Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Hijackthis File and my Issues thread

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Hijackthis File and my Issues thread

Unread postby Bumpy » April 14th, 2009, 8:03 am

Hi guys, for a period of time now, I have been having the following issues:
Google/IE/Opera all redirect organic listings when I do search, All 3 browsers close without warning when browsing websites, this is also the case when using software on the machine.

Upon opening a browser, I get a web page telling me Insecure Internet activity. Threat of virus attack with two options: 1. get full real-time protection 2. Continue to website un-protected (Not Recommended).

I also get a pop-up every 10/20 mins telling me I am infected with Win32.BackDorr-DNM and that I should enable protection, this takes me off to a website to buy some software.

Any help would be very much appreciated.

Below are two files as requested, Hijackthis and my Unistall List:

Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12:40:50, on 14/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\iNet Protector\IProtectorService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\iNet Protector\iprotect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\QuickTime\qttask.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\{135CE8F9-1E29-4970-9FDE-7AB429320BF6}\Blaero Start Orb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\{6D0F2D8F-3526-4065-AB57-423E9E2C74DF}\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\PROGRA~1\TEXTPA~1\textpad.exe
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: sunriseradio Toolbar - {6bcb9b24-850c-4fe5-a24a-b2bfcd67448f} - C:\Program Files\sunriseradio\tbsun0.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PHP Designer Toolbar Helper - {588869E0-6C28-400a-8A1A-2A099E41CE9B} - C:\Program Files\PHP DESIGNER Toolbar\v2.0.0.5\PHP_Designer_Toolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: sunriseradio Toolbar - {6bcb9b24-850c-4fe5-a24a-b2bfcd67448f} - C:\Program Files\sunriseradio\tbsun0.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: PHP Designer Toolbar - {1DA183EF-8E1B-4a18-B927-CAB06B60FA46} - C:\Program Files\PHP DESIGNER Toolbar\v2.0.0.5\PHP_Designer_Toolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: sunriseradio Toolbar - {6bcb9b24-850c-4fe5-a24a-b2bfcd67448f} - C:\Program Files\sunriseradio\tbsun0.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [inetprot] "C:\Program Files\iNet Protector\iprotect.exe" tray
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Justin\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C762DC2-C685-4C5E-A179-16A42DF48735}: NameServer = 217.13.128.17,217.13.128.27
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF929751-7500-461A-A08E-4AA733344717}: NameServer = 217.13.128.17,217.13.128.27
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Internet Protector System Service (InternetProtectorService) - Unknown owner - C:\Program Files\iNet Protector\IProtectorService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)

