Combofix log:ComboFix 08-04-17.1 - Linda 2008-04-18 19:10:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.475 [GMT 1:00]
Running from: D:\Documents and Settings\Linda\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PC-Cleaner
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\awtsr.exe
C:\WINDOWS\system32\bbKjkUtv.ini
C:\WINDOWS\system32\bbKjkUtv.ini2
C:\WINDOWS\system32\ddabx.exe
C:\WINDOWS\system32\dn50d57ce5.dat
C:\WINDOWS\system32\gfeLknnn.ini
C:\WINDOWS\system32\gfeLknnn.ini2
C:\WINDOWS\system32\gtgcajgs.ini
C:\WINDOWS\system32\jpktsbvp.dll
C:\WINDOWS\system32\kmjwiwmq.ini
C:\WINDOWS\system32\kSBLnUvw.ini
C:\WINDOWS\system32\kSBLnUvw.ini2
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lnnmp.tmp
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnkLefg.dll
C:\WINDOWS\system32\oVvvDcdd.ini
C:\WINDOWS\system32\oVvvDcdd.ini2
C:\WINDOWS\system32\pvbstkpj.ini
C:\WINDOWS\system32\qmwiwjmk.dll
C:\WINDOWS\system32\sgjacgtg.dll
C:\WINDOWS\system32\sstAHkkj.ini
C:\WINDOWS\system32\sstAHkkj.ini2
C:\WINDOWS\system32\tuvWolih.dll
C:\WINDOWS\system32\vtutu.exe
C:\WINDOWS\system32\WDcefMoq.ini
C:\WINDOWS\system32\WDcefMoq.ini2
C:\WINDOWS\system32\WFMUCJlm.ini
C:\WINDOWS\system32\WFMUCJlm.ini2
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32VBIEWER.OCX
D:\Documents and Settings\Linda\Application Data\tmp21D.tmp.exe
D:\Documents and Settings\Linda\Application Data\tmp5.tmp.exe
D:\Documents and Settings\Linda\Local Settings\Application Data\uhbiorn.dat
D:\Documents and Settings\Linda\Local Settings\Application Data\uhbiorn.exe
D:\Documents and Settings\Linda\Local Settings\Application Data\uhbiorn_nav.dat
D:\Documents and Settings\Linda\Local Settings\Application Data\uhbiorn_navps.dat
.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.
2008-04-15 08:06 . 2008-04-18 19:17 90,112 --a------ C:\WINDOWS\system32\sdqjsjsf.exe
2008-04-15 07:40 . 2008-04-15 07:40 273,408 --a------ C:\WINDOWS\system32\mlJCUMFW.dll_old
2008-04-14 21:45 . 2008-04-18 18:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 21:37 . 2008-04-14 21:37 <DIR> d-------- D:\Documents and Settings\Linda\Application Data\Yahoo!
2008-04-14 21:00 . 2008-04-14 21:53 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-14 20:41 . 2008-04-14 20:41 90,112 --a------ C:\WINDOWS\system32\lghcjilu.exe
2008-04-14 17:38 . 2008-04-14 18:02 414 --ahs---- C:\WINDOWS\system32\xglqkgqq.ini
2008-04-13 14:09 . 2008-04-13 14:09 294 --ahs---- C:\WINDOWS\system32\vhtwsitu.ini
2008-04-13 10:41 . 2008-04-13 10:41 90,112 --a------ C:\WINDOWS\system32\wdehyvwp.exe
2008-04-12 09:40 . 2008-04-12 09:40 90,112 --a------ C:\WINDOWS\system32\alyjetsx.exe
2008-04-11 21:32 . 2008-04-11 21:32 94,208 --a------ C:\WINDOWS\system32\uxkhydol.exe
2008-04-11 17:09 . 2008-04-11 17:09 98,304 --a------ C:\WINDOWS\system32\vutynqlk.exe
2008-04-11 16:02 . 2008-04-11 16:02 294 --ahs---- C:\WINDOWS\system32\bnukgviv.ini
2008-04-10 23:03 . 2008-04-10 23:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\spmbwlgj
2008-04-10 23:03 . 2008-04-10 23:03 102,400 --a------ C:\WINDOWS\system32\irovsjox.exe
2008-03-30 21:33 . 2008-03-30 21:33 <DIR> d-------- C:\Program Files\Live_TV
2008-03-30 21:16 . 2008-03-30 21:43 <DIR> d-------- C:\Program Files\LimeWire
2008-03-29 00:02 . 2008-03-29 00:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-03-28 20:39 . 2008-03-28 20:39 <DIR> d-------- C:\Program Files\Invoke Solutions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 18:20 94,208 ----a-w C:\WINDOWS\system32\nkzchkhs.exe
2008-04-18 18:20 130,821,408 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-18 18:19 2,095,392 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-18 18:19 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kontiki
2008-04-18 18:17 199,508 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-18 18:17 1,756,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-18 17:01 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-18 07:15 --------- d-----w D:\Documents and Settings\Linda\Application Data\U3
2008-04-17 19:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-17 18:01 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 18:01 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-14 20:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-14 20:36 --------- d-----w C:\Program Files\Yahoo!
