Sorry, mentioned the others forgot I had run combofix before.
ComboFix 10-11-10.01 - Ian Hayward 10/11/2010 22:03:34.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.419 [GMT 0:00]
Running from: c:\documents and settings\Ian Hayward\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.
2010-11-10 09:45 . 2010-11-10 09:45 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-03 19:46 . 2010-11-09 13:34 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Veelb
2010-11-03 19:44 . 2010-11-09 16:22 -------- d-----w- c:\program files\windows
2010-10-31 18:54 . 2010-11-10 09:23 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Amewo
2010-10-31 18:54 . 2010-10-31 18:54 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Zaawq
2010-10-31 17:36 . 2010-10-31 17:36 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\DriverCure
2010-10-31 17:36 . 2010-10-31 17:36 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\ParetoLogic
2010-10-31 17:35 . 2010-10-31 17:35 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-10-31 17:35 . 2010-10-31 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-10-31 17:35 . 2010-10-31 17:35 -------- d-----w- c:\program files\ParetoLogic
2010-10-30 23:29 . 2010-10-31 00:14 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Eruhke
2010-10-30 13:22 . 2010-10-30 13:22 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Ezopa
2010-10-28 22:09 . 2010-10-29 08:30 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Diyxo
2010-10-28 22:09 . 2010-10-28 22:11 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Omiko
2010-10-28 17:04 . 2010-10-28 19:16 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Oniry
2010-10-27 16:32 . 2010-11-09 16:19 -------- d-----w- c:\program files\temp
2010-10-26 22:09 . 2010-10-26 22:09 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Malwarebytes
2010-10-26 22:09 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 22:09 . 2010-10-26 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 22:09 . 2010-10-26 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 22:09 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 22:06 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-10-26 22:06 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-10-26 22:06 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-10-26 22:06 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-10-26 22:06 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-10-26 22:06 . 2010-10-26 22:06 -------- d-----w- c:\program files\Trojan Remover
2010-10-26 22:06 . 2010-10-26 22:06 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Simply Super Software
2010-10-26 22:06 . 2010-10-26 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-10-26 19:00 . 2010-11-09 13:31 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Avys
2010-10-26 13:54 . 2010-11-09 16:20 -------- d-----w- c:\program files\tmp
2010-10-20 09:45 . 2010-10-20 09:45 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\AVG10
2010-10-20 09:09 . 2010-10-20 09:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-20 09:08 . 2010-10-28 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-10-20 09:03 . 2010-11-10 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-20 09:03 . 2010-10-30 17:07 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-20 00:24 . 2010-10-20 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-14 20:16 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 20:16 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 20:15 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 11:23 . 2004-07-11 14:35 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-07-11 14:35 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-07-11 14:35 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-07-11 14:35 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-13 15:27 . 2010-09-13 15:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-10 05:58 . 2004-01-21 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-07-11 14:35 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-07-11 14:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-01 11:51 . 2004-07-11 14:34 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-07-11 14:37 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-07-11 14:37 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-07-11 14:37 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-07-11 14:37 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 08:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-07-11 14:34 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 20:42 . 2010-08-19 20:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 13:17 . 2004-07-11 14:37 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-14 09:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-10-28 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-28 11:52 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-28 11:52 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuz1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-10-28 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-28 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-10-28 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2010-07-27 06:30 8462336 ----a-w- c:\windows\SYSTEM32\shell32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 68856]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2010-10-12 52136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"SoundMan"="SOUNDMAN.EXE" [2005-01-27 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
