My pc is running very smoothly with your help
The attachments you requested are :
ComboFix 09-01-07.02 - Athlon64 2009-01-08 19:56:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.541 [GMT 11:00]
Running from: c:\documents and settings\Athlon64\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Athlon64\Desktop\CFScript.txt
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
FILE ::
c:\program files\Uninstall Spy Blocker.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\eMule
c:\program files\eMule\Incoming\ - Mika - Relax, Take It Easy.mp3
c:\program files\eMule\Incoming\Backstreet Boys - Larger Than Life.mp3
c:\program files\eMule\Incoming\Backstreet Boys - Show Me The Meaning Of Being Lonely.mp3
c:\program files\eMule\Incoming\Backstreet boys - Tell Me Why.mp3
c:\program files\eMule\Incoming\bear force one.mp3
c:\program files\eMule\Incoming\Boys 2 Men - Boyz Ii Men - I Ll Make Love To You.mp3
c:\program files\eMule\Incoming\Pet Shop Boys & Dusty Springfield - What Have I Done To Deserve This.mp3
c:\program files\eMule\Incoming\Phantom of the Opera - Theme.mp3
c:\program files\eMule\Incoming\Shirley Bassey - Where Do I Begin (Love Story).mp3
c:\program files\eMule\Temp\
006.part
c:\program files\eMule\Temp\
006.part.met
c:\program files\eMule\Temp\
006.part.met.bak
c:\program files\Uninstall Spy Blocker.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.
2009-01-08 19:36 . 2009-01-08 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-05 17:03 . 2009-01-05 17:05 250 --a------ c:\windows\gmer.ini
2009-01-05 09:05 . 2009-01-05 09:05 <DIR> d-------- C:\rsit
2009-01-05 09:05 . 2009-01-05 09:05 <DIR> d-------- c:\program files\trend micro
2009-01-02 00:28 . 2009-01-08 08:26 <DIR> dr-h----- C:\$VAULT$.AVG
2009-01-01 21:59 . 2009-01-01 21:59 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AVG7
2009-01-01 21:59 . 2009-01-08 08:00 <DIR> d-------- c:\documents and settings\Athlon64\Application Data\AVG7
2009-01-01 21:59 . 2009-01-07 09:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg7
2008-12-26 23:27 . 2009-01-01 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-26 22:03 . 2008-12-26 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2008-12-26 20:27 . 2008-12-26 20:27 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-23 20:04 . 2008-12-23 20:04 <DIR> d-------- C:\spoolerlogs
2008-12-23 18:22 . 2008-12-23 18:40 <DIR> d-------- c:\program files\Smart PDF Converter Pro
2008-12-21 19:05 . 2008-12-21 19:05 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-21 19:05 . 2008-12-21 19:05 1,409 --a------ c:\windows\QTFont.for
2008-12-14 14:18 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-12 10:42 . 2008-12-12 10:42 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 10:20 . 2008-12-12 10:20 <DIR> d-------- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 08:37 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-08 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-02 03:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-02 03:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-01 10:59 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-12-26 09:34 --------- d-----w c:\program files\Panda Security
2008-12-23 07:50 --------- d-----w c:\documents and settings\Athlon64\Application Data\deskUNPDF
2008-12-23 07:22 --------- d-----w c:\program files\Common Files\Adobe
2008-12-23 07:19 --------- d-----w c:\program files\Trial123FileConvert
2008-12-23 06:14 --------- d-----w c:\documents and settings\Athlon64\Application Data\Canon
2008-12-21 21:52 --------- d-----w c:\documents and settings\Athlon64\Application Data\uTorrent
2008-12-18 20:59 --------- d-----w c:\program files\Google
2008-12-11 23:42 --------- d-----w c:\program files\Java
2008-11-23 22:13 1,966,080 ----a-w c:\windows\system32\cdintf251.dll
2008-11-10 10:32 --------- d-----w c:\documents and settings\Athlon64\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-23 12:40 12,858,683 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 03:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 03:06 208,744 ----a-w c:\windows\system32\muweb.dll
2007-12-11 09:39 2 ----a-w c:\program files\Common Files\sure.bkk
2007-10-19 10:29 15,562 ----a-w c:\program files\Common Files\tracker.txt
2007-09-03 11:21 24 ----a-w c:\program files\Common Files\Emmcq3Dir.Dir
2006-07-24 12:17 2 ----a-w c:\program files\Common Files\emq.dll
2006-07-18 09:11 2 ----a-w c:\program files\Common Files\win2.ziq
2006-07-18 09:11 2 ----a-w c:\program files\Common Files\dvd.xxx
2006-07-18 09:11 10 ----a-w c:\program files\Common Files\axs.oos
2006-03-03 08:02 2 ----a-w c:\program files\Common Files\weel.llk
2006-03-03 08:02 2 ----a-w c:\program files\Common Files\qwerty.jhh
2006-03-03 08:02 10 ----a-w c:\program files\Common Files\davd.fgh
2006-03-03 08:02 0 ----a-w c:\program files\Common Files\point.tyu
2006-03-03 08:02 0 ----a-w c:\program files\Common Files\ass.bvc
2008-08-24 05:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2008-10-15 633632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 32768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-14 282624]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-10 185872]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-01-02 590848]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-01-01 219136]
c:\documents and settings\Athlon64\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Athlon64^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Athlon64\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-03 15:18 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 19:44 1200128 c:\progra~1\MI3AA1~1\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetworkTen Media Manager Tray]
