Plugin Class
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab -- Creative Software AutoUpdate Support Package
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
========== (O17) DNS Name Servers ==========
{49F1A700-EBEB-48CB-8D44-BC117B134704} (Servers: | Description: )
{DDED692B-0923-4F7D-89A2-26AC23E2F305} (Servers: | Description: )
{EC745C70-080F-444F-A411-593D311AFB8A} (Servers: | Description: Intel(R) PRO/Wireless 3945ABG Network Connection)
{FB546E9D-4931-4AC8-A9A4-462E1A837DAA} (Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller)
========== (O19) User Style Sheets ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]
========== (O20) HKLM Winlogon Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
>File not found -- C:\WINDOWS\system32\pavuppad.exe
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll ()
WgaLogon: "DllName" = WgaLogon.dll -- File not found
========== Shell Execute Hooks ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
========== LSA *Authentication Packages* ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,relog_ap,
>[2006/05/19 16:57:58 | 00,008,704 | ---- | M] (Acronis) -- C:\WINDOWS\system32\relog_ap.dll
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2004/08/11 18:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
AUTORUN.INF [[autorun] | Icon=POWERMIX.ico | open=Programs\nu2menu\nu2menu.exe | ]
[2006/02/11 21:00:00 | 00,000,063 | R--- | M] () -- D:\AUTORUN.INF -- [ CDFS ]
========== Files/Folders - Created Within 30 Days ==========
[7 C:\WINDOWS\*.tmp files]
[2009/05/17 20:57:07 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTViewIt.exe
[2009/05/17 11:48:01 | 00,000,268 | -H-- | C] () -- C:\sqmdata11.sqm
[2009/05/17 11:48:01 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2009/05/17 11:36:48 | 00,000,268 | -H-- | C] () -- C:\sqmdata10.sqm
[2009/05/17 11:36:48 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2009/05/17 11:10:49 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2009/05/17 11:10:49 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2009/05/17 11:04:27 | 21,455,09376 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/17 10:30:52 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2009/05/17 10:30:52 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2009/05/17 09:13:24 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/05/17 09:10:02 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\avenger.exe
[2009/05/17 09:10:02 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\fix.reg
[2009/05/16 19:32:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\holding area
[2009/05/16 19:22:05 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2009/05/16 19:22:05 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2009/05/16 19:19:41 | 00,092,672 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\SystemLook.exe
[2009/05/16 13:31:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/16 13:19:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/16 13:18:32 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/15 18:43:05 | 00,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2009/05/15 18:43:05 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2009/05/15 18:11:05 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2009/05/15 18:11:05 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2009/05/15 18:05:23 | 00,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2009/05/15 18:05:23 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2009/05/15 07:48:36 | 00,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2009/05/15 07:48:36 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2009/05/14 21:59:20 | 00,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2009/05/14 21:59:20 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2009/05/14 09:30:48 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\admin\Desktop\HijackThis.exe
[2009/05/13 19:31:37 | 00,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2009/05/13 19:31:37 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2009/05/13 19:00:06 | 00,000,000 | ---D | C] -- C:\xfer
[2009/05/11 20:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/10 23:00:39 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/10 23:00:36 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/10 23:00:27 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/10 22:58:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/10 22:58:37 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/10 22:58:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/10 22:58:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/10 22:58:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/10 22:58:37 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/10 22:58:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/10 22:58:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/10 22:58:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/10 22:58:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/10 22:57:50 | 00,000,283 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Win32.Agent.pz problem - Safer Networking Forums.url
[2009/05/10 22:56:39 | 03,019,817 | R--- | C] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2009/05/10 22:49:22 | 02,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/10 22:49:22 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/10 22:49:22 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/05/10 22:49:22 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/10 22:48:57 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/10 16:29:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/10 16:24:50 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/05/10 16:24:49 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/05/10 16:24:49 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/05/10 16:24:48 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/05/10 16:24:47 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/05/10 16:24:47 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/05/10 16:24:46 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/05/10 16:24:46 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/05/10 16:24:46 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/05/10 16:24:45 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/05/10 16:24:45 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/05/10 16:24:45 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/05/10 16:24:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/05/10 16:24:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/05/10 16:24:44 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/05/10 16:24:44 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/05/10 16:24:44 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/05/10 16:24:43 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/05/10 16:24:41 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/05/10 16:24:41 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/05/10 16:24:40 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/05/10 16:24:40 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/05/10 16:24:38 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/05/10 16:24:38 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/05/10 16:24:38 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/05/10 16:24:38 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/05/10 16:24:37 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/05/10 16:24:37 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/05/10 16:24:37 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/05/10 16:24:36 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/05/10 16:24:36 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/05/10 16:24:34 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/05/10 16:24:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/05/10 16:24:33 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/05/10 16:24:33 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/05/10 16:24:32 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/05/10 16:24:30 