here are the results
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 1, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 01, 2009 14:54:12
Records in database: 2735799
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 60125
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:55:13
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\SGPSA\BHO.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.ifr 1
C:\WINDOWS\Downloaded Installations\{CA96CAAA-F816-4CB5-9676-6A3FCCB81468}\Spycheck Antispyware.msi Infected: not-a-virus:FraudTool.Win32.FastAntiSpyware.a 1
Selected area has been scanned.
ComboFix 09-08-31.03 - ALLEN 09/01/2009 13:26.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.546 [GMT 1:00]
Running from: c:\documents and settings\change me\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.text
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.
2009-09-01 10:36 . 2009-09-01 10:36 -------- d-----w- c:\program files\Trend Micro
2009-08-31 20:10 . 2009-08-31 20:10 117760 ----a-w- c:\documents and settings\change me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-09-01 12:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\documents and settings\change me\Application Data\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-31 18:20 . 2009-08-31 18:20 9830 ----a-w- C:\exefix.reg
2009-08-31 17:42 . 2009-08-31 17:42 -------- d-----w- c:\program files\Windows Defender
2009-08-31 17:10 . 2009-08-31 17:10 -------- d-----w- c:\documents and settings\admin\Application Data\Yahoo!
2009-08-31 17:04 . 2009-08-31 17:04 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2009-08-31 17:03 . 2009-08-31 17:03 19576 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 17:03 . 2009-08-31 17:03 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2009-08-31 17:00 . 2009-08-31 17:04 -------- d-----w- c:\documents and settings\admin
2009-08-31 14:17 . 2009-08-31 14:17 -------- d-----w- c:\program files\Windows X
2009-08-31 14:15 . 2009-08-31 14:35 -------- d-----w- c:\program files\a-squared Free
2009-08-31 13:21 . 2009-08-31 13:21 -------- d-----w- c:\documents and settings\change me\Local Settings\Application Data\Runscanner.net
2009-08-31 13:13 . 2009-08-31 13:13 -------- d-----w- c:\program files\ESET
2009-08-31 13:02 . 2009-08-31 13:02 65536 ----a-r- c:\documents and settings\change me\Application Data\Microsoft\Installer\{A6F4DE62-BA95-45B5-B27D-39E5ABB4E77D}\NewShortcut1_6D307F405A8B42488CCA5C8E4FA8753B.exe
2009-08-31 13:02 . 2009-08-31 13:02 10134 ----a-r- c:\documents and settings\change me\Application Data\Microsoft\Installer\{A6F4DE62-BA95-45B5-B27D-39E5ABB4E77D}\ARPPRODUCTICON.exe
2009-08-31 13:02 . 2009-08-31 13:02 -------- d-----w- c:\program files\Hydra Networks
2009-08-31 13:02 . 2009-08-31 14:17 -------- d-----w- c:\windows\Downloaded Installations
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(2)(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee(4)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(4)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Real(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}(3)
2009-08-31 11:32 . 2009-08-31 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee(2)
2009-08-31 10:36 . 2009-08-31 12:25 -------- d-----w- c:\program files\Exterminate It!