--a------ 2007-01-11 15:08 387152 c:\program files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-14 14:50 282624 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-10 16:58 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 12:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\Athlon64\\Desktop\\utorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-24 28544]
S3 CTL518;Video Blaster WebCam (WDM);c:\windows\system32\drivers\wcvid.sys [2000-11-28 183589]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58f0075b-a9f2-11da-b2b2-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.netspace.com.au/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.comIE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
O16 -: {25EBFA7E-A624-487D-AD62-BD7EE060B2D7} -
hxxp://supernatural.ten.com.au/entriq/c ... _5_0_7.cabc:\windows\Downloaded Program Files\MediaSphere.inf
O16 -: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} -
hxxp://supernatural.ten.com.au/entriq/c ... Silent.cabc:\windows\Downloaded Program Files\MediaSphere.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-08 19:57:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1390067357-162531612-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-08 19:58:25
ComboFix-quarantined-files.txt 2009-01-08 08:58:23
ComboFix2.txt 2009-01-08 08:52:15
ComboFix3.txt 2009-01-07 19:18:18
Pre-Run: 186,918,645,760 bytes free
Post-Run: 186,903,068,672 bytes free
241 --- E O F --- 2008-12-18 21:01:22
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, January 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, January 08, 2009 09:50:58
Records in database: 1586041
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 55601
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:58:47
File name / Threat name / Threats count
C:\Documents and Settings\Athlon64\My Documents\Downloads\Windows Vista Activator.rar Infected: Trojan.Win32.Midgare.npq 1
The selected area was scanned.
DDS (Version 1.1.0) - NTFSx86
Run by Athlon64 at 21:40:24.14 on Thu 08/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.342 [GMT 11:00]
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Athlon64\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.netspace.com.au/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.comuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [<NO NAME>] c:\program files\internet explorer\IEXPLORE.EXE
http://www.symantec.com/techsupp/servle ... 6.000000b5mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\athlon64\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-8-24 28544]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2009-1-1 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2009-1-1 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2009-1-1 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2009-1-1 10760]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-3-20 353680]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2009-1-1 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2009-1-1 49664]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 CTL518;Video Blaster WebCam (WDM);c:\windows\system32\drivers\wcvid.sys [2000-11-28 183589]
=============== Created Last 30 ================
2009-01-08 19:56 <DIR> --d----- C:\ComboFix
2009-01-08 19:48 <DIR> a-dshr-- C:\cmdcons
2009-01-08 19:47 161,792 a------- c:\windows\SWREG.exe
2009-01-08 19:47 98,816 a------- c:\windows\sed.exe
2009-01-08 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-01-05 17:03 250 a------- c:\windows\gmer.ini
2009-01-05 09:05 <DIR> --d----- c:\program files\trend micro
2009-01-02 00:28 <DIR> --d-hr-- C:\$VAULT$.AVG
2009-01-01 21:59 <DIR> --d----- c:\docume~1\athlon64\applic~1\AVG7
2008-12-26 23:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-26 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2008-12-23 20:04 <DIR> --d----- C:\spoolerlogs
2008-12-23 18:22 <DIR> --d----- c:\program files\Smart PDF Converter Pro
2008-12-21 19:05 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-21 19:05 1,409 a------- c:\windows\QTFont.for
2008-12-14 14:18 1,221,008 a------- c:\windows\system32\zpeng25.dll
2008-12-12 10:42 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-12 10:20 <DIR> --d----- c:\program files\MSECache
==================== Find3M ====================
2008-12-14 14:18 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-11-24 09:13 1,966,080 a------- c:\windows\system32\cdintf251.dll
2008-10-29 09:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-29 09:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-29 09:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-29 09:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-29 09:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-23 23:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-17 07:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2007-12-11 20:39 2 a------- c:\program files\common files\sure.bkk
2007-10-19 21:29 15,562 a------- c:\program files\common files\tracker.txt
2007-09-03 22:21 24 a------- c:\program files\common files\Emmcq3Dir.Dir
2006-07-24 23:17 2 a------- c:\program files\common files\emq.dll
2006-07-18 20:11 10 a------- c:\program files\common files\axs.oos
2006-07-18 20:11 2 a------- c:\program files\common files\win2.ziq
2006-07-18 20:11 2 a------- c:\program files\common files\dvd.xxx
2006-03-03 19:02 10 a------- c:\program files\common files\davd.fgh
2006-03-03 19:02 0 a------- c:\program files\common files\point.tyu
2006-03-03 19:02 0 a------- c:\program files\common files\ass.bvc
2006-03-03 19:02 2 a------- c:\program files\common files\weel.llk
2006-03-03 19:02 2 a------- c:\program files\common files\qwerty.jhh
2008-08-24 16:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat
============= FINISH: 21:40:50.00 ===============
Cheers
justin