Hi Phil
I have worked through the last set of instructions. The files
c:\windows\system32\xa4176421.exe
c:\windows\system32\xa4166218.exe
c:\windows\system32\xa3633375.exe
c:\windows\system32\xa3623265.exe
all contained the same seven entries when scanned with virusscan.jotti.
These files were added to the other files to produce the CFScript.
These were run with Combofix as directed.
The Hijackthis system scan only did not have an entry
VO2 - BHO: D - {5241E039-3166-31D1-8EC7-7AF24ADFB5A7} - C:\WINDOWS\system32\xwr89113.dll
so I just ticked the other two boxes and ran the program
AFT Cleaner and Anti-Malware ran OK.
The scan reports are as follows
ComboFix 08-11-19.08 - chris 2008-11-20 15:35:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1500 [GMT 0:00]
Running from: c:\documents and settings\chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\chris\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\glmqeklr.dll
c:\windows\system32\ijxphoxb.dll
c:\windows\system32\svnqsfpm.dll
c:\windows\system32\vdywrxjo.dll
c:\windows\system32\wr89113.dll
c:\windows\system32\xa3623265.exe
c:\windows\system32\xa3633375.exe
c:\windows\system32\xa4166218.exe
c:\windows\system32\xa4176421.exe
c:\windows\system32\xwr89113.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\glmqeklr.dll
c:\windows\system32\ijxphoxb.dll
c:\windows\system32\svnqsfpm.dll
c:\windows\system32\vdywrxjo.dll
c:\windows\system32\wr89113.dll
c:\windows\system32\xa3623265.exe
c:\windows\system32\xa3633375.exe
c:\windows\system32\xa4166218.exe
c:\windows\system32\xa4176421.exe
c:\windows\system32\xwr89113.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.
2008-11-20 15:10 . 2008-11-20 15:10 <DIR> d-------- c:\windows\LastGood
2008-11-13 14:30 . 2008-11-13 14:30 <DIR> d-------- c:\program files\Trend Micro
2008-11-13 11:57 . 2008-11-13 11:57 160 --a------ c:\windows\wininit.ini
2008-11-13 08:53 . 2008-11-13 11:43 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-13 08:53 . 2008-11-13 12:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 16:01 . 2008-11-11 16:01 <DIR> d-------- c:\documents and settings\chris\Application Data\Apple Computer
2008-11-11 12:38 . 2008-11-11 12:38 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-11 12:34 . 2008-11-11 12:34 <DIR> d-------- c:\program files\Apple Software Update
2008-11-11 12:34 . 2008-11-11 12:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-10 15:18 . 2008-11-10 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\TomTom
2008-11-07 20:14 . 2008-11-07 20:14 <DIR> d-------- c:\documents and settings\chris\Application Data\CANON INC
2008-11-07 20:14 . 2008-11-11 21:01 <DIR> d-------- c:\documents and settings\chris\Application Data\CameraWindowDC
2008-11-07 20:13 . 2008-11-11 21:06 <DIR> d-------- c:\documents and settings\chris\Application Data\ZoomBrowser EX
2008-11-07 20:12 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-07 20:12 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-07 20:12 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-07 20:12 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-06 19:57 . 2008-11-06 19:57 <DIR> d-------- c:\documents and settings\chris\Application Data\TomTom
2008-11-06 19:54 . 2008-11-06 19:54 <DIR> d-------- c:\program files\TomTom HOME 2
2008-11-06 15:04 . 2008-11-06 15:12 2,826,240 --ahs---- c:\windows\system32\amtlib.dll
2008-11-06 14:48 . 2008-11-06 14:48 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-06 14:42 . 2008-11-06 14:42 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-05 19:01 . 2008-11-05 19:01 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-05 19:01 . 2008-11-05 19:01 1,409 --a------ c:\windows\QTFont.for
2008-11-04 15:42 . 2008-11-04 15:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-04 15:35 . 2008-11-04 15:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2008-11-04 15:31 . 2008-11-04 15:31 <DIR> d-------- c:\program files\Bonjour
2008-11-04 15:12 . 2008-11-04 15:12 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-04 15:03 . 2008-11-04 15:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2008-11-01 22:08 . 2008-11-01 22:08 <DIR> d-------- C:\My Downloads
2008-10-30 22:23 . 2008-11-01 19:43 <DIR> d--h----- c:\windows\$hf_mig$
2008-10-30 22:23 . 2005-02-25 03:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-10-30 21:01 . 2008-10-30 21:12 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-10-30 21:01 . 2008-10-30 21:12 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-10-30 21:00 . 2008-11-20 13:18 2,956,832 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-10-30 21:00 . 2008-11-20 13:18 499,744 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-10-30 21:00 . 2008-11-20 14:19 24,180 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-10-30 21:00 . 2008-11-20 13:18 2,788 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-10-30 20:18 . 2008-10-30 21:00 <DIR> d-------- c:\program files\Kaspersky Lab