atdydu.exe [2010-10-29 153600]
erfyn.exe [2010-10-28 212992]
ixusri.exe [2010-10-27 212992]
paekix.exe [2010-10-27 212992]
tyem.exe [2010-10-28 212992]
ygodo.exe [2010-10-29 153600]
c:\documents and settings\Sue\Start Menu\Programs\Startup\
buqox.exe [2010-10-29 153600]
yvakyd.exe [2010-10-29 153600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKLM\~\startupfolder\C:^Documents and Settings^Ian Hayward^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 06:55 61440 ----a-w- d:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-01 19:08 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSS"=3 (0x3)
"Themes"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"MDM"=2 (0x2)
"btwdins"=2 (0x2)
"BthServ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"d:\\Program Files\\Eden Studios\\Rail Empires\\re-id.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Monopoly 3\\Monopoly.exe"=
"c:\\WINDOWS\\SYSTEM32\\usmt\\migwiz.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3783:TCP"= 3783:TCP:VCP
"28900:TCP"= 28900:TCP:MSLR
"29900:TCP"= 29900:TCP:GP Connect mgr
"29901:TCP"= 29901:TCP:GP Search mgr
"6515:UDP"= 6515:UDP:DPlay UDP
"6500:TCP"= 6500:TCP:Query
"13139:UDP"= 13139:UDP:Custom UDP pings
"27900:UDP"= 27900:UDP:UDP Heartbeat
"25057:TCP"= 25057:TCP:AZ
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [13/09/2010 15:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [07/09/2010 02:48 26064]
R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [03/10/2010 22:43 59240]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [07/09/2010 02:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [07/09/2010 02:49 298448]
R1 RapportBuka;RapportBuka;c:\windows\SYSTEM32\DRIVERS\RapportBuka.sys [01/03/2010 16:34 390528]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [19/08/2010 20:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [19/08/2010 20:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [19/08/2010 20:42 26192]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate1c9c1e1ceb09090;Google Update Service (gupdate1c9c1e1ceb09090);c:\program files\Google\Update\GoogleUpdate.exe [20/04/2009 17:59 133104]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\SYSTEM32\DRIVERS\alcan5ln.sys [17/09/2004 22:18 36256]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;c:\windows\system32\Drivers\BDA_Capture_225.sys --> c:\windows\system32\Drivers\BDA_Capture_225.sys [?]
S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;c:\windows\SYSTEM32\DRIVERS\BDA_Loader_225.sys [17/06/2008 22:47 18944]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\IANHAY~1\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\IANHAY~1\LOCALS~1\Temp\gUSBSTOi.sys [?]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\DRIVERS\UMSS.SYS --> c:\windows\system32\DRIVERS\UMSS.SYS [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [06/05/2008 15:06 11520]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 17:59]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 17:59]
2010-11-03 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
2010-11-03 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
2010-11-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-413027322-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-413027322-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-10-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-413027322-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-10-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-413027322-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{E9B94A29-7FD1-4FBB-A04A-C738991B53D1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/mStart Page =
hxxp://www.google.co.uk/uInternet Settings,ProxyOverride = 127.0.0.1
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: photographersdirect.com\www
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: DirectAnimation Java Classes -
file://c:\windows\SYSTEM\dajava.cab
DPF: Garmin Communicator Plug-In -
hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CABDPF: Internet Explorer Classes for Java -
file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} -
hxxps://internetbankingplus1.firstdirec ... doorFD.cab.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-10 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'explorer.exe'(11260)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\NMSAccess.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-11-10 22:59:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-10 22:59
ComboFix2.txt 2010-11-10 21:24
Pre-Run: 847,466,418,176 bytes free
Post-Run: 847,512,666,112 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[Boot Loader]
timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\Windows
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\Windows="1ST TRY THIS seleccione esto primero" /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\Windows="2ND TRY THIS essayez ceci en deuzieme" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\Windows="3RD TRY THIS wahlen Sie diesen Third" /fastdetect
multi(0)disk(0)rdisk(1)partition(2)\Windows="4TH TRY THIS selezioni questo fourth" /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\Windows="5TH TRY THIS selecione este fifth" /fastdetect
multi(0)disk(0)rdisk(1)partition(3)\Windows="6TH TRY THIS seleccione este sexto" /fastdetect
multi(0)disk(0)rdisk(0)partition(4)\Windows="7TH TRY THIS essayez ceci en septieme" /fastdetect
multi(0)disk(0)rdisk(1)partition(4)\Windows="8TH TRY THIS wahlen Sie dieses achte" /fastdetect
C:\="9TH TRY THIS selezioni questo nono"
D:\="10TH TRY THIS selecione este decimo"
- - End Of File - - 09E72C885E4CC12AC2F42C076B796FE4
ComboFix 10-11-09.03 - Ian Hayward 10/11/2010 20:52:38.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.763 [GMT 0:00]
Running from: c:\documents and settings\Ian Hayward\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Carl.SNAKEY\err.log
c:\documents and settings\Ian Hayward\Application Data\Adla
c:\documents and settings\Ian Hayward\Application Data\Adla\tyyr.exe
c:\documents and settings\Ian Hayward\Application Data\Adobe\crc.dat
c:\documents and settings\Ian Hayward\Application Data\Azxuog
c:\documents and settings\Ian Hayward\Application Data\Azxuog\efyfs.gae
c:\documents and settings\Ian Hayward\Application Data\Bozau
c:\documents and settings\Ian Hayward\Application Data\Bozau\huhu.exe
c:\documents and settings\Ian Hayward\Application Data\Cytuqa
c:\documents and settings\Ian Hayward\Application Data\Cytuqa\obenk.olx
c:\documents and settings\Ian Hayward\Application Data\DriveCleaner 2006 Free
c:\documents and settings\Ian Hayward\Application Data\DriveCleaner 2006 Free\Logs\update.log
c:\documents and settings\Ian Hayward\Application Data\Dyoh
c:\documents and settings\Ian Hayward\Application Data\Dyoh\cuyqe.exe
c:\documents and settings\Ian Hayward\Application Data\Efos
c:\documents and settings\Ian Hayward\Application Data\Efos\etca.esu
c:\documents and settings\Ian Hayward\Application Data\Eful
c:\documents and settings\Ian Hayward\Application Data\Eful\izpo.exe
c:\documents and settings\Ian Hayward\Application Data\Etvawa
c:\documents and settings\Ian Hayward\Application Data\Etvawa\iryqc.adu
c:\documents and settings\Ian Hayward\Application Data\Ikfo
c:\documents and settings\Ian Hayward\Application Data\Ikfo\xisur.exe
c:\documents and settings\Ian Hayward\Application Data\Imgyku
c:\documents and settings\Ian Hayward\Application Data\Imgyku\asys.syk
c:\documents and settings\Ian Hayward\Application Data\Ipysg
c:\documents and settings\Ian Hayward\Application Data\Ipysg\azbeg.exe
c:\documents and settings\Ian Hayward\Application Data\Louggu
c:\documents and settings\Ian Hayward\Application Data\Louggu\yfumx.oki
c:\documents and settings\Ian Hayward\Application Data\Ofuq
c:\documents and settings\Ian Hayward\Application Data\Ofuq\givua.exe
c:\documents and settings\Ian Hayward\Application Data\Okug
c:\documents and settings\Ian Hayward\Application Data\Okug\wemuk.exe
c:\documents and settings\Ian Hayward\Application Data\Owgaul
c:\documents and settings\Ian Hayward\Application Data\Owgaul\figyh.exe
c:\documents and settings\Ian Hayward\Application Data\Ruvyhi
c:\documents and settings\Ian Hayward\Application Data\Ruvyhi\heak.exe
c:\documents and settings\Ian Hayward\Application Data\Rydi
c:\documents and settings\Ian Hayward\Application Data\Rydi\suuw.ywo
c:\documents and settings\Ian Hayward\Application Data\Taasdy
c:\documents and settings\Ian Hayward\Application Data\Taasdy\bocoz.okk
c:\documents and settings\Ian Hayward\Application Data\Uxyko
c:\documents and settings\Ian Hayward\Application Data\Uxyko\erxe.exe
c:\documents and settings\Ian Hayward\Application Data\Ypciy
c:\documents and settings\Ian Hayward\Application Data\Ypciy\nuysw.ycz
c:\documents and settings\Ian Hayward\Application Data\Yxeziz
c:\documents and settings\Ian Hayward\Application Data\Yxeziz\cibu.sei
c:\documents and settings\Ian Hayward\err.log
c:\documents and settings\Ian Hayward\GoToAssistDownloadHelper.exe
c:\documents and settings\Ian Hayward\Start Menu\Programs\Startup\logtec32.exe
c:\documents and settings\Sue\err.log
c:\program files\microsoft\watermark.exe
c:\windows\start.exe
c:\windows\system32\dmlconf.dat
c:\windows\system32\exec1.exe
c:\windows\system32\fhkmp.ini
c:\windows\system32\jpjxktks.ini
c:\windows\system32\knnmp.ini
c:\windows\system32\LUuFNqru.ini2
c:\windows\system32\tmp.reg
c:\windows\SYSTEM32\tstwa.bak1
c:\windows\SYSTEM32\tstwa.bak2
c:\windows\SYSTEM32\tstwa.ini
c:\windows\Web\default.htt
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
Infected copy of c:\windows\SYSTEM32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WASFSD
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.