Unistall List:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3Com OfficeConnect Wireless 11g PC Card
3ds max 7
3ds max 7 Reference Files
Abacast Client
AbsoluteTelnet
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe AIR
Adobe AIR
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Illustrator CS
Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe Setup
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Advanced Page Rank Analyzer 2.0
Advanced Website Position Reporter
AgentWebRanking Professional
Agere Systems AC'97 Modem
AMD Athlon 64 Processor Driver
Apple Mobile Device Support
Apple Software Update
Aptana Studio
Apycom Java Menus and Buttons
Article Equalizer
ASPRunner Professional 3.2
Avira AntiVir Personal – Free Antivirus
Back Link Analyzer v2.0
BBC iPlayer Download Manager
BBC iPlayer Download Manager
Bitrix Site Manager 4.0
BT Voyager Wireless Utility
Business Edition
Compress 2000 1.2
Connect
Core FTP LE 2.1
Critical Update for Windows Media Player 11 (KB959772)
CSE HTML Validator Professional v6.52 Trial
CSS Tab Designer v2.0
CSVed
DBManager Professional Freeware
DHTML Menu Builder 4.9
Dynamic Bid Maximizer Advance V3.0
Dynamic Submission V7.0
DzSoft Perl Editor 5.6
e3KWDCheck
EasyPHP 1.8
eBook Pro Viewer 5.54
Ecommerce Shopping Cart Software Windows Installer For Unix Version 0.8.0
Edraw Flowchart 4
e-Promo-CarD Designer
EPSON Printer Software
ewido anti-malware
Fast Blog Finder 2.10
Feidian IPTV
FileZilla Client 3.2.3.1
Firebird 1.5.3.4870
Firebird SQL Server - MAGIX Edition
FlameRobin 0.7.5
Form1 Builder
Forms To Go 2.6.5
FTP Surfer
Funnel Web Analyzer (Free) 5.0
Funnel Web Profiler 2.0
GdiplusUpgrade
Good Keywords v2.0.111205
Google AdWords Editor
Google Earth
Google Talk (remove only)
Google Talk Plugin
GRKda: GRSoftware Keyword Density Analyzer V2.1.73
GSiteCrawler
Hide My IP 1.0
HijackThis 1.99.1
HiSoftware AutoUpdater
HiSoftware(R) Accessible Form Creator
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
HP Help and Support
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Update
HTML Source Bar
Hyperseek
IBP & ARELIS 9.7.1
IBP 10.2
iNet Protector 2.0
InterActual Player
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_11
Java 2 Runtime Environment, SE v1.4.2_03
jetAudio Basic
JSAS
Kapow Mashup Server 6.3 Openkapow Edition SR1
Kaspersky On-line Scanner
Kaze to Desktop 1.0.1
kd Autumn VI 2003
Kinset
KnockOut 2
Lavasoft VX2 Cleaner
LeechFTP
Link Checker Pro
Link Popularity Check 3.0
LinkExplore 2.0
LiveResponse
Macromedia Contribute
Macromedia Contribute 2
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Paper
Macromedia FreeHand MX
Macromedia Shockwave Player
MAGIX Movie Edit Pro 14 Trial 7.5.2.14 (US)
MAGIX Screenshare 4.3.6.1987 (US)
Market Research Wizard
Market Samurai
MaxBulk Mailer 5.7.0
MD 40820
Media Lab SiteGrinder 2 (Basic & Pro)
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Access 2000 Runtime
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (3.0.8)
Mozilla Thunderbird (1.0)
Mpeg2Decoder 1.3
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MySQL Backup & Restore Databases Software 7.0
MySQL Connector/ODBC 3.51
MySQL Editor Software 7.0
MySQL-Front 3.2
MyTool 1.9
NavStudio
Nero 7 Essentials
neroxml
NETGEAR RangeMax(TM) Wireless PC Card WPN511
Network Stumbler 0.4.0 (remove only)
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA GART Driver
NVIDIA Windows 2000/XP Display Drivers
Opera 9.02
overland
Panda ActiveScan
PC Connectivity Solution
Pcast VOD Control 1.0
PCI 1620 Cardbus Controller and Software
PGP 8.1
Philips Intelligent Agent
Photosmart 140,240,7200,7600,7700,7900 Series
PHP DESIGNER 2006 4.06
PHP DESIGNER Toolbar
PHP Form Wizard 1.2.5 demo
PHPRunner 2.0
Popularity OnSnap
PPLive 1.1.0.7
PPStream
pranker
PremiumSoft Navicat MySQL 7.1
PrimoPDF
PrimoPDF Redistribution Package
Product Idea Profitabilty Evaluator
Quick Launch Buttons 4.20 C4
QuickTime
Readerware
RealPlayer
RecordNow!
Robot-Manager 3.1
ROR Sitemap Generator 1.0
RSSeditor
Sage Order Importer 2007
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SharpReader 0.9.5.1
ShellRun
Site Content Analyzer 2.2
Site Map Pro 2.2
Sizer (remove only)
Sky Broadband
Sky Player
Skype 3.0
Skype Plugin Manager
Smart Explorer 6.1
SmartSound Quicktracks Plugin
Sonic DLA
Sonic Update Manager
Sony Picture Utility
SopCast 0.9.9
Sothink DHTMLMenu
Sothink DHTMLMenu
SoundMAX
Spy Sweeper
Spybot - Search & Destroy 1.4
SpyderOpts
StomperScrutinizer
StomperScrutinizer
sunriseradio Toolbar
Sygate Personal Firewall
Synacast Plug-in 1.1.0.7
SyncWorks
Sysquake LE 4.0
TextPad 4.7
ThunderStor 2.7.1
TotalSpoof v1.4.3
TurboCASH4 0.2
TVAnts 1.0
TVUPlayer 2.4.1.0
Ufindus Rapidsite
Universal Mechanism version 3.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Vista Transformation Pack 6.0
Visual Infinite Menus
Web Link Validator 4.0 build 403
Web Scraper Plus+ Web Spider Edition
WebBug
webcamXP (remove only)
WebEx
Website Submitter 1.3.5
WebSite-Watcher 4.41
Webspinner 1.0f Demo
WhosOn Hosted Edition Client
WildTangent Web Driver
WinAVIVideoConverter
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinHTTrack Website Copier 3.41-3
WinRAR archiver
WinSCP 2.3
WinZip
XAMPP 1.4.9
Xenu's Link Sleuth
Yahoo! Widgets
Yahoo! Widgets SDK

Best Regards Bumpy.
Bumpy
Active Member
 
Posts: 11
Joined: March 26th, 2009, 10:30 am
Advertisement
Register to Remove

Re: My Hijackthis File and my Issues thread

Unread postby Axephilic » April 18th, 2009, 1:59 am

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

I will post my first fix for you soon.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: My Hijackthis File and my Issues thread

Unread postby Axephilic » April 18th, 2009, 2:17 am

Hi there,

Download and Run ComboFix
Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.