2008-10-30 20:18 . 2008-11-20 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-10-27 20:08 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-27 20:08 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-27 17:29 . 2008-10-27 17:29 552 --a------ c:\windows\system32\d3d8caps.dat
2008-10-27 11:43 . 2008-10-27 11:43 140,095 --a------ c:\windows\system32\AdobeFnt.lst
2008-10-27 11:21 . 2008-10-27 11:21 7,680 --ahs---- c:\windows\Thumbs.db
2008-10-27 11:21 . 2008-11-11 12:06 69 --a------ c:\windows\NeroDigital.ini
2008-10-23 13:41 . 2008-10-27 11:21 <DIR> d-------- c:\program files\Dream Aquarium
2008-10-23 13:11 . 2008-10-23 13:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe
2008-10-22 20:03 . 2008-10-22 20:03 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-22 18:54 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-22 18:54 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-22 18:54 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-22 17:30 . 2008-10-22 17:30 <DIR> d-------- c:\program files\LightWork Design
2008-10-22 17:25 . 2008-10-22 17:27 <DIR> d-------- c:\program files\Common Files\FotoNation
2008-10-22 17:25 . 1998-07-07 17:10 534,528 --a------ c:\windows\system32\LTOCX10N.OCX
2008-10-22 17:20 . 2008-10-22 17:20 <DIR> d-------- c:\documents and settings\chris\WINDOWS
2008-10-22 17:18 . 2008-10-22 17:18 <DIR> d-------- c:\windows\Application Data
2008-10-22 17:18 . 2008-10-22 17:18 <DIR> d-------- c:\program files\ArcSoft
2008-10-22 17:17 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe
2008-10-22 17:16 . 2008-10-27 11:21 <DIR> d-------- c:\program files\FinePixViewer
2008-10-22 17:14 . 2008-10-22 17:14 <DIR> d-------- c:\program files\REGSHAVE
2008-10-22 17:14 . 2001-11-24 17:11 81,924 --a------ c:\windows\system32\drivers\VC4CB104.SYS
2008-10-22 17:14 . 2001-11-25 02:11 81,924 --a------ c:\windows\system32\drivers\V4CB0115.SYS
2008-10-22 17:14 . 2001-11-25 02:11 81,924 --a------ c:\windows\system32\drivers\V4CB010B.SYS
2008-10-22 17:14 . 2001-11-21 21:09 81,796 --a------ c:\windows\system32\drivers\V4CB0109.SYS
2008-10-22 17:14 . 2002-02-04 22:33 69,632 --a------ c:\windows\system32\FREGSHEX.DLL
2008-10-22 17:14 . 2002-02-26 17:27 65,536 --a------ c:\windows\system32\FINFCHECK.dll
2008-10-22 17:14 . 2002-01-15 11:30 49,152 --a------ c:\windows\system32\FINSTALL.dll
2008-10-22 17:14 . 2002-02-12 16:00 45,056 --a------ c:\windows\system32\FCLKBTN.DLL
2008-10-22 17:12 . 2008-11-11 12:40 <DIR> d-------- c:\program files\QuickTime
2008-10-22 17:12 . 2008-11-11 12:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-22 17:10 . 2008-10-22 17:10 13,750 --a------ c:\windows\system32\wpa.bak
2008-10-22 16:46 . 2008-10-22 16:56 <DIR> d-------- c:\program files\Canon
2008-10-22 16:46 . 2008-10-22 16:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-10-22 16:44 . 2008-10-22 16:44 <DIR> d-------- c:\program files\Common Files\Canon
2008-10-22 16:40 . 2008-11-06 19:53 <DIR> d-------- c:\program files\TomTom HOME
2008-10-22 16:31 . 2008-10-22 16:31 <DIR> d-------- c:\program files\MSBuild
2008-10-22 16:31 . 2008-10-22 16:31 <DIR> d-------- c:\program files\Microsoft Works
2008-10-22 16:31 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-22 16:26 . 2008-10-22 16:26 <DIR> d-------- c:\windows\SHELLNEW
2008-10-22 16:26 . 2008-10-27 11:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-22 16:25 . 2008-10-22 16:25 <DIR> dr-h----- C:\MSOCache
2008-10-22 16:07 . 2008-10-26 18:04 <DIR> d-------- c:\program files\Google
2008-10-22 15:57 . 2008-10-22 15:57 <DIR> d---s---- c:\documents and settings\chris\UserData
2008-10-22 15:09 . 2008-10-22 15:18 <DIR> d-------- c:\program files\Arcade Chess
2008-10-22 14:55 . 2008-10-22 14:55 <DIR> d-------- c:\program files\Mahjong Deluxe
2008-10-22 14:50 . 2008-10-30 20:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-10-22 14:50 . 2006-03-03 10:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2008-10-22 14:46 . 2008-10-30 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-10-22 14:34 . 2008-10-22 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-22 14:33 . 2008-11-01 19:49 <DIR> d-------- c:\documents and settings\chris\Application Data\Motive
2008-10-22 14:32 . 2008-11-02 19:12 <DIR> d-------- c:\program files\Common Files\Motive
2008-10-22 14:32 . 2008-10-22 14:33 <DIR> d-------- c:\program files\BT Broadband Desktop Help
2008-10-22 14:32 . 2008-10-22 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Motive
2008-10-22 14:32 . 2002-01-05 06:37 344,064 --a------ c:\windows\system32\msvcr70.dll
2008-10-22 14:32 . 2002-01-05 05:18 84,992 --a------ c:\windows\system32\ATL70.DLL
2008-10-22 14:32 . 2001-10-11 10:26 65,536 --a------ c:\windows\system32\YCRWin32.dll
2008-10-22 14:31 . 2008-10-22 14:34 <DIR> d-------- c:\program files\Yahoo!