2009-08-31 09:03 . 2009-08-31 09:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2009-08-31 08:49 . 2009-08-31 08:59 -------- d-----w- c:\program files\EsetOnlineScanner
2009-08-31 08:41 . 2009-08-31 08:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-31 08:03 . 2009-08-31 08:31 -------- d-----w- c:\windows\BDOSCAN8
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\documents and settings\change me\Application Data\PlayFirst
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\PlayFirst
2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\windows\The Mystery of the Mary Celeste
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\documents and settings\change me\Application Data\Malwarebytes
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Malwarebytes
2009-08-30 05:43 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-30 05:43 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 04:50 . 2009-06-10 21:11 342016 ------w- c:\windows\system32\MC14.exe
2009-08-30 04:50 . 2009-05-12 18:13 585728 ------w- c:\windows\system32\AReadyLB.dll
2009-08-30 04:50 . 2009-05-12 18:13 53248 ------w- c:\windows\system32\BBInstaller.exe
2009-08-30 04:50 . 2009-05-12 18:13 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
2009-08-30 04:50 . 2009-08-30 04:50 -------- d-----w- c:\program files\J River
2009-08-30 04:49 . 2009-08-30 04:50 -------- d-----w- c:\documents and settings\change me\Application Data\J River
2009-08-30 04:49 . 2009-08-30 04:50 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\J River
2009-08-29 17:16 . 2009-08-29 17:16 -------- d-----w- c:\documents and settings\change me\Application Data\GlarySoft
2009-08-29 17:16 . 2009-08-29 17:16 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\GlarySoft
2009-08-29 17:14 . 2009-08-29 17:14 -------- d-----w- c:\program files\Glary Utilities
2009-08-29 17:01 . 2009-08-29 17:01 -------- d-----w- c:\documents and settings\change me\Application Data\DAEMON Tools Pro
2009-08-29 17:01 . 2009-08-29 17:01 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\DAEMON Tools Pro
2009-08-29 16:51 . 2009-08-29 16:51 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-29 15:55 . 2009-08-29 15:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 12:48 . 2009-08-29 12:48 4141117 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2009-08-29 12:48 . 2009-08-29 12:48 6516755 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-08-29 12:44 . 2009-08-29 12:44 15884 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azitunes\libProcessAccess.dll
2009-08-29 12:44 . 2009-08-29 12:44 102400 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
2009-08-28 16:30 . 2009-08-28 19:06 -------- d-----w- c:\program files\Common Files\Real
2009-08-28 14:21 . 2009-08-28 14:21 -------- d-----w- c:\documents and settings\change me\Application Data\TuneUp Software
2009-08-28 14:21 . 2009-08-28 14:21 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\TuneUp Software
2009-08-28 13:43 . 2009-08-28 13:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-28 13:43 . 2009-08-28 13:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-08-28 12:44 . 2009-08-28 12:57 -------- d-----w- c:\documents and settings\change me\Application Data\Smart PC Solutions
2009-08-28 12:44 . 2009-08-28 12:57 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Smart PC Solutions
2009-08-28 05:09 . 2009-08-28 05:09 10684866 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azump\mplayer.exe
2009-08-27 17:34 . 2009-08-27 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-08-27 17:34 . 2009-08-31 12:04 -------- d-----w- c:\documents and settings\change me\Application Data\Azureus
2009-08-27 17:34 . 2009-08-31 12:04 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Azureus
2009-08-27 17:34 . 2009-09-01 10:32 -------- d-----w- c:\program files\Vuze
2009-08-27 11:37 . 2009-08-31 11:09 -------- d-----w- c:\documents and settings\change me\.housecall6.6
2009-08-26 23:23 . 2009-08-27 00:07 -------- d-----w- c:\documents and settings\change me\Application Data\.ABC
2009-08-26 23:23 . 2009-08-27 00:07 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\.ABC