2010-11-10 09:45 . 2010-11-10 09:45 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-03 19:46 . 2010-11-09 13:34 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Veelb
2010-11-03 19:44 . 2010-11-09 16:22 -------- d-----w- c:\program files\windows
2010-10-31 18:54 . 2010-11-10 09:23 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Amewo
2010-10-31 18:54 . 2010-10-31 18:54 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Zaawq
2010-10-31 17:36 . 2010-10-31 17:36 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\DriverCure
2010-10-31 17:36 . 2010-10-31 17:36 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\ParetoLogic
2010-10-31 17:35 . 2010-10-31 17:35 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-10-31 17:35 . 2010-10-31 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-10-31 17:35 . 2010-10-31 17:35 -------- d-----w- c:\program files\ParetoLogic
2010-10-30 23:29 . 2010-10-31 00:14 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Eruhke
2010-10-30 13:22 . 2010-10-30 13:22 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Ezopa
2010-10-28 22:09 . 2010-10-29 08:30 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Diyxo
2010-10-28 22:09 . 2010-10-28 22:11 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Omiko
2010-10-28 17:04 . 2010-10-28 19:16 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Oniry
2010-10-27 16:32 . 2010-11-09 16:19 -------- d-----w- c:\program files\temp
2010-10-26 22:09 . 2010-10-26 22:09 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Malwarebytes
2010-10-26 22:09 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 22:09 . 2010-10-26 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 22:09 . 2010-10-26 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 22:09 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 22:06 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-10-26 22:06 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-10-26 22:06 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-10-26 22:06 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-10-26 22:06 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-10-26 22:06 . 2010-10-26 22:06 -------- d-----w- c:\program files\Trojan Remover
2010-10-26 22:06 . 2010-10-26 22:06 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Simply Super Software
2010-10-26 22:06 . 2010-10-26 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-10-26 19:00 . 2010-11-09 13:31 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\Avys
2010-10-26 13:54 . 2010-11-09 16:20 -------- d-----w- c:\program files\tmp
2010-10-20 09:45 . 2010-10-20 09:45 -------- d-----w- c:\documents and settings\Ian Hayward\Application Data\AVG10
2010-10-20 09:09 . 2010-10-20 09:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-20 09:08 . 2010-10-28 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-10-20 09:03 . 2010-11-10 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-20 09:03 . 2010-10-30 17:07 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-20 00:24 . 2010-10-20 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-14 20:16 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 20:16 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 20:15 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-18 11:23 . 2004-07-11 14:35 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-07-11 14:35 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-07-11 14:35 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-07-11 14:35 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-13 15:27 . 2010-09-13 15:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-10 05:58 . 2004-01-21 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-07-11 14:35 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-07-11 14:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-01 11:51 . 2004-07-11 14:34 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-07-11 14:37 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-07-11 14:37 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-07-11 14:37 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-07-11 14:37 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-17 08:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-07-11 14:34 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 20:42 . 2010-08-19 20:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 13:17 . 2004-07-11 14:37 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-14 09:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-10-28 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-28 11:52 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-28 11:52 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuz1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-10-28 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-28 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-10-28 3908192]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2010-07-27 06:30 8462336 ----a-w- c:\windows\SYSTEM32\shell32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 68856]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2010-10-12 52136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"SoundMan"="SOUNDMAN.EXE" [2005-01-27 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
atdydu.exe [2010-10-29 153600]
erfyn.exe [2010-10-28 212992]
ixusri.exe [2010-10-27 212992]
paekix.exe [2010-10-27 212992]
tyem.exe [2010-10-28 212992]
ygodo.exe [2010-10-29 153600]
c:\documents and settings\Sue\Start Menu\Programs\Startup\
buqox.exe [2010-10-29 153600]
yvakyd.exe [2010-10-29 153600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKLM\~\startupfolder\C:^Documents and Settings^Ian Hayward^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 06:55 61440 ----a-w- d:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-01 19:08 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSS"=3 (0x3)
"Themes"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"MDM"=2 (0x2)
"btwdins"=2 (0x2)
"BthServ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"d:\\Program Files\\Eden Studios\\Rail Empires\\re-id.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Monopoly 3\\Monopoly.exe"=
"c:\\WINDOWS\\SYSTEM32\\usmt\\migwiz.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3783:TCP"= 3783:TCP:VCP
"28900:TCP"= 28900:TCP:MSLR
"29900:TCP"= 29900:TCP:GP Connect mgr
"29901:TCP"= 29901:TCP:GP Search mgr
"6515:UDP"= 6515:UDP:DPlay UDP
"6500:TCP"= 6500:TCP:Query
"13139:UDP"= 13139:UDP:Custom UDP pings
"27900:UDP"= 27900:UDP:UDP Heartbeat
"25057:TCP"= 25057:TCP:AZ
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [13/09/2010 15:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [07/09/2010 02:48 26064]
R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [03/10/2010 22:43 59240]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [07/09/2010 02:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [07/09/2010 02:49 298448]
R1 RapportBuka;RapportBuka;c:\windows\SYSTEM32\DRIVERS\RapportBuka.sys [01/03/2010 16:34 390528]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [19/08/2010 20:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [19/08/2010 20:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [19/08/2010 20:42 26192]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate1c9c1e1ceb09090;Google Update Service (gupdate1c9c1e1ceb09090);c:\program files\Google\Update\GoogleUpdate.exe [20/04/2009 17:59 133104]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\SYSTEM32\DRIVERS\alcan5ln.sys [17/09/2004 22:18 36256]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;c:\windows\system32\Drivers\BDA_Capture_225.sys --> c:\windows\system32\Drivers\BDA_Capture_225.sys [?]