2008-10-22 14:31 . 2008-10-22 14:33 <DIR> d-------- c:\program files\BTHomeHub
2008-10-22 14:10 . 2008-10-22 14:10 5,208 --a------ c:\windows\system32\pid.PNF
2008-10-22 14:08 . 2001-08-17 13:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2008-10-22 14:07 . 2008-04-14 00:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys
2008-10-22 14:07 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-10-22 14:06 . 2008-04-14 04:42 74,240 --a------ c:\windows\system32\usbui.dll
2008-10-22 14:06 . 2008-04-14 04:42 74,240 --a--c--- c:\windows\system32\dllcache\usbui.dll
2008-10-22 14:05 . 2008-04-14 00:06 14,208 --a------ c:\windows\system32\drivers\battc.sys
2008-10-22 14:05 . 2008-04-14 00:06 13,952 --a------ c:\windows\system32\drivers\CmBatt.sys
2008-10-22 14:05 . 2008-04-14 00:06 10,240 --a------ c:\windows\system32\drivers\compbatt.sys
2008-10-22 14:04 . 2008-11-06 14:54 <DIR> dr------- c:\documents and settings\All Users\Documents
2008-10-22 14:03 . 2008-10-22 14:32 <DIR> d--h----- c:\documents and settings\Default User
2008-10-22 14:03 . 2008-10-22 13:18 <DIR> d-------- c:\documents and settings\All Users
2008-10-22 14:03 . 2008-10-22 13:23 <DIR> d-------- C:\Documents and Settings
2008-10-22 14:03 . 2008-10-30 21:00 1,214,323 --a------ c:\windows\setupapi.log.0.old
2008-10-22 14:02 . 2008-10-22 13:21 261 --a------ c:\windows\system32\$winnt$.inf
2008-10-22 14:00 . 2008-11-20 13:19 <DIR> d-------- c:\program files\lg_fwupdate
2008-10-22 14:00 . 1998-06-23 23:00 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-10-22 14:00 . 1998-07-21 23:00 102,912 --a------ c:\windows\system32\Vb6stkit.dll
2008-10-22 14:00 . 1998-07-21 23:00 102,160 --a------ c:\windows\system32\VB6KO.DLL
2008-10-22 14:00 . 2001-08-29 20:00 59,904 --a------ c:\windows\system32\wbemdisp.tlb
2008-10-22 14:00 . 2006-02-17 13:19 16,384 --a------ c:\windows\system32\lgfwunis.exe
2008-10-22 14:00 . 2008-11-20 13:19 265 --a------ c:\windows\lgfwup.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 19:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 14:52 --------- d-----w c:\program files\Common Files\Adobe
2008-10-23 13:11 --------- d-----w c:\documents and settings\chris\Application Data\Ahead
2008-10-22 17:18 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-10-22 17:18 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-10-22 17:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-22 14:36 --------- d-----w c:\program files\Atheros
2008-10-22 13:58 --------- d-----w c:\program files\CyberLink
2008-10-22 13:55 --------- d-----w c:\program files\Common Files\Ahead
2008-10-22 13:54 --------- d-----w c:\program files\Common Files\LightScribe
2008-10-22 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-10-22 13:52 --------- d-----w c:\program files\Nero
2008-10-22 13:52 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-22 13:47 --------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2008-10-22 13:44 --------- d-----w c:\documents and settings\chris\Application Data\AdobeUM
2008-10-22 13:36 --------- d-----w c:\program files\CONEXANT
2008-10-22 13:35 --------- d-----w c:\program files\Genesys PC Camera Device
2008-10-22 13:33 --------- d-----w c:\program files\Synaptics
2008-10-22 13:33 --------- d-----w c:\documents and settings\chris\Application Data\InstallShield
2008-10-22 13:31 315,392 ----a-w c:\windows\HideWin.exe
2008-10-22 13:31 --------- d-----w c:\program files\Realtek
2008-10-22 13:27 --------- d-----w c:\program files\Intel
2008-10-22 13:19 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-20_13.03.12.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 18:19:20 92,504 ----a-w c:\windows\LastGood\system32\cdm.dll
+ 2007-07-30 18:19:36 549,720 ----a-w c:\windows\LastGood\system32\wuapi.dll
+ 2007-07-30 18:19:16 53,080 ----a-w c:\windows\LastGood\system32\wuauclt.exe
+ 2007-07-30 18:19:42 1,712,984 ----a-w c:\windows\LastGood\system32\wuaueng.dll
+ 2007-07-30 18:19:32 325,976 ----a-w c:\windows\LastGood\system32\wucltui.dll
+ 2007-07-30 18:18:40 33,624 ----a-w c:\windows\LastGood\system32\wups.dll
+ 2007-07-30 18:19:12 43,352 ----a-w c:\windows\LastGood\system32\wups2.dll
+ 2007-07-30 18:19:28 203,096 ----a-w c:\windows\LastGood\system32\wuweb.dll
- 2007-07-30 18:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 14:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-07-30 18:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 14:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 18:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 14:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 14:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 18:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 14:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 18:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 14:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 14:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 14:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8495104]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-25 864256]
"GenePccMon.exe"="c:\program files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-14 36864]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2008-09-11 1517056]