2009-08-26 15:46 . 2009-08-31 13:03 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-26 08:50 . 2009-08-26 08:50 -------- d-----w- c:\program files\Xilisoft
2009-08-25 09:10 . 2009-08-25 09:10 -------- d-----w- c:\documents and settings\change me\Application Data\Ahead
2009-08-25 09:10 . 2009-08-25 09:10 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Ahead
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP.exe
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP(3).exe
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP(2).exe
2009-08-25 08:44 . 2009-08-25 15:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-25 07:57 . 2009-08-25 07:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 07:57 . 2009-08-25 07:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 07:57 . 2009-08-25 07:57 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 07:57 . 2009-08-25 07:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 07:56 . 2009-09-01 08:05 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-25 07:56 . 2009-08-25 07:56 -------- d-----w- c:\program files\AVG
2009-08-25 07:55 . 2009-09-01 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-25 07:46 . 2009-08-25 07:46 -------- d-----w- c:\documents and settings\change me\Application Data\AVG8
2009-08-25 07:46 . 2009-08-25 07:46 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\AVG8
2009-08-24 07:58 . 2009-08-24 08:02 47360 ----a-w- c:\documents and settings\change me\Application Data\pcouffin.sys
2009-08-24 07:58 . 2009-08-24 07:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-24 07:58 . 2009-08-24 08:02 -------- d-----w- c:\documents and settings\change me\Application Data\Vso
2009-08-24 07:58 . 2009-08-24 08:02 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Vso
2009-08-23 07:00 . 2009-08-23 07:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-23 06:52 . 2009-08-23 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-08-23 06:52 . 2008-08-06 01:50 606208 ----a-w- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresENU.dll
2009-08-23 06:52 . 2008-08-05 13:42 4717040 ----a-w- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe
2009-08-23 06:43 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-23 06:37 . 2009-08-23 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-22 19:45 . 2009-08-22 19:45 -------- d-----w- c:\documents and settings\change me\Application Data\Azuaz Games
2009-08-22 19:45 . 2009-08-22 19:45 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Azuaz Games
2009-08-22 19:36 . 2009-08-22 19:36 -------- d-----w- c:\program files\GameTop.com
2009-08-22 06:25 . 2009-08-22 06:25 -------- d-----w- c:\program files\Defraggler
2009-08-21 16:58 . 2009-08-21 16:58 -------- d-----w- c:\program files\CCleaner
2009-08-21 09:12 . 2001-08-17 12:48 12160 -c----w- c:\windows\system32\dllcache\mouhid.sys
2009-08-21 09:12 . 2001-08-17 12:48 12160 ------w- c:\windows\system32\drivers\mouhid.sys
2009-08-20 06:51 . 2009-08-20 06:51 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-20 06:51 . 2009-08-20 06:51 -------- d-----w- C:\4fff99b4a3a7072f67382f9eaf43c24f
2009-08-17 08:17 . 2009-08-29 13:02 -------- d-----w- c:\program files\VS Revo Group
2009-08-16 11:00 . 2009-08-16 11:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
2009-08-15 12:44 . 2009-08-15 12:45 -------- d--h--w- c:\windows\ie8
2009-08-15 11:12 . 2009-08-15 12:44 -------- dc----w- c:\windows\ie8(2)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 11:07 . 2009-06-27 09:59 -------- d-----w- c:\program files\DNA
2009-09-01 11:06 . 2009-06-27 09:59 -------- d-----w- c:\documents and settings\change me\Application Data\DNA
2009-09-01 11:06 . 2009-06-27 09:59 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\DNA
2009-08-31 15:26 . 2009-06-14 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(2)
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-31 12:42 . 2009-08-31 12:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-08-30 08:20 . 2009-07-28 16:20 -------- d-----w- c:\program files\MpcStar
2009-08-29 18:30 . 2009-06-09 11:37 -------- d-----w- c:\program files\Yahoo!