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/05/10 16:24:30 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/05/10 16:24:30 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/05/10 16:24:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/05/10 16:24:29 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/05/10 16:24:29 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/05/10 16:24:29 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/05/10 16:24:29 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/05/10 16:24:29 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/05/10 16:24:29 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/05/10 16:24:28 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/05/10 16:24:28 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/05/10 16:24:27 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/05/10 16:24:27 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/05/10 16:24:27 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/05/10 16:24:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/05/10 16:24:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/05/10 16:24:26 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/05/10 16:24:26 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/05/10 16:24:26 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/05/10 16:24:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/05/10 16:24:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/05/10 16:24:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/05/10 16:24:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/05/10 16:24:25 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/05/10 16:24:25 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/05/10 16:24:25 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/05/10 16:24:25 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/05/10 16:24:25 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/05/10 16:24:24 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/05/10 16:24:17 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/05/10 16:24:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/05/10 16:24:15 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/05/10 16:24:15 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/05/10 16:24:15 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/05/10 16:24:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/05/10 16:24:14 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/05/10 16:24:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/05/10 16:24:13 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/05/10 16:24:13 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/05/10 16:24:11 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/05/10 16:24:11 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/05/10 16:24:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/05/10 16:24:10 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/05/10 16:24:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/05/10 16:24:08 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/05/10 16:24:08 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/05/10 16:24:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/05/10 16:24:07 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/05/10 16:24:07 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
kdyteejay
2009-05-17, 23:25
[2009/05/10 16:24:07 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/05/10 16:24:07 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/05/10 16:24:07 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/05/10 16:24:06 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/05/10 16:24:06 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/05/10 16:24:05 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/05/10 16:24:05 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/05/10 16:24:05 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/05/10 16:24:04 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/05/10 16:24:04 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/05/10 16:24:01 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/05/10 16:24:00 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/05/10 16:24:00 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/05/10 16:23:57 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/05/10 16:23:56 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/05/10 16:23:53 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/05/10 16:23:52 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/05/10 16:23:44 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/05/10 16:23:44 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/05/10 16:23:44 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/05/10 16:23:43 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/05/10 16:23:43 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/05/10 16:23:43 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/05/10 16:23:42 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/05/10 16:23:41 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/05/10 16:23:41 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/05/10 16:23:41 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/05/10 16:23:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/05/10 16:23:40 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/05/10 16:23:38 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/05/10 16:23:38 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/05/10 16:23:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/05/10 16:23:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/05/10 16:23:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/05/10 16:23:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/05/10 16:23:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/05/10 16:23:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/05/10 16:23:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/05/10 16:23:36 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/05/10 16:23:36 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/05/10 16:23:36 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/05/10 16:23:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/05/10 16:23:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/05/10 16:23:35 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/05/10 16:23:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/05/10 16:23:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/05/10 16:23:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/05/10 16:23:34 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/05/10 16:23:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/05/10 16:23:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/05/10 16:23:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/05/10 16:23:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/05/10 16:23:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/05/10 16:23:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/05/10 16:23:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/05/10 16:23:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/05/10 16:23:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/05/10 16:23:33 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/05/10 16:23:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/05/10 16:23:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/05/10 16:23:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/05/10 16:23:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/05/10 16:23:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/05/10 16:23:32 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/05/10 16:23:31 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/05/10 16:23:31 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/05/10 16:23:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/05/10 16:23:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/05/10 16:23:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/05/10 16:23:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/05/10 16:23:30 