"btbb_wcm_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2008-08-28 1516032]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2007-10-24 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM 29696]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [1/9/2002 2:53:14 AM 200704]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [9/10/2008 12:00:00 PM 525664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"McciCMService"=2 (0x2)
"gusvc"=3 (0x3)
"ERSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29:38 PM 32784]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [8/14/2008 7:57:42 AM 74720]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [10/22/2008 1:35:28 PM 131584]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [3/13/2008 7:02:46 PM 26640]
R3 MRESP50;MRESP50 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MRESP50.SYS [10/22/2008 2:32:48 PM 18304]
R3 RTSTOR;USB Mass Stroage Device;c:\windows\system32\drivers\RTSTOR.SYS [10/22/2008 1:34:38 PM 41728]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [10/22/2008 1:47:59 PM 57024]
S3 MREMP50;MREMP50 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MREMP50.SYS [10/22/2008 2:32:48 PM 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MRESP50a64.SYS []
S4 McciCMService;McciCMService;"c:\program files\Common Files\Motive\McciCMService.exe" [10/22/2008 2:32:44 PM 303104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8476189-ab32-11dd-b811-00224318d289}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-20 15:38:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-20 15:39:03
ComboFix-quarantined-files.txt 2008-11-20 15:38:56
ComboFix2.txt 2008-11-20 13:04:01
Pre-Run: 301,406,302,208 bytes free
Post-Run: 301,387,034,624 bytes free
303 --- E O F --- 2008-10-30 22:23:39
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3
20/11/2008 18:21:31
mbam-log-2008-11-20 (18-21-31).txt
Scan type: Full Scan (C:\|)
Objects scanned: 135695
Time elapsed: 35 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 38
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\byXPIaYS.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXNFuTj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXOIxwu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\idxlty.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jrkpjopr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYQICu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmLdAr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqNHBTk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUmljgD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\XXXljJYQICu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP25\A0003950.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP24\A0003761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP24\A0003817.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP27\A0004121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP27\A0004131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP27\A0004132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP27\A0004164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP27\A0004165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP30\A0004474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP30\A0004500.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP30\A0004502.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP30\A0008606.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP32\A0012714.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP32\A0012715.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP32\A0012718.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP46\A0013134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP46\A0013135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP46\A0013136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013592.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013588.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013589.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013590.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013591.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013595.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{66D8275F-BD0C-42B4-9453-8E192FD65E18}\RP49\A0013598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:48, on 20/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://bridgendravens.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://hebnetfinder.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9807 bytes
The computer seems to be running much faster both when booting up and accessing the internet although I have tried to minimise my on-line work while these routines were being run. I looks as if we are definately moving in the right direction. The original three trojan files that were causing the problem no longer appear on a scan and the other scans managed to find a few more. HOPEFULLY we should be almost clear. Is there any more I should do?
with thanks Chris9494
Instructions have been executed and the text files are attached. Thanks