    Image

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Uninstall Bad Programs
We are going to uninstall some bad stuff now.
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if found):

    PHP DESIGNER Toolbar

Now you can close Add/Remove Programs.

In your next reply, please include:
  1. Is your ISP Spitfire Technology Group?
  2. ComboFix log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: My Hijackthis File and my Issues thread

Unread postby Bumpy » April 20th, 2009, 4:12 am

Hi Adam, thank you for taking some time out to help me. I will start this process now.

Best Regards
Bumpy
Bumpy
Active Member
 
Posts: 11
Joined: March 26th, 2009, 10:30 am

Re: My Hijackthis File and my Issues thread

Unread postby Bumpy » April 20th, 2009, 5:52 am

Hi Adam, I have started to run Combofix it is telling me it has detected the following realtime scanner: AntiVir Personal Edition Classic Virus Protection and asks me to disable it. I could not found how to disable it so I have removed the software from my PC, but it still seems to detect it and is still asking me to disable AntiVir even though I have removed this software from my PC.

Best Regards
Bumpy
Bumpy
Active Member
 
Posts: 11
Joined: March 26th, 2009, 10:30 am

Re: My Hijackthis File and my Issues thread

Unread postby Bumpy » April 21st, 2009, 7:37 am

Hi Adam,

1. My ISP used to be Spitfire Technology Group, we are now with Solar Communications

Please find below my ComboFix log and a New HijackThis log.

ComboFix:
ComboFix 09-04-21.A1 - Justin 21/04/2009 11:27.2 - NTFSx86
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Justin\Application Data\Google\mccklrp32.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\dudu
c:\documents and settings\All Users\Application Data\dudu\DDD\ddd.conf
c:\documents and settings\All Users\Application Data\dudu\DDD\fileinfo.dat
c:\documents and settings\All Users\Application Data\dudu\DDD\filesave.dat
c:\documents and settings\All Users\Application Data\dudu\DDD\flink\AB108028.lnk
c:\documents and settings\All Users\Application Data\dudu\DDD\flink\ACwsh_xx_20060331_10.lnk
c:\documents and settings\Justin\Application Data\Google\mccklrp32.dll
c:\documents and settings\Justin\Application Data\RB4D67TCP450.DLL
c:\documents and settings\Justin\Application Data\rbap450.dll
c:\documents and settings\Justin\Application Data\RBMSExcel450.DLL
c:\documents and settings\Justin\Application Data\RBODBC450.DLL
c:\documents and settings\Justin\Application Data\rbopenbase450.dll
c:\documents and settings\Justin\Application Data\rbpsql450.dll
c:\documents and settings\Justin\Application Data\RBRegEx350.dll
c:\documents and settings\Justin\Application Data\rbselectfolder450.dll
c:\documents and settings\Justin\Local Settings\Temporary Internet Files\AlxRes_dll_IMAGE_bg_popup.gif
c:\documents and settings\Justin\Local Settings\Temporary Internet Files\AlxRes_dll_IMAGE_window_sliver.gif
c:\documents and settings\Justin\Local Settings\Temporary Internet Files\MF7296ED.gif
c:\documents and settings\Justin\Local Settings\Temporary Internet Files\Ssk.log
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\program files\\setup.exe
c:\program files\alexa toolbar
c:\program files\alexa toolbar\uninstall.exe
c:\program files\FunWebProducts
c:\program files\pcast
c:\program files\pcast\PodcastbarMini\channels.xml
c:\program files\pcast\PodcastbarMini\pbmini.config.xml
c:\program files\pcast\VOD\Pcast VOD Control.url
c:\program files\pcast\VOD\pCastDbo.dll
c:\program files\pcast\VOD\pcastvod.dll
c:\program files\pcast\VOD\uninst.exe
c:\program files\TurboMailer-Setup.PIF
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\UWFX6_0001_N69M1503NetInstaller.exe
c:\windows\system32\comploader.dll
c:\windows\system32\dbxDgrevCheck.dll
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\FTPx.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\Process.exe
c:\windows\system32\zip32.dll
c:\windows\Sysvxd.exe
c:\windows\uninst2.htm
c:\windows\unist1.htm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCPATCH
-------\Legacy_RPCTFTPD