2009-08-28 17:10 . 2009-06-09 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-28 17:10 . 2009-06-09 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-28 14:21 . 2009-06-28 22:49 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-28 13:19 . 2009-07-16 10:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-27 00:31 . 2009-05-30 14:41 19576 -c--a-w- c:\documents and settings\change me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 08:02 . 2009-08-24 07:58 47360 ----a-w- c:\docume~1\CHANGE~1\APPLIC~1\pcouffin.sys
2009-08-23 14:56 . 2009-07-21 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-23 12:26 . 2009-07-14 15:15 1034056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-23 06:52 . 2009-06-09 11:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 06:39 . 2009-06-09 11:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-21 16:49 . 2009-06-14 19:00 411368 -c----w- c:\windows\system32\deploytk.dll
2009-08-17 09:55 . 2009-06-21 09:47 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-17 08:29 . 2009-06-09 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-15 22:04 . 2009-06-23 14:31 -------- d-----w- c:\program files\Lx_cats
2009-08-15 20:33 . 2009-06-14 07:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 09:06 . 2009-07-08 15:26 -------- d-----w- c:\program files\Intel
2009-08-15 07:42 . 2009-07-25 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\page
2009-08-13 14:44 . 2009-07-14 09:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-11 15:00 . 2009-08-11 15:00 0 ------w- c:\windows\system32\drivers\Msft_User_M4iPodWPDDriver_01_07_00.Wdf
2009-08-11 15:00 . 2009-08-11 15:00 0 ------w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-09 20:02 . 2009-06-09 11:42 -------- d-----w- c:\documents and settings\change me\Application Data\Motive
2009-08-09 20:02 . 2009-06-09 11:42 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Motive
2009-08-09 09:10 . 2009-06-10 06:36 -------- d-----w- c:\documents and settings\change me\Application Data\Media Player Classic
2009-08-09 09:10 . 2009-06-10 06:36 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Media Player Classic
2009-08-07 10:40 . 2009-07-07 16:34 -------- d-----w- c:\program files\Microsoft.NET
2009-08-05 09:47 . 2009-07-28 16:27 -------- d-----w- c:\documents and settings\change me\Application Data\CometNetwork
2009-08-05 09:47 . 2009-07-28 16:27 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\CometNetwork
2009-08-05 09:01 . 2004-08-04 12:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-05 07:48 . 2009-06-09 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-02 20:07 . 2009-06-09 20:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-02 15:50 . 2009-08-31 17:00 38208 ----a-w- c:\documents and settings\admin\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-08-02 10:04 . 2009-08-01 10:50 239 ----a-w- c:\windows\PowerReg.dat
2009-07-28 16:35 . 2009-07-28 16:22 -------- d-----w- c:\documents and settings\change me\Application Data\TigerPlayer
2009-07-28 16:35 . 2009-07-28 16:22 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\TigerPlayer
2009-07-28 16:27 . 2009-07-28 16:27 0 ----a-w- c:\windows\nsreg.dat
2009-07-28 09:20 . 2009-07-28 08:47 -------- d-----w- c:\program files\ffdshow
2009-07-28 08:57 . 2009-06-12 07:18 -------- d-----w- c:\program files\SourceTec
2009-07-26 09:26 . 2009-07-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-26 07:55 . 2009-07-26 07:55 3888 ------w- c:\windows\system32\drivers\NTHANDLE.SYS
2009-07-24 09:22 . 2009-07-24 09:22 -------- d-----w- c:\program files\Search Guard Plus
2009-07-24 06:50 . 2009-07-21 10:46 -------- d-----w- c:\program files\iolo
2009-07-24 06:50 . 2009-07-21 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-07-21 13:28 . 2009-07-20 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2009-07-21 13:28 . 2009-07-20 14:51 -------- d-----w- c:\documents and settings\change me\Application Data\Systweak
2009-07-21 13:28 . 2009-07-20 14:51 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Systweak
2009-07-21 11:05 . 2009-07-21 00:21 518 ----a-w- c:\documents and settings\change me\Application Data\iolo\Registry\Last\restore.bat
2009-07-21 00:19 . 2009-07-21 00:19 1531 ----a-w- c:\documents and settings\change me\Application Data\iolo\restore.bat
2009-07-21 00:13 . 2009-07-21 00:01 -------- d-----w- c:\documents and settings\change me\Application Data\iolo
2009-07-21 00:13 . 2009-07-21 00:01 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\iolo
2009-07-21 00:06 . 2009-07-21 00:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-07-21 00:02 . 2009-07-21 00:02 74703 ------w- c:\windows\system32\mfc45.dll
2009-07-20 20:59 . 2004-08-04 12:00 182656 -c----w- c:\windows\system32\drivers\ndis.sys
2009-07-20 18:20 . 2009-07-20 18:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-07-20 18:20 . 2009-06-09 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-20 15:08 . 2009-07-20 15:06 30996544 ----a-w- c:\documents and settings\change me\Application Data\Systweak\ASO 2\UpdateASPnew.exe