S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;c:\windows\SYSTEM32\DRIVERS\BDA_Loader_225.sys [17/06/2008 22:47 18944]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\IANHAY~1\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\IANHAY~1\LOCALS~1\Temp\gUSBSTOi.sys [?]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\DRIVERS\UMSS.SYS --> c:\windows\system32\DRIVERS\UMSS.SYS [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [06/05/2008 15:06 11520]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 17:59]
2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 17:59]
2010-11-03 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
2010-11-03 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
2010-11-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-413027322-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-413027322-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-10-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-413027322-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-10-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-413027322-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{E9B94A29-7FD1-4FBB-A04A-C738991B53D1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/mStart Page =
hxxp://www.google.co.uk/uInternet Settings,ProxyOverride = 127.0.0.1
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: photographersdirect.com\www
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: DirectAnimation Java Classes -
file://c:\windows\SYSTEM\dajava.cab
DPF: Garmin Communicator Plug-In -
hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CABDPF: Internet Explorer Classes for Java -
file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} -
hxxps://internetbankingplus1.firstdirec ... doorFD.cab.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-{7FB0B515-5C6C-4EA4-8E21-041E356A6A2B} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKCU-Run-Windows Registers - winservicess.exe
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-QuickTime Task - d:\program files\QuickTime\qttask.exe
AddRemove-Army Builder V3.2d - c:\armybu~2\UNWISE.EXE
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-Belarc Advisor - c:\progra~1\Belarc\Advisor\Uninstall.exe
AddRemove-BT Home Hub - c:\program files\BT Home Hub\Uninstall.exe
AddRemove-BT Yahoo! Applications - c:\progra~1\Yahoo!\common\uninstall.exe
AddRemove-BT Yahoo! Broadband Help Guides - c:\progra~1\BTYAHO~2\UNWISE.EXE
AddRemove-CAL - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-CameraWindowDVC5 - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-CameraWindowDVC6 - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-CameraWindowMC - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-Coupon Printer2.0 - c:\program files\Coupon Printer\uninstall.exe
AddRemove-CSCLIB - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-EOS Utility - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-EPSON Scanner - c:\program files\epson\escndv\setup\setup.exe
AddRemove-Football Manager 2010 - c:\program files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{77F09242-A107-4CB6-A295-D8656C2C3795} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE} - c:\progra~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe
AddRemove-Logitech Print Service - c:\progra~1\LOGITECH\PRINTS~1\UNWISE.EXE
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-PC-Rail Simulations - c:\program files\Pcrail\UnInstal.exe
AddRemove-Rail Empires : Iron Dragon - d:\progra~1\EDENST~1\RAILEM~1\UNWISE.EXE
AddRemove-RAW Image Task - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-RemoteCaptureTask - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-Stardock Central - d:\progra~1\Stardock\SDCENT~1\UNWISE.EXE
AddRemove-Vuze_Remote Toolbar - c:\progra~1\VUZE_R~1\UNWISE.EXE
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-ZoomBrowser EX - c:\program files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe
AddRemove-{6E7DD182-9FC6-4651-0095-2E666CC6AF35} - c:\program files\EA GAMES\The Sims 2\EAUninstall.exe
AddRemove-{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2} - d:\program files\EA GAMES\The Sims 2 University\EAUninstall.exe
AddRemove-InstallShield_{69640730-B830-4C24-BB5C-222DA1260548} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-10 21:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'explorer.exe'(10892)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\NMSAccess.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\UAService7.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-11-10 21:24:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-10 21:24
Pre-Run: 841,565,101,568 bytes free
Post-Run: 847,623,387,136 bytes free
- - End Of File - - 2154EB6F2BC3D8D7BDB8945A351FA78A
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=7ded32bb57800d4d990476d155b2a88f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-22 10:18:41
# local_time=2010-12-22 10:18:41 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1124428 1124428 0 0
# compatibility_mode=1032 16777214 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3813 3813 0 0
# scanned=36748
# found=7
# cleaned=0
# scan_time=9330
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\0\6fb283c0-7c13a04e Java/TrojanDownloader.Agent.NAM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6ae71b07 Java/TrojanDownloader.Agent.NBK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\25\3ad8b099-4a094cb0 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-2a3c94c8 Java/TrojanDownloader.Agent.NBL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Desktop\msnVirusRemoval.zip BAT/Robobot.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=7ded32bb57800d4d990476d155b2a88f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-23 11:09:51