((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-18 14:13 . 2009-04-18 14:13 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-04-18 12:55 . 2009-04-18 12:55 -------- d-----w c:\documents and settings\Justin\Application Data\Logitech
2009-04-18 12:53 . 2009-04-18 12:53 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-04-18 12:50 . 2009-04-18 12:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-18 12:49 . 2009-04-18 12:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-18 12:46 . 2008-01-09 11:26 301656 ----a-w c:\windows\system32\BtCoreIf.dll
2009-04-18 12:46 . 2008-01-09 11:28 76304 ----a-w c:\windows\system32\KemXML.dll
2009-04-18 12:46 . 2008-01-09 11:27 170512 ----a-w c:\windows\system32\kemutb.dll
2009-04-18 12:46 . 2008-01-09 11:28 117264 ----a-w c:\windows\system32\KemWnd.dll
2009-04-18 12:46 . 2008-01-09 11:28 141840 ----a-w c:\windows\system32\KemUtil.dll
2009-04-18 12:45 . 2009-04-18 12:55 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-18 12:45 . 2009-04-18 12:54 -------- d-----w c:\program files\Common Files\Logishrd
2009-04-18 12:44 . 2009-04-18 12:53 -------- d-----w c:\program files\Logitech
2009-04-18 12:42 . 2009-04-18 12:42 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-18 12:42 . 2004-08-04 06:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-18 12:42 . 2004-08-04 06:56 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-17 09:22 . 2009-04-17 09:22 -------- d-----w c:\program files\Market Samurai
2009-04-17 08:56 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 08:56 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 08:56 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 08:56 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 08:56 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 08:56 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 08:56 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 08:56 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 08:56 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 08:56 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 08:41 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 13:13 . 2009-04-12 13:15 -------- d-----w c:\documents and settings\Justin\Application Data\CoreFTP
2009-04-11 14:10 . 2009-04-11 14:10 -------- d-----w c:\documents and settings\Justin\Application Data\TVU networks
2009-04-02 23:30 . 2009-04-21 11:04 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-02 23:30 . 2009-04-02 23:30 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 11:10 . 2007-08-10 09:55 -------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-04-21 11:08 . 2006-12-18 12:47 -------- d-----w c:\documents and settings\Justin\Application Data\Skype
2009-04-20 10:05 . 2005-04-22 14:26 -------- d-----w c:\documents and settings\Justin\Application Data\IBP
2009-04-20 09:33 . 2009-03-02 10:26 -------- d-----w c:\documents and settings\Justin\Application Data\FileZilla
2009-04-18 14:13 . 2009-03-04 21:08 -------- d-----w c:\program files\TVUPlayer
2009-04-18 12:53 . 2004-02-10 22:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 09:35 . 2004-04-09 10:40 -------- d-----w c:\program files\Yahoo!
2009-03-21 14:18 . 2007-04-16 15:52 986112 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-17 15:04 . 2008-01-07 12:37 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-06 14:44 . 2003-03-31 02:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-04 18:18 . 2006-02-13 13:18 -------- d-----w c:\program files\ewido anti-malware
2009-03-03 00:18 . 2007-04-18 12:31 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-23 19:32 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 20:56 . 2004-08-20 15:31 84040 ----a-w c:\documents and settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-02 16:28 . 2009-01-15 10:48 -------- d-----w c:\documents and settings\Justin\Application Data\SUPERAntiSpyware.com
2009-03-02 16:28 . 2004-02-10 22:25 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-02 16:27 . 2009-01-15 10:48 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-02 10:23 . 2008-11-24 21:43 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-02 10:23 . 2008-11-24 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-03-02 10:08 . 2008-03-19 19:55 -------- d-----w c:\program files\Citrix
2009-03-02 10:05 . 2008-03-26 11:21 -------- d-----w c:\program files\Email Extractor 1.3.5
2009-03-02 10:05 . 2008-04-22 13:59 -------- d-----w c:\documents and settings\Justin\Application Data\Maxprog
2009-03-02 09:51 . 2009-03-02 09:44 -------- d-----w c:\program files\LeechFTP
2009-03-01 12:59 . 2008-01-31 10:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-01 11:39 . 2007-08-10 09:55 -------- d-----w c:\program files\Kontiki
2009-03-01 11:39 . 2009-03-01 11:39 -------- d-----w c:\program files\Sky
2009-03-01 11:39 . 2009-03-01 11:39 -------- d-----w c:\documents and settings\All Users\Application Data\Sky