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/05/10 16:23:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/05/10 16:23:29 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/05/10 16:23:28 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/05/10 16:23:28 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/05/10 16:23:28 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/05/10 16:23:27 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/05/10 16:23:27 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/05/10 16:23:26 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/05/10 16:23:26 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/05/10 16:23:26 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/05/10 16:23:26 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/05/10 16:23:26 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/05/10 16:23:25 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/05/10 16:23:25 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/05/10 16:23:25 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/05/10 16:23:25 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/05/10 16:23:25 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/05/10 16:23:24 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/05/10 16:23:24 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/05/10 16:23:24 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/05/10 16:23:24 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/05/10 16:23:24 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/05/10 16:23:23 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/05/10 16:23:23 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/05/10 16:23:23 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/05/10 16:23:23 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/05/10 16:23:23 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/05/10 16:23:22 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/05/10 16:23:22 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/05/10 16:23:22 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/05/10 16:23:22 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/05/10 16:23:22 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/05/10 16:23:21 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/05/10 16:23:21 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/05/10 16:23:21 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/05/10 16:23:21 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/05/10 16:23:21 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/05/10 16:23:14 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/05/10 16:23:07 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/05/10 16:23:01 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/05/10 16:23:01 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/05/10 16:23:01 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/05/10 16:23:01 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/05/10 16:23:00 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/05/10 16:22:59 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/05/10 16:22:59 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/05/10 16:22:59 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/05/10 16:22:56 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/05/10 16:22:56 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/05/10 16:22:56 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/05/10 16:22:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/05/10 16:22:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/05/10 16:22:55 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/05/10 16:22:55 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/05/10 16:22:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/05/10 16:22:54 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/05/10 16:22:53 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/05/10 16:22:53 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/05/10 16:22:53 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/05/10 16:22:53 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/05/10 16:22:52 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/05/10 16:22:52 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/05/10 16:22:52 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/05/10 16:22:52 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/05/10 16:22:44 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/05/10 16:22:44 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/05/10 16:22:42 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/05/10 16:22:42 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/05/10 16:22:41 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/05/10 16:22:41 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/05/10 16:22:41 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/05/10 16:22:40 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/05/10 16:22:39 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/05/10 16:22:38 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/05/10 16:22:38 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/05/10 16:22:38 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/05/10 16:22:38 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/05/10 16:22:38 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/05/10 16:22:37 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/05/10 16:22:37 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/05/10 16:22:36 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/05/10 16:22:36 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/05/10 16:22:36 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/05/10 16:22:36 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/05/10 16:22:36 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/05/10 16:22:35 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/05/10 16:22:35 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/05/10 16:22:35 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/05/10 16:22:34 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/05/10 16:22:25 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/05/10 16:22:23 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/05/10 16:22:22 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/05/10 16:22:21 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/05/10 16:22:21 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/05/10 16:22:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/05/10 16:22:20 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/05/10 16:22:20 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/05/10 16:22:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/05/10 16:22:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/05/10 16:22:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/05/10 16:22:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/05/10 16:22:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/05/10 16:22:18 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/05/10 16:22:17 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/05/10 16:22:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/05/10 16:22:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/05/10 16:22:16 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/05/10 16:22:10 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/05/10 16:22:10 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/05/10 16:22:09 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/05/10 16:22:09 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/05/10 16:22:03 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/05/10 16:22:02 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/05/10 16:22:02 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/05/10 16:22:02 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/05/10 16:22:02 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/05/10 16:22:02 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/05/10 16:22:01 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/05/10 