2008-04-14 20:24 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 07:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-30 20:19 --------- d-----w D:\Documents and Settings\Linda\Application Data\LimeWire
2008-03-30 12:29 --------- d-----w C:\Program Files\Zylom Games
2008-03-30 12:28 --------- d-----w C:\Program Files\Oberon Media
2008-03-24 16:22 --------- d-----w D:\Documents and Settings\Linda\Application Data\Zylom
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 23:35 --------- d-----w D:\Documents and Settings\Linda\Application Data\Pirateville
2008-03-15 11:35 --------- d-----w C:\Program Files\MSECache
2008-03-14 21:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 21:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-14 20:48 --------- d-----w C:\Program Files\SetEditComag
2008-03-14 20:48 --------- d-----w C:\Program Files\Microsoft Works
2008-03-13 20:47 --------- d-----w C:\Program Files\Java
2008-03-01 14:55 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-10 12:36 90,112 ----a-w C:\WINDOWS\DUMP9de5.tmp
2007-04-05 17:36 284 ----a-w D:\Documents and Settings\Linda\Application Data\ViewerApp.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35E76E76-AF61-4D6A-B710-C551BF9DFB0B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AD38545-D441-42C3-9F27-D0D4FA46F216}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FC6F2AC-5977-46BE-AE72-D2E76B14EE8B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85143E48-16D9-47FB-9F38-82571C7B17F0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89a68786-b206-47c8-b165-f653f47829bc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BDA0961-6E9F-419A-AE6B-137175BF2B74}]
C:\WINDOWS\system32\mlJCUMFW.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BF66F00-7340-4891-9A1F-2877273E0B1B}]
C:\WINDOWS\system32\jkkHAtss.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7720B41-1DFD-4338-BDE8-319AAE3324C5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B82F29E4-8368-4B14-9C00-5138C0D94034}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE763752-4325-453C-99BE-1EFE5F204B8A}]
C:\WINDOWS\system32\vtUkjKbb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"uuhfabjy"="C:\WINDOWS\system32\irovsjox.exe" [2008-04-10 23:03 102400]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 12:14 557056 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 00:47 7573504]
"nwiz"="nwiz.exe" [2006-04-28 00:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 00:47 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 13:03 310272]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 12:08 147456]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 17:23 1089536]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 09:50 204800]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-13 15:18 98304]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 02:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-06-23 17:22 729088]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 06:41 28738]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 22:36 1838592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 21:13 185632]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"50d57c4a"="C:\WINDOWS\system32\qqgkqlgx.dll" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
D:\Documents and Settings\Linda\Start Menu\Programs\Startup\
Ryanair Bargains 1.0.lnk - C:\Program Files\Ryanair Bargains\1.0\RyanairBargains.exe [2007-10-31 17:42:24 1289216]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Color Calibration.lnk - C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe [2006-10-28 13:55:45 36864]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-11-19 10:04:52 124912]
MagicTune 3.5.lnk - C:\Program Files\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2006-10-28 13:55:49 45056]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-10-28 13:55:02 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"1kBk0aTSRk"= D:\Documents and Settings\All Users\Application Data\spmbwlgj\wlsburin.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"1kBk0aTSRk"= D:\Documents and Settings\All Users\Application Data\spmbwlgj\wlsburin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqn]
awtttqn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7ntw]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdone]
kbdone.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\krnver]
krnver.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\memhbk]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllile]