2009-02-28 04:54 . 2007-08-13 17:43 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2008-06-06 08:50 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 17:39 70656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2007-08-13 16:56 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 10:20 . 2007-11-07 09:26 723456 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-06-21 07:40 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2003-03-31 02:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2003-03-31 02:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2003-03-31 02:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2008-03-19 09:47 1846272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:19 . 2003-03-31 02:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2008-10-16 08:08 2180480 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 17:24 . 2005-03-02 00:59 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:22 . 2008-10-16 08:09 2136064 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 17:14 . 2003-03-31 02:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2003-03-31 02:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2008-10-16 08:08 2015744 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 16:49 . 2008-10-16 08:08 2057728 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 16:49 . 2003-03-31 02:00 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 20:08 . 2003-03-31 02:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-02-04 13:47 . 2008-02-04 13:47 74073 ----a-w c:\program files\lightbox2.03.3.zip
2006-05-24 18:56 . 2006-05-24 18:56 7468 ----a-w c:\program files\readme.txt
2006-04-03 17:48 . 2006-04-03 17:48 70144 ---ha-w c:\documents and settings\Justin\Application Data\EHGrid.dll
2006-04-03 17:48 . 2006-04-03 17:48 66560 ---ha-w c:\documents and settings\Justin\Application Data\rbmysql.DLL
2006-04-03 17:48 . 2006-04-03 17:48 325632 ---ha-w c:\documents and settings\Justin\Application Data\FrontBase Plugin.DLL
2006-04-03 17:48 . 2006-04-03 17:48 17408 ---ha-w c:\documents and settings\Justin\Application Data\EHEncrypt.dll
2006-04-03 17:48 . 2006-04-03 17:48 79360 ---ha-w c:\documents and settings\Justin\Application Data\EHStyleGrid.dll
2006-04-03 17:48 . 2006-04-03 17:48 65884 ---ha-w c:\documents and settings\Justin\Application Data\EHWindowSplitter.dll
2006-02-21 12:19 . 2006-02-13 13:19 58168 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 09:20 . 2005-09-16 09:20 28672 ----a-w c:\documents and settings\Justin\atwbxdet.dll
2005-09-16 09:20 . 2005-09-16 09:20 6623 ----a-w c:\documents and settings\Justin\atwbxdet.tmp
2005-06-29 16:09 . 2005-06-29 16:09 421888 ----a-w c:\program files\putty.exe
2005-06-28 11:22 . 2005-06-28 11:17 10562512 ----a-w c:\program files\GoogleEarth.exe
2005-06-24 10:41 . 2005-06-24 10:39 4413039 ----a-w c:\program files\PDG_Commerce_V4_RedHat.zip
2005-06-21 12:12 . 2005-06-21 12:09 5000804 ----a-w c:\program files\pageanalyser.zip
2005-06-21 12:01 . 2005-06-21 12:00 4823796 ----a-w c:\program files\dancer.zip
2005-06-16 09:21 . 2005-06-16 09:17 6213822 ----a-w c:\program files\myol.zip
2005-06-11 10:38 . 2005-06-11 10:38 1520966 ----a-w c:\program files\inetprot2.exe
2005-06-10 11:17 . 2005-06-10 11:14 10069600 ----a-w c:\program files\wp35platsetup.exe
2005-06-09 12:02 . 2005-06-09 12:02 375398 ----a-w c:\program files\lma-final-1.21.zip
2005-06-06 12:47 . 2005-06-06 12:47 1207141 ----a-w c:\program files\TotalSpoof143_Setup.exe
2005-06-06 09:53 . 2005-06-06 09:53 274074 ----a-w c:\program files\Marketing Tips Messenger.exe
2005-06-01 18:15 . 2005-06-01 17:53 66471271 ----a-w c:\program files\erol_trial_v3.exe
2005-05-05 13:22 . 2005-05-05 13:21 1454080 ----a-w c:\program files\GoogleWebAcceleratorSetup.msi
2005-05-05 12:07 . 2005-05-05 12:07 326167 ----a-w c:\program files\ecommerce30.zip
2005-05-04 15:12 . 2005-05-04 15:12 2799 ----a-w c:\program files\form_php.zip
2005-05-04 14:49 . 2005-04-07 10:23 3608865 ----a-w c:\program files\FormsToGo.exe
2005-05-04 14:19 . 2005-05-04 14:19 168737 ----a-w c:\program files\contactform30.zip
2005-05-04 13:30 . 2005-05-04 13:29 1873295 ----a-w c:\program files\oneadmin30.zip
2005-04-30 13:55 . 2004-07-05 08:31 9339294 ----a-w c:\program files\webceo.exe
2005-04-28 15:19 . 2005-04-28 15:19 503270 ----a-w c:\program files\AWR_PRO_setup.exe
2005-04-27 11:09 . 2005-04-27 10:59 27123200 ----a-w c:\program files\awrj.msi.part
2005-04-22 14:19 . 2005-04-22 14:16 8539820 ----a-w c:\program files\IBP-Installer.exe
2005-04-20 17:30 . 2005-04-20 17:29 2526416 ----a-w c:\program files\Shockwave_Installer_Slim.exe
2005-04-20 14:39 . 2005-04-20 14:39 437867 ----a-w c:\program files\grkdademo.zip
2005-04-19 10:23 . 2005-04-19 10:21 3765594 ----a-w c:\program files\ow32enen800.exe
2005-04-14 11:09 . 2005-04-14 10:57 7351496 ----a-w c:\program files\INSTALL_MSN_MESSENGER_DL.EXE
2005-04-12 17:48 . 2005-04-12 17:46 3755091 ----a-w c:\program files\httrack-3.33.exe
2005-04-07 10:57 . 2005-04-07 10:57 102211 ----a-w c:\program files\fbsh.exe
2005-04-05 14:38 . 2005-04-05 14:37 1897623 ----a-w c:\program files\wlvsetup.exe
2005-03-30 12:15 . 2005-03-30 12:14 2128042 ----a-w c:\program files\txpeng473.exe