16:22:01 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/05/10 16:22:01 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/05/10 16:22:01 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/05/10 16:22:01 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/05/10 16:22:01 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/05/10 16:22:01 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/05/10 16:22:00 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/05/10 16:22:00 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/05/10 16:22:00 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/05/10 16:21:59 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/05/10 16:21:59 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/05/10 16:21:59 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/05/10 16:21:58 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/05/10 16:21:57 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/05/10 16:18:17 | 00,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2009/05/10 16:18:17 | 00,628,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/05/10 16:07:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/05/10 16:07:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/05/10 16:07:02 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/05/10 16:07:02 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/05/10 16:06:51 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/05/10 16:06:51 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/05/10 16:06:51 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/05/10 16:06:51 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/05/10 16:06:51 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/05/10 16:06:51 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/05/10 16:06:51 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/05/10 16:06:51 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/05/10 16:06:51 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/05/10 16:06:51 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/05/10 16:06:51 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/05/10 16:06:51 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/05/10 16:06:51 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/05/10 16:06:51 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/05/10 16:06:51 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/05/10 16:06:50 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/05/10 16:06:50 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/05/10 16:06:50 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/05/09 10:35:52 | 00,000,000 | ---D | C] -- C:\SAV32CLI
[2009/05/08 19:26:45 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/08 19:18:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/08 19:11:09 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/05/08 19:11:09 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/05/08 19:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/05/08 19:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/05/08 16:30:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/05/08 15:55:05 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/05/08 15:52:56 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/05/08 15:40:36 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/05/08 13:40:23 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DeleteNotifyDll.dll
[2009/05/08 13:37:39 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AAP.DLL
[2009/05/08 13:35:12 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AAK.dll
[2009/05/08 13:35:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\AAD.DLL
[2009/05/08 13:34:06 | 00,000,255 | ---- | C] () -- C:\WINDOWS\System32\ad_away.lic
[2009/05/08 13:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\Adware Away
[2009/05/08 13:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\SpyWare
[2009/05/08 13:09:42 | 03,847,837 | ---- | C] () -- C:\xfer\My Documents\AutoRuns 1.arn
[2009/05/07 08:13:41 | 03,309,030 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\virus print.rtf
[2009/05/07 00:33:21 | 06,291,456 | -H-- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2009/05/06 23:59:32 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/06 23:58:34 | 00,075,264 | ---- | C] () -- C:\WINDOWS\internat.exe
[2009/05/05 22:29:19 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Twunk001.MTX
[2009/05/05 22:29:19 | 00,000,002 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx
[2009/05/05 22:29:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Twunk002.MTX
[2009/05/05 22:20:34 | 00,000,000 | ---D | C] -- C:\Program Files\PXL Soft
[2009/05/05 07:36:06 | 00,000,091 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Rapid Share Search.url
[2009/04/30 22:31:26 | 31,425,467 | ---- | C] () -- C:\xfer\My Documents\Ulead PhotoImpact 12 User Manual.pdf
[2009/04/30 22:01:03 | 01,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2009/04/30 22:01:03 | 00,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2009/04/29 22:46:12 | 00,053,518 | ---- | C] () -- C:\456px-Calliphora_head_2.jpg
[2009/04/21 20:46:18 | 31,463,086 | ---- | C] () -- C:\xfer\My Documents\Belkin g plus router f5d7231-4.pdf
[2009/04/17 21:31:19 | 00,014,119 | ---- | C] () -- C:\WINDOWS\System32\xma
========== Files - Modified Within 30 Days ==========
[7 C:\WINDOWS\*.tmp files]
[2009/05/17 21:01:02 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/05/17 20:57:05 | 00,144,264 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/05/17 20:55:37 | 00,468,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 20:55:36 | 00,560,512 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 20:55:36 | 00,081,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 20:53:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/05/17 20:51:07 | 00,144,264 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/05/17 20:51:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 20:50:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 20:50:53 | 21,455,09376 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/17 20:49:06 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTViewIt.exe
[2009/05/17 11:48:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/05/17 11:48:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/05/17 11:36:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/05/17 11:36:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/05/17 11:10:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/17 11:10:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/17 10:30:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/17 10:30:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/17 08:53:54 | 00,000,162 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\fix.reg
[2009/05/16 19:22:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/16 19:22:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/16 19:13:34 | 00,092,672 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\SystemLook.exe
[2009/05/16 13:26:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/15 18:43:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/15 18:43:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/15 18:11:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/15 18:11:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/15 18:05:23 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/15 18:05:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/15 07:48:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/15 07:48:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/14 21:59:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/14 21:59:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/13 21:56:20 | 00,124,416 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/13 20:50:29 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2009/05/13 19:31:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/13 19:31:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/12 20:46:20 | 00,000,598 | ---- | M] () -- C:\xfer\My Documents\My Sharing Folders.lnk