mllile.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvWolih]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\APPS\\SKYPE\\PHONE\\SKYPE.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-11-14 03:26]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 HituMass;%BULKUSB.SvcDesc%;C:\WINDOWS\system32\Drivers\RDCUMASS.sys [2000-06-15 16:33]
S3 HITUMINI;HITUMINI;C:\WINDOWS\system32\DRIVERS\rdcumini.sys [2000-06-15 16:33]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6264da8f-66bf-11db-b0d6-00038a000015}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6264da90-66bf-11db-b0d6-00038a000015}]
\Shell\AutoRun\command - M:\Help!.exe
\Shell\open\command - M:\Help!.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c84eab85-68b4-11db-b0dd-00038a000015}]
\Shell\AutoRun\command - Help!.exe
\Shell\open\command - Help!.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27dfba8-e9bb-11db-b258-00038a000015}]
\Shell\AutoRun\command - Help!.exe
\Shell\open\command - Help!.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fba01d2e-4d7f-11dc-84c8-00038a000015}]
\Shell\AutoRun\command - Help!.exe
\Shell\open\command - Help!.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-18 19:19:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\wltrysvc.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\APPS\ABOARD\AOSD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SEC\MagicTune3.5_Client\MagicTune.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-18 19:24:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 18:24:08
Pre-Run: 16,903,884,800 bytes free
Post-Run: 16,816,418,816 bytes free
.
2008-04-09 07:42:34 --- E O F ---
Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:05, on 18/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\APPS\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Documents and Settings\All Users\Application Data\spmbwlgj\wlsburin.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\irovsjox.exe
C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Ryanair Bargains\1.0\RyanairBargains.exe
C:\Program Files\SEC\MagicTune3.5_Client\MagicTune.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\lijaloo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://.home/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8BDA0961-6E9F-419A-AE6B-137175BF2B74} - C:\WINDOWS\system32\mlJCUMFW.dll (file missing)
O2 - BHO: (no name) - {9BF66F00-7340-4891-9A1F-2877273E0B1B} - C:\WINDOWS\system32\jkkHAtss.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CE763752-4325-453C-99BE-1EFE5F204B8A} - C:\WINDOWS\system32\vtUkjKbb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [50d57c4a] rundll32.exe "C:\WINDOWS\system32\qqgkqlgx.dll",b
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uuhfabjy] C:\WINDOWS\system32\irovsjox.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKLM\..\Policies\Explorer\Run: [1kBk0aTSRk] D:\Documents and Settings\All Users\Application Data\spmbwlgj\wlsburin.exe
O4 - HKCU\..\Policies\Explorer\Run: [1kBk0aTSRk] D:\Documents and Settings\All Users\Application Data\spmbwlgj\wlsburin.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ryanair Bargains 1.0.lnk = C:\Program Files\Ryanair Bargains\1.0\RyanairBargains.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: MagicTune 3.5.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) -
https://internetbankingplus2.firstdirec ... doorFD.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) -
http://h30155.www3.hp.com/ediags/dd/ins ... _v01_6.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 6345841046O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocxO16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) -
http://eu.download.games.yahoo.com/zylo ... loader.cabO16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) -
http://rms2.invokesolutions.com/events/ ... MILive.cabO16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) -
http://www.flatcast.info/objects/NpFv415.dllO16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) -
http://data.flatcast.com/data/objects/NpFv41629.dllO16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) -
http://wwx.euras.com/euras/EIS/plugin/euras.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: awtttqn - awtttqn.dll (file missing)
O20 - Winlogon Notify: dx7ntw - C:\WINDOWS\
O20 - Winlogon Notify: kbdone - kbdone.dll (file missing)
O20 - Winlogon Notify: krnver - krnver.dll (file missing)
O20 - Winlogon Notify: memhbk - C:\WINDOWS\
O20 - Winlogon Notify: mllile - mllile.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 14565 bytes