2005-03-30 12:11 . 2005-03-30 12:11 1824904 ----a-w c:\program files\dzperl56.exe
2005-03-29 10:30 . 2005-03-29 10:30 15436 ----a-w c:\program files\Zero Defex Issue 261104.dat
2005-03-18 11:31 . 2005-03-18 11:31 54030 ----a-w c:\program files\IISLogfileAnalyser.zip
2005-03-16 15:57 . 2005-03-16 15:54 4634191 ----a-w c:\program files\FileZilla_2_2_12b_setup.exe
2005-03-10 14:23 . 2005-03-10 14:22 2596864 ----a-w c:\program files\Market Research WizardXP2000_110204.msi
2005-02-21 13:40 . 2005-02-21 13:40 101117 ----a-w c:\program files\domit_rss_0_4.zip
2005-02-16 11:27 . 2005-02-16 11:28 320280 ----a-w c:\program files\VMPMinimalInstall_3_0_15_12.exe
2005-02-16 10:56 . 2005-02-16 10:56 1065 ----a-w c:\program files\Cult3D Exporter for 3D Studio Max 6-Uninstall.log
2005-02-16 10:51 . 2005-02-16 10:50 12075965 ----a-w c:\program files\C3DDesigner53Setup.exe
2005-02-11 16:44 . 2005-02-11 16:44 6412393 ----a-w c:\program files\NendoDemo_1_1_6.exe
2005-02-10 15:16 . 2005-02-10 15:16 226544 ----a-w c:\program files\jre-1_5_0_01-windows-i586-p-iftw.exe
2005-09-20 14:2005-05-05 13:23 41:42 . c:\program files\mozilla firefox\components\googlewebaccfirefox.dll
1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w c:\windows\system32\fnmode.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-11 25343016]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-22 149040]
"Philips Intelligent Agent"="c:\program files\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2006-04-21 420864]
"Google Update"="c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-12-19 856133]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-19 4730880]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-12-11 241664]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-10-17 196670]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2003-12-24 2344160]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"PRISMSVR.EXE"="c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" [2004-04-26 295001]
"AS00_WPN511"="c:\program files\NETGEAR\WPN511\Utility\WPN511.exe" [2005-02-02 483328]
"inetprot"="c:\program files\iNet Protector\iprotect.exe" [2005-06-08 1408000]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
"Vista Sidebar"="c:\program files\Vista Sidebar\sidebar.exe" [2006-12-25 6083072]
"VisualTooltip"="c:\program files\VisualTooltip\VisualToolTip.exe" [2006-10-06 942080]
"Blaero Start Orb"="c:\program files\Blaero Start Orb\Blaero Start Orb.exe" [2006-07-30 575488]
"Styler"="c:\program files\Styler\Styler.exe" [2006-05-03 307200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-28 270648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-09 185632]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_14_Download_version\TrayServer.exe" [2007-12-04 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"realtecks"="c:\documents and settings\Justin\Application Data\Google\wcwdu16814728.exe" [2009-03-01 116736]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-12-12 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-12-19 323584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-18 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-18 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 11:30 72208 ----a-w c:\program files\common files\logishrd\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\SharpReader\\SharpReader.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\webcamXP\\webcamXP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\IBP 9\\IBP.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\IBP 10\\IBP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kapow Mashup Server 6.3 Openkapow Edition SR1\\bin\\RoboMaker.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\Drivers\Ca533av.sys [2002-10-21 515803]
R2 MySQL41;MySQL41; [x]
R3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;c:\windows\system32\DRIVERS\3C154G72.sys [2004-05-18 386432]
R3 BTUsbrXP(R);BT Voyager 1010 USB Adapter;c:\windows\system32\DRIVERS\btusbrxp.sys [2003-01-21 93056]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\DRIVERS\wpn511.sys [2004-08-13 395840]
R3 PCMCIABTXP;BT Voyager 1020 Laptop Adapter;c:\windows\system32\DRIVERS\BTNetXP.sys [2002-11-20 77952]
R3 SQLAgent$PROVIDUSSTD;SQLAgent$PROVIDUSSTD;c:\program files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlagent.EXE [2002-12-17 311872]
R3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\Drivers\Bulk533.sys [2002-12-04 11144]
R3 ZSMC302;VIMICRO USB PC Camera; [x]
S0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2006-01-25 78336]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 65536]
S2 InternetProtectorService;Internet Protector System Service;c:\program files\iNet Protector\IProtectorService.exe [2005-05-15 549376]
S2 MSSQL$PROVIDUSSTD;MSSQL$PROVIDUSSTD;c:\program files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe [2002-12-17 7520337]
S2 PGPdisk;PGPdisk; [x]
S2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\Drivers\PGPsdk.sys [2004-06-09 26624]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2006-01-17 1527895]