[2009/05/12 20:42:45 | 01,455,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/12 17:59:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/11 20:26:54 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\admin\Desktop\HijackThis.exe
[2009/05/10 23:11:36 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/10 23:00:39 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/10 22:57:50 | 00,000,283 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Win32.Agent.pz problem - Safer Networking Forums.url
[2009/05/10 22:56:39 | 03,019,817 | R--- | M] () -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2009/05/10 16:29:28 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/10 16:26:26 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/05/10 16:21:32 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/05/10 16:21:27 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/10 16:21:25 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/10 16:21:25 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/10 16:21:13 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/10 16:19:59 | 00,000,686 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/10 16:18:51 | 00,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/10 16:18:24 | 00,002,019 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/05/10 16:17:15 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/05/10 16:11:51 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/05/10 16:06:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/05/10 16:06:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/05/10 15:43:52 | 00,610,552 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/05/08 20:16:40 | 00,000,396 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/08 13:40:23 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\DeleteNotifyDll.dll
[2009/05/08 13:34:06 | 00,000,255 | ---- | M] () -- C:\WINDOWS\System32\ad_away.lic
[2009/05/08 13:09:43 | 03,847,837 | ---- | M] () -- C:\xfer\My Documents\AutoRuns 1.arn
[2009/05/07 08:13:41 | 03,309,030 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\virus print.rtf
[2009/05/06 23:59:32 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/06 23:58:33 | 00,075,264 | ---- | M] () -- C:\WINDOWS\internat.exe
[2009/05/05 23:55:33 | 00,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2009/05/05 23:55:33 | 00,000,002 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2009/05/05 22:29:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Twunk002.MTX
[2009/05/05 07:36:24 | 00,000,091 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Rapid Share Search.url
[2009/05/02 18:04:57 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2009/05/02 18:02:14 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/30 22:31:40 | 31,425,467 | ---- | M] () -- C:\xfer\My Documents\Ulead PhotoImpact 12 User Manual.pdf
[2009/04/21 20:46:19 | 31,463,086 | ---- | M] () -- C:\xfer\My Documents\Belkin g plus router f5d7231-4.pdf
[2009/04/20 22:27:27 | 00,053,760 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\MBSWinPlugin3544.dll
[2009/04/20 22:27:27 | 00,044,032 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\MBSMainPlugin3542.dll
[2009/04/20 22:27:27 | 00,033,792 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\MBSLargeStreamPlugin3542.dll
[2009/04/20 22:27:27 | 00,027,136 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\MBSUsernamePlugin3541.dll
[2009/04/20 22:27:24 | 01,166,772 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\RBXML550.dll
[2009/04/20 22:27:24 | 00,088,576 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\rbap550.dll
[2009/04/20 22:27:24 | 00,065,024 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\MBSPicturePlugin3542.dll
[2009/04/20 22:27:24 | 00,054,784 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\EHZComp8521.dll
[2009/04/20 22:27:24 | 00,039,936 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\RBShell555.dll
[2009/04/20 22:27:24 | 00,032,768 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\MBSProcessPlugin3543.dll
[2009/04/20 22:27:24 | 00,030,720 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\RBInternetEncodings600.dll
[2009/04/20 22:27:24 | 00,027,648 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\MBSRegistrationPlugin3542.dll
[2009/04/20 22:27:24 | 00,016,384 | -H-- | M] () -- C:\Documents and Settings\admin\Application Data\EHEncrypt8521.dll
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/17 21:31:19 | 00,014,119 | ---- | M] () -- C:\WINDOWS\System32\xma
< End of report >
kdyteejay
2009-05-17, 23:26
Extras file:
OTViewIt Extras logfile created on: 17/05/2009 20:57:33 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.98% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 19.01 Gb Free Space | 25.53% Space Free | Partition Type: NTFS
Drive D: | 692.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 1.16 Gb Free Space | 15.59% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AASTJONESD620XP
Current User Name: admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DoNotAllowExceptions"=0
"DisableNotifications"=0
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 06:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:SecureClient Application
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 06:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/08/30 18:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 18:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/02/09 20:12:48 | 00,931,592 | ---- | M] () -- C:\Program Files\VoiceLine SoftPhone\VoiceLine.exe:*:Enabled:VoiceLine SoftPhone
[2006/09/19 17:28:52 | 00,668,152 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:Yahoo! Browser
[2007/12/08 17:19:45 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/08/04 06:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 14:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/08/12 17:13:00 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/20 00:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[2008/08/12 17:13:00 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
[2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}"=PDFCreator
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{08581E23-EC5B-4AEC-8DB9-F186D751129F}"=Bamboo Scribe Shared Files
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}"=Symantec AntiVirus Client
"{11AFE21E-B193-430D-B57A-DFF7815BB962}"=Ulead PhotoImpact 12
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1C51133C-A78A-4CC7-9D97-DFD25FE0601E}"=Leadbetter Interactive
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=Multimedia Launcher
"{21B90409-8000-11D3-8CFE-0150048383C9}"=Microsoft Application Error Reporting
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}"=File Uploader
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.0
"{2545228C-6A70-4A01-B936-6DA77984D298}"=Acronis*True*Image*Workstation
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}"=Broadcom Advanced Control Suite
"{27B3563C-561C-4924-8C0E-EA102264873F}"=Windows Server 2003 Service Pack 1 Administration Tools Pack
"{29914633-C013-43B3-A980-15C1F70DFDB2}"=Avaya Integrated Management Administration Tools 3.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}"=CyberLink PowerDVD 8
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}"=Windows Live Photo Gallery
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}"=Mask Pro 4.1
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{33CFCF98-F8D6-4549-B469-6F4295676D83}"=Symantec AntiVirus
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{36D00AE6-69DE-4087-A1A9-84ADD10E5530}"=BHA B's Recorder GOLD BASIC 7.57 (Update)
"{3BC1AB78-2D98-4906-84B5-4230B5420DCC}"=Offline Course Player
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}"=Ulead VideoStudio 8.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{531BC138-F1F7-496B-879C-F039ECEF438D}"=Adobe Photoshop Lightroom 2
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{5559EC94-8051-4E5B-B878-C23AF633697B}"=FixerBundle
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5F073685-ADDB-4D5A-98E9-0F795989A57F}"=PhotoFrame Pro 3.1