# local_time=2010-12-23 11:09:51 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1134951 1134951 0 0
# compatibility_mode=1032 16777214 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 14336 14336 0 0
# scanned=237653
# found=72
# cleaned=0
# scan_time=45078
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\0\6fb283c0-7c13a04e Java/TrojanDownloader.Agent.NAM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6ae71b07 Java/TrojanDownloader.Agent.NBK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\25\3ad8b099-4a094cb0 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-2a3c94c8 Java/TrojanDownloader.Agent.NBL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Desktop\msnVirusRemoval.zip BAT/Robobot.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Ian Hayward\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\tmp\x64.exe a variant of Win32/Kryptik.IEE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\win\x32.exe a variant of Win32/Kryptik.IMY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\26_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\29_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\41_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\42_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\45_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\46_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\49_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\50_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\58_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\59_tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_error.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_notifier.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\Facebook_status.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_dangerous.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_questionable.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_risky.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_safe.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_unknown.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\ssb_waiting.html Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\xAVGx\AVG10\Toolbar\Firefox\avg@igeared\chrome\content\html\weather_error.htm Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Adla\tyyr.exe.vir Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ahovax\duhua.exe.vir a variant of Win32/Kryptik.IEM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Bozau\huhu.exe.vir Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Dyoh\cuyqe.exe.vir Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Eful\izpo.exe.vir a variant of Win32/Kryptik.HWP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ikfo\xisur.exe.vir a variant of Win32/Kryptik.HWP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ipysg\azbeg.exe.vir Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ofuq\givua.exe.vir Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Okug\wemuk.exe.vir Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Owgaul\figyh.exe.vir a variant of Win32/Kryptik.HWP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Ruvyhi\heak.exe.vir a variant of Win32/Kryptik.HWP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Application Data\Uxyko\erxe.exe.vir Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Ian Hayward\Start Menu\Programs\Startup\logtec32.exe.vir a variant of Win32/Kryptik.HVT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Owatup\olviu.exe.vir a variant of Win32/Kryptik.IMY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Microsoft\_WaterMark_.exe.zip Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Bamital.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\ExplorerSrv.exe.vir Win32/Ramnit.A virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fhkmp.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\jpjxktks.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\knnmp.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\LUuFNqru.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tstwa.bak1.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tstwa.bak2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tstwa.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winlogon.exe.vir Win32/Bamital.EQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP1\A0001643.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP1\A0001644.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP1\A0001645.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP1\A0001646.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP1\A0001647.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP1\A0001648.rbf Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP1\A0004671.exe a variant of Win32/Kryptik.IEE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP1\A0004672.exe a variant of Win32/Kryptik.IEE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP18\A0026585.exe a variant of Win32/Kryptik.IEE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP3\A0009627.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP3\A0013002.exe a variant of Win32/Kryptik.IEE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP3\A0013085.exe a variant of Win32/Kryptik.IEE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP3\A0015747.exe a variant of Win32/Kryptik.IEE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP3\A0015748.exe a variant of Win32/Kryptik.IEE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{BC751822-ABC9-4107-ABD9-DAD964703366}\RP35\A0030838.exe a variant of Win32/Kryptik.IMY trojan (unable to clean) 00000000000000000000000000000000 I