--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - Autodesk Licensing Service
*Deregistered* - BITS
*Deregistered* - Brother XP spl Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - EPSONStatusAgent2
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - ewido security suite control
*Deregistered* - FirebirdGuardianDefaultInstance
*Deregistered* - FirebirdServerDefaultInstance
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTPFilter
*Deregistered* - InternetProtectorService
*Deregistered* - iPod Service
*Deregistered* - Irmon
*Deregistered* - KService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LightScribeService
*Deregistered* - LmHosts
*Deregistered* - mchInjDrv
*Deregistered* - MSSQL$PROVIDUSSTD
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMIndexingService
*Deregistered* - NVSvc
*Deregistered* - PGPserv
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ServiceLayer
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SmcService
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - svcWRSSSDK
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - upnphost
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a0b1d36-bdbe-11da-9a07-00023f6ea8c6}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea660e66-bdbe-11da-9a08-00023f6ea8c6}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2009-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1344734455-1439202154-709122288-1266.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 09:29]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-pbmini - c:\program files\pcast\PodcastbarMini\PodcastBarMiniStater.exe
HKCU-Run-IBP - (no file)
HKLM-Run-HPHUPD05 - c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HKLM-Run-StopSignSsTsMon - c:\program files\Acceleration Software\Anti-Virus\sstsmon.dll
HKLM-Run-BigDogPath - c:\windows\VM_STI.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: Add to WebSite-Watcher - c:\documents and settings\Justin\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
TCP: {9C762DC2-C685-4C5E-A179-16A42DF48735} = 217.13.128.17,217.13.128.27
TCP: {AF929751-7500-461A-A08E-4AA733344717} = 217.13.128.17,217.13.128.27
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\mtjvegth.justin\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\Mozilla Firefox\components\googlewebaccfirefox.dll
FF - plugin: c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\mtjvegth.justin\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Justin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPAbacheck.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npswf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAbacheck.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\windows\SYSTEM32\Cult3D\NPMCult3DP.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 12:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????)?n??|?????? ?(?B???????????????B? ??????