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}"=mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6D8C8814-00DF-4F4B-BBC7-E817531416CC}"=Norton Spyware Scan
"{6E65247F-58F9-41CA-BE69-0316F7907170}"=Disc2Phone
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7AC15160-A49B-4A89-B181-D4619C025FFF}"=Samsung Samples Installer
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}"=CombineZM
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{87441A59-5E64-4096-A170-14EFE67200C3}"=Picture Control Utility
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{90120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}"=mDrWiFi
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}"=Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}"=DVD-RAM Driver
"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}"=Microsoft .NET Framework 3.0
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AB6FFA58-F491-11D3-8951-000000024763}"=iPassConnect Corporate
"{AC38B36B-90F8-4C1F-8AC9-236B851B8871}"=Genuine Fractals 5.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AF010AEE-E465-4EC0-9B97-3732EB279573}"=DameWare Mini Remote Control
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5688129-7595-4E5B-9990-CEF981A31264}"=SyncToy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}"=DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}"=iPod for Windows 2006-06-28
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}"=Sony Ericsson PC Suite 1.20.173
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}"=Bluetooth Stack for Windows by Toshiba
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}"=Dell Support 3.2.1
"{CEE2CE71-DCA1-4E62-A652-EF5D1DBDDEB0}"=HP Photo and Imaging 1.1 - Photosmart Cameras
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D3AA158A-9421-4883-8767-E771B0964A1D}"=ImageMixer VCD for FinePix
"{D4126659-643C-461C-AB2C-5E3B6EDA23D9}"=Ergo Print Monitor xp86
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{D680C913-5955-469D-9D88-C1940F7506D6}"=RAW FILE CONVERTER LE
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E6514842-09F1-4497-8345-65BA98AD3479}"=Samsung PC Studio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{E9556809-6831-4F42-9997-DE66654D44B1}"=Motorola Software Update
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EAF5E394-BC2B-42D3-9A94-E0AD66851922}"=Vodafone Mobile Connect
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}"=ViewNX
"{F02DBC56-E5AB-4F74-B995-4586F91D4BDC}"=WP Pro 1.1
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings
"55mm v6 for Adobe Photoshop & Compatible Applications"=55mm v6 for Adobe Photoshop & Compatible Applications
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"Adware Away v2.2.8.7_is1"=Adware Away v2.2.8.7
"Artizen TMO PS Plugins"=Artizen TMO PS Plugins 1.0
"AVI DivX MPEG to DVD Converter & Burner Pro_is1"=AVI DivX MPEG to DVD Converter & Burner Pro 2.9
"AVI DivX to DVD SVCD VCD Converter_is1"=AVI DivX to DVD SVCD VCD Converter 2.2.2
"Avidemux 2.4"=Avidemux 2.4
"AviSynth"=AviSynth 2.5
"AVS4YOU Software Navigator_is1"=AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1"=AVS Video Converter 6
"Bamboo Scribe_is1"=Bamboo Scribe 2.6
"BT Broadband Desktop Help"=BT Broadband Desktop Help
"BT Home Hub"=BT Home Hub
"BT Softphone 1.5_is1"=BT Softphone 1.5.3.6
"BT Wireless Connection Manager"=BT Wireless Connection Manager
"BT Yahoo! Applications"=BT Yahoo! Applications
"Capture NX 2"=Capture NX 2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"Color Efex Pro 3.0 Complete"=Color Efex Pro 3.0 Complete
"CopyToDVD_is1"=CopyToDVD
"Creative Live! Cam Center"=Creative Live! Cam Center
"Creative Live! Cam Vista IM User's Guide English"=Creative Live! Cam Vista IM User's Guide (English)
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"Creative VF0260"=Creative Live! Cam Vista IM Driver (1.01.03.1104)
"Creative WebCam Center"=Creative WebCam Center
"Dfine 2.0"=Dfine 2.0
"Dg Foto Art - Training"=Dg Foto Art - Training
"DivX Codec"=DivX Codec
"DivX Player"=DivX Player
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"DVDFab Decrypter_is1"=DVDFab Decrypter 3.0.8.6
"E.M. Youtube Video Download Tool_is1"=E.M. Youtube Video Download Tool 2.30
"Easy CD Ripper"=Easy CD Ripper 2.26
"EPSON Printer and Utilities"=EPSON Printer Software
"ERUNT_is1"=ERUNT 1.1j
"F95DE19F-CF69-4b03-81B6-9EC050D20D3B"=Microsoft Exchange
"FastStone Photo Resizer"=FastStone Photo Resizer 2.6
"Fuji Internet Printing"=Fuji Internet Printing
"HandicapMaster_is1"=HandicapMaster Version 5
"HijackThis"=HijackThis 2.0.2
"hkSFV"=hkSFV (remove only)
"ImgBurn"=ImgBurn (Remove Only)
"InstallShield_{1C51133C-A78A-4CC7-9D97-DFD25FE0601E}"=Leadbetter Interactive
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}"=CyberLink PowerDVD 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}"=SmartSound Quicktracks Plugin
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}"=iPod for Windows 2006-06-28
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.34 Full
"LiveUpdate"=LiveUpdate 1.80 (Symantec Corporation)
"Magic ISO Maker v5.3 (build 0221)"=Magic ISO Maker v5.3 (build 0221)
"MagicDisc 2.7.105"=MagicDisc 2.7.105
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"MWASPINT"=MicroStaff WINASPI NT
"NVIDIA Drivers"=NVIDIA Drivers
"Pen Tablet Driver"=Pen Tablet
"PhotomatixPro3_is1"=Photomatix Pro version 3.0.1
"Picasa2"=Picasa 2
"Portrait Professional Max 6_is1"=Portrait Professional Max 6.3
"PowerISO"=PowerISO
"ProInst"=Intel(R) PROSet/Wireless Software
"RAYflect Four Seasons 1.0"=RAYflect Four Seasons 1.0
"RealPlayer 6.0"=RealPlayer
"Remote Administrator v2.0"=Remote Administrator v2.0
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"SearchAssist"=SearchAssist
"Sharpener Pro 3.0"=Sharpener Pro 3.0
"Silver Efex Pro"=Silver Efex Pro
"simple2_is1"=Tone Mapping Plug-In 1.2
"Spyder2express"=Spyder2express
"SpywareBlaster_is1"=SpywareBlaster 4.1
"SpywareGuard_is1"=SpywareGuard v2.2
"SSC Service Utility_is1"=SSC Service Utility v4.30
"Super Screen Capture_is1"=Super Screen Capture 4.0
"SysInfo"=Creative System Information
"TomTom HOME"=TomTom HOME 2.5.2.60
"TorrentQ_is1"=TorrentQ version 2.1.0.0
"Total Video Converter 3.14_is1"=Total Video Converter 3.14 080930
"Visual Watermark_is1"=Visual Watermark 2.9.12
"Viveza"=Viveza
"VLC media player"=VideoLAN VLC media player 0.8.6a
"Vodafone 804SS USB driver"=Vodafone 804SS USB driver Software
"VoiceLine SoftPhone"=VoiceLine SoftPhone
"WinAVI Video Converter_is1"=WinAVI Video Converter
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WMV9_VCM"=Microsoft Windows Media Video 9 VCM
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Toolbar"=Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/05/2009 17:43:51 | Computer Name = AASTJONESD620XP | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/05/2009 17:43:51 | Computer Name = AASTJONESD620XP | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/05/2009 12:43:14 | Computer Name = AASTJONESD620XP | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)
Error - 12/05/2009 15:42:03 | Computer Name = AASTJONESD620XP | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)
Error - 13/05/2009 13:36:35 | Computer Name = AASTJONESD620XP | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)
Error - 13/05/2009 13:44:48 | Computer Name = AASTJONESD620XP | Source = Application Hang | ID = 1002
Description = Hanging application wordpad.exe, version 5.1.2600.3355, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 15/05/2009 02:41:20 | Computer Name = AASTJONESD620XP | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)
Error - 15/05/2009 13:06:57 | Computer Name = AASTJONESD620XP | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)
Error - 16/05/2009 06:07:34 | Computer Name = AASTJONESD620XP | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
binding handle is invalid. (0x800706a6)
Error - 17/05/2009 04:51:28 | Computer Name = AASTJONESD620XP | Source = Application Hang | ID = 1002
Description = Hanging application DrgToDsc.exe, version 9.0.0.53, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 17/05/2009 06:12:43 | Computer Name = AASTJONESD620XP | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.