2009-07-19 18:17 . 2009-07-19 18:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\agi
2009-07-19 18:15 . 2009-07-19 18:15 339968 ------w- c:\windows\system32\pythoncom25.dll
2009-07-19 18:15 . 2009-07-19 18:15 114688 ------w- c:\windows\system32\pywintypes25.dll
2009-07-19 18:15 . 2009-07-19 18:15 2117632 ------w- c:\windows\system32\python25.dll
2009-07-17 19:23 . 2009-07-17 19:23 -------- d-----w- c:\documents and settings\change me\Application Data\Windows Live Writer
2009-07-17 19:23 . 2009-07-17 19:23 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Windows Live Writer
2009-07-17 19:22 . 2009-06-09 18:40 -------- d-----w- c:\program files\Windows Live
2009-07-17 19:21 . 2009-07-17 19:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-17 19:01 . 2004-08-04 12:00 58880 ------w- c:\windows\system32\atl.dll
2009-07-17 17:58 . 2009-07-17 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-07-17 09:56 . 2009-06-12 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-16 13:17 . 2009-07-06 18:18 1474832 ------w- c:\windows\system32\drivers\sfi.dat
2009-07-14 14:41 . 2009-07-14 13:55 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-14 14:03 . 2009-07-14 14:03 -------- d-----w- c:\program files\MSXML 6.0
2009-07-14 13:53 . 2009-07-14 13:53 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-07-14 13:51 . 2009-07-14 13:51 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-14 08:21 . 2009-07-14 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-07-13 22:43 . 2007-12-31 10:31 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-13 13:22 . 2009-07-13 13:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-11 17:24 . 2009-06-09 11:36 -------- d-----w- c:\program files\Common Files\Motive
2009-07-09 10:37 . 2009-07-09 10:37 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-08 14:48 . 2009-07-08 14:48 23600 ------w- c:\windows\system32\drivers\TVICHW32.SYS
2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\program files\Intel Corporation
2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-07-06 03:40 . 2009-08-15 09:04 2838454 ----a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2009-07-06 03:40 . 2009-08-15 09:04 2838454 ----a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}(3)\speedupmypc2009.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 07:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25766:TCP"= 25766:TCP:BitComet 25766 TCP
"25766:UDP"= 25766:UDP:BitComet 25766 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"12863:TCP"= 12863:TCP:BitComet 12863 TCP
"12863:UDP"= 12863:UDP:BitComet 12863 UDP
"20422:TCP"= 20422:TCP:BitComet 20422 TCP
"20422:UDP"= 20422:UDP:BitComet 20422 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/25/2009 08:57 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/25/2009 08:57 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 16:06 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/25/2009 08:56 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/25/2009 08:56 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [7/17/2009 20:22 55152]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [4/10/2008 11:31 177280]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [6/23/2009 16:07 99248]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 19:19 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [7/28/2009 15:17 16512]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [8/10/2009 07:03 42432]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 18:08 533360]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 13:00 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 16:06 7408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 01:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 03:23 366936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-09-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-29 15:09]
2009-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-436374069-725345543-1003Core.job
- c:\documents and settings\change me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-10 07:33]
2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{C696E61C-6D6E-4E34-97DF-FF9D5594657B}.job
- c:\windows\system32\msfeedssync.exe [2007-12-31 03:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
LSP: c:\windows\system32\SecureNet.dll
Trusted Zone: motive.com\pbttbc.bt
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 13:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,84,93,df,33,82,70,46,8e,9b,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,84,93,df,33,82,70,46,8e,9b,18,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-01 13:35
ComboFix-quarantined-files.txt 2009-09-01 12:35
ComboFix2.txt 2009-09-01 07:17
Pre-Run: 102,125,826,048 bytes free
Post-Run: 102,122,090,496 bytes free
394 --- E O F --- 2009-09-01 06:47
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:25, on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe
--
End of file - 8440 bytes