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL41]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL41"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(4940)
c:\windows\system32\nView.dll
c:\windows\system32\NVWRSENG.DLL
c:\program files\VisualTooltip\VisualTooltip.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\program files\LClock\LC.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Whisper Technology\FTP Surfer\wtftpshx.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\Smc.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PGPServ.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\docume~1\Justin\LOCALS~1\Temp\{9A1A44CD-7A53-4F3D-AE8A-33929925C440}\Blaero Start Orb.exe
c:\windows\system32\rundll32.exe
c:\program files\Kontiki\KService.exe
c:\docume~1\Justin\LOCALS~1\Temp\{E8280046-F2F8-4164-85FB-5917D8EC17DE}\sidebar.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-21 12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 11:25

Pre-Run: 19,981,709,312 bytes free
Post-Run: 20,950,622,208 bytes free

528 --- E O F --- 2009-04-18 10:09


HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 12:36:43, on 21/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\iNet Protector\IProtectorService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\iNet Protector\iprotect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\{9A1A44CD-7A53-4F3D-AE8A-33929925C440}\Blaero Start Orb.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Kontiki\KHost.exe
C:\Documents and Settings\Justin\Application Data\Google\wcwdu16814728.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\Justin\LOCALS~1\Temp\{E8280046-F2F8-4164-85FB-5917D8EC17DE}\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [inetprot] "C:\Program Files\iNet Protector\iprotect.exe" tray
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [realtecks] "C:\Documents and Settings\Justin\Application Data\Google\wcwdu16814728.exe" 2
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Justin\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C762DC2-C685-4C5E-A179-16A42DF48735}: NameServer = 217.13.128.17,217.13.128.27
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF929751-7500-461A-A08E-4AA733344717}: NameServer = 217.13.128.17,217.13.128.27
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Internet Protector System Service (InternetProtectorService) - Unknown owner - C:\Program Files\iNet Protector\IProtectorService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)

Best Regards
Bumpy
Bumpy
Active Member
 
Posts: 11
Joined: March 26th, 2009, 10:30 am

Re: My Hijackthis File and my Issues thread

Unread postby Axephilic » April 21st, 2009, 10:57 pm

Hi there,

Upload a file to VirusTotal

Please visit Virustotal
  • Click the Browse.. button
  • Navigate to the file c:\windows\system32\fnmode.sys
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\Program.exe
Folder::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-
Driver::
MySQL41


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. VirusTotal Results
  2. ComboFix log
  3. Kaspersky report
  4. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: My Hijackthis File and my Issues thread

Unread postby Bumpy » April 22nd, 2009, 8:13 pm

Hi Adam, thid has taken a bit of time but here are the reports.
Virustotal: this file does not seem to be on my PC.

ComboFix:
ComboFix 09-04-22.A0 - Justin 22/04/2009 11:04.4 - NTFSx86
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Justin\Desktop\CFScript.txt
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
C:\Program.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYSQL41
-------\Service_MySQL41


((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-18 14:13 . 2009-04-18 14:13 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-04-18 12:55 . 2009-04-18 12:55 -------- d-----w c:\documents and settings\Justin\Application Data\Logitech
2009-04-18 12:53 . 2009-04-18 12:53 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-04-18 12:50 . 2009-04-18 12:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-18 12:49 . 2009-04-18 12:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-18 12:46 . 2008-01-09 11:26 301656 ----a-w c:\windows\system32\BtCoreIf.dll
2009-04-18 12:46 . 2008-01-09 11:28 76304 ----a-w c:\windows\system32\KemXML.dll
2009-04-18 12:46 . 2008-01-09 11:27 170512 ----a-w c:\windows\system32\kemutb.dll
2009-04-18 12:46 . 2008-01-09 11:28 117264 ----a-w c:\windows\system32\KemWnd.dll
2009-04-18 12:46 . 2008-01-09 11:28 141840 ----a-w c:\windows\system32\KemUtil.dll
2009-04-18 12:45 . 2009-04-18 12:55 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-18 12:45 . 2009-04-18 12:54 -------- d-----w c:\program files\Common Files\Logishrd
2009-04-18 12:44 . 2009-04-18 12:53 -------- d-----w c:\program files\Logitech
2009-04-18 12:42 . 2009-04-18 12:42 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-18 12:42 . 2004-08-04 06:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-18 12:42 . 2004-08-04 06:56 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-17 09:22 . 2009-04-17 09:22 -------- d-----w c:\program files\Market Samurai
2009-04-17 08:56 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 08:56 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 08:56 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 08:56 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 08:56 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 08:56 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 08:56 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 08:56 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 08:56 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 08:56 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 08:41 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 13:13 . 2009-04-12 13:15 -------- d-----w c:\documents and settings\Justin\Application Data\CoreFTP
2009-04-11 14:10 . 2009-04-11 14:10 -------- d-----w c:\documents and settings\Justin\Application Data\TVU networks
2009-04-02 23:30 . 2009-04-22 10:25 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-02 23:30 . 2009-04-02 23:30 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 10:27 . 2007-08-10 09:55 -------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-04-22 10:15 . 2006-12-18 12:47 -------- d-----w c:