Error - 17/05/2009 06:38:31 | Computer Name = AASTJONESD620XP | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2
Error - 17/05/2009 06:38:36 | Computer Name = AASTJONESD620XP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SAVRT sptd
Error - 17/05/2009 06:38:39 | Computer Name = AASTJONESD620XP | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 17/05/2009 06:38:39 | Computer Name = AASTJONESD620XP | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.
Error - 17/05/2009 15:51:05 | Computer Name = AASTJONESD620XP | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2
Error - 17/05/2009 15:51:10 | Computer Name = AASTJONESD620XP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SAVRT sptd
Error - 17/05/2009 15:51:18 | Computer Name = AASTJONESD620XP | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 17/05/2009 15:51:18 | Computer Name = AASTJONESD620XP | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.
Error - 17/05/2009 15:51:59 | Computer Name = AASTJONESD620XP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
< End of report >
kdyteejay
2009-05-18, 00:11
Hi Shaba,
I meant to mention I have been getting different application errors when starting up the laptop in normal mode. They may mean nothing but thought I should tell you. Earlier today when gathering data from ntbtlog when I logged on I got YAHOOM-1.EXE aplication error.
tonight when I logged on I got ACROTRAY.EXE aplication error.
Can you tell me details about those error messages?
kdyteejay
2009-05-18, 20:35
I think the acrotray could be related to the fact if I run explorer or double click an icon a window pops up to try to install adobe acrobat 8.1 but I am just guessing this. this attempted install only started after my laptop got infected.
could yahoom be to do with yahoo messenger? yahoo messenger is set to start up auotmatically when I boot my pc so I imagine this is ok
Then you could try to fix these with HijackThis, reboot and let me know if it helped for that issues:
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
kdyteejay
2009-05-18, 21:59
Sorry,
what do i need to do to try to fix them with HJT?
Open HijackThis, click do a system scan only and checkmark those entries.
Close all windows including browser and press fix checked.
kdyteejay
2009-05-18, 22:13
did as you asked. new HJT log attached. however still getting acrobat rdr install box
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:01, on 18/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [internat] C:\WINDOWS\internat.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 16710 bytes
That might be then due to Windows Installer remnants.
Let's run one scan next:
Download to the desktop: Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe)
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
kdyteejay
2009-05-19, 20:09
sorry for the delay in posting -that software took hours to run in windows normal mode. I asked it to check my USB stick as well as drive C: and I had to cancel as it appeared to hang.
I noticed before I had to cancel the first time that it was detecting pavuppad.exe as Trojan.PWS.Panda.114 and also found a file called internat.exe (cant remember path) as Trojan.Muldrop.31497
reran software and logs attached
I managed to move incurable on all files not dealt with except for one:
object name : A0005243.exe/Data005
path: c:\system volume info\restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0005243.exe Program.PsKill.101
ESUGUTIL.exe;C:\NoNav;Program.RemoteAdmin.origin;Incurable.Moved.;
A0000299.EXE;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3;Program.PsExec.170;Incurable.Moved.;
A0005239.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7;Trojan.PWS.Panda.114;Deleted.;
A0005243.exe\data005;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0005243.exe;Program.PsKill.101;;
A0005243.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7;Archive contains infected objects;Moved.;
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:06, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\pavuppad.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 16428 bytes
Looks like that F2 entry is finally gone :)
Is C:\WINDOWS\system32\pavuppad.exe gone as well?
kdyteejay
2009-05-19, 20:47
shall I check both normal and safe mode as I usually find it in safe mode
kdyteejay
2009-05-19, 21:09
seems to be gone - no sign
Great :)
Let's run then another scan:
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
kdyteejay
2009-05-19, 21:25
is it ok to put laptop on-line again whilst in normal mode to do this
kdyteejay
2009-05-19, 21:33
what about protection _ firewall is switched off
Please turn them on now :)
kdyteejay
2009-05-19, 21:57
my BT Broadband package was reduced and I only have windows firewall now - is that okay
Yes that is fine as for now. I will suggest some freeware firewalls later.
kdyteejay
2009-05-20, 01:17
when I ran kaspersky Norton found the following but could not do anything with them:
are they files used by kaspersky and should I have disabled NAV prior to running
backdoor.formador d:\programs\erdcmd2003\common.dll
Trojan Horse d:\programs\memoryanalyzer\memoryanalyzerpe-s
Trojan Horse d:\programs\saminside\gethashes.exe
Trojan Horse d:\programs\saminside\getsyskey.exe
Hacktool d:\programs\saminside\saminside.exe
Hacktool d:\programs\utilities\mailpassview.exe
Trojan Horse d:\programs\utilities\outlooker.exe
W32.IRCBOT.GEN d:\programs\utilities\outlooker.exe
Kaspersky report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 19, 2009 20:32:57
Records in database: 2198945
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
G:\
Scan statistics:
Files scanned: 143354
Threat name: 6
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 02:32:02
File name / Threat name / Threats count
C:\Documents and Settings\admin\DoctorWeb\Quarantine\A0005243.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\Documents and Settings\admin\DoctorWeb\Quarantine\UninstallHelper.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06B00004.VBN Infected: Trojan-Proxy.Win32.Agent.bmm 1
C:\Program Files\Yahoo!\Installs\btyh.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0005014.exe Infected: Trojan.Win32.Zapchast.uy 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0005073.exe Infected: Trojan.Win32.Zapchast.uy 1
D:\PROGRAMS\ANGRYIPSCANNER\ANGRYIPSCANNER.EXE Infected: not-a-virus:NetTool.Win32.Portscan.c 1
D:\PROGRAMS\UTILITIES\DIALUPASS.EXE Infected: not-a-virus:PSWTool.Win32.Dialupass.an 1
D:\PROGRAMS\UTILITIES\MESSENGERPW.EXE Infected: not-a-virus:PSWTool.Win32.Messen.102 1
The selected area was scanned.
HJT report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:26, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\pavuppad.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 16609 bytes
Purpose of these files?
Trojan Horse d:\programs\memoryanalyzer\memoryanalyzerpe-s
Trojan Horse d:\programs\saminside\gethashes.exe
Trojan Horse d:\programs\saminside\getsyskey.exe
Hacktool d:\programs\saminside\saminside.exe
Hacktool d:\programs\utilities\mailpassview.exe
Trojan Horse d:\programs\utilities\outlooker.exe
D:\PROGRAMS\ANGRYIPSCANNER\ANGRYIPSCANNER.EXE Infected: not-a-virus:NetTool.Win32.Portscan.c 1
D:\PROGRAMS\UTILITIES\DIALUPASS.EXE Infected: not-a-virus:PSWTool.Win32.Dialupass.an 1
D:\PROGRAMS\UTILITIES\MESSENGERPW.EXE Infected: not-a-virus:PSWTool.Win32.Messen.102 1
kdyteejay
2009-05-20, 09:25
Hi Shaba,
they were on a cd a friend of mine had left in cd drive - he had used it to recover my password for logging on to pc. It is now in my bucket.
I see.
Empty these folders:
C:\Documents and Settings\admin\DoctorWeb\Quarantine
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine
Empty Recycle Bin.
Still problems?
kdyteejay
2009-05-21, 00:04
Hi Shaba,
latest reports
Kaspersky
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 20, 2009 14:40:19
Records in database: 2204527
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
G:\
Scan statistics:
Files scanned: 137437
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:57:38
File name / Threat name / Threats count
C:\Program Files\Yahoo!\Installs\btyh.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0005014.exe Infected: Trojan.Win32.Zapchast.uy 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0005073.exe Infected: Trojan.Win32.Zapchast.uy 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0006382.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0006385.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1
The selected area was scanned.
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:18, on 20/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070312
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\pavuppad.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader5.cab
O16 - DPF: {61628958-4627-48F4-99FD-30719188568D} (XCheck Control) - http://www.ifrontiers.com/ActiveX/XCheck.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://test.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174297478281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174297563946
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.microquiz.eu/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ea0211234474d475.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {E33968CE-FF77-4DC3-A052-2921C0D60177} (LoaderOnline Class) - https://www.remotecontrol26.co.uk/dms%20website/kiosk/Bootstrap2610/2.6.10.107/BootstrapXP.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.asda-photo.co.uk/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 16468 bytes
That looks good :)
Still problems?
kdyteejay
2009-05-21, 20:52
Hi Shaba,
ran Norton Antivirus - noting found. Ran spybot which found WIN32.ADLOAD.R and WIN32.AGENT.PZ. I got spybot to fix. rebooted and reran - found nothing.
I also downloded Adobe Acrobat RDR 9 to see if that woud get rid of the installer message I get for Acrobat RDR 8.1.0 whenever I right click on Start but it hasn't.
So I still have that to resolve - can you help with that.
And as mentioned previously I only have Microsoft firewall capability.
This (http://support.microsoft.com/kb/290301) might help.
Remove all instances of Acrobat Reader and then install latest version.
kdyteejay
2009-05-21, 21:28
Shaba,
you are a genius - thank you so much.
If we are now finished can you recommend some free firewalls
Once again I thank you so much. I could never have done this without your help.
Great :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
kdyteejay
2009-05-21, 23:12
Hi Shaba,
installed PcTools. Should I turn off windows firewall
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Everyone else please begin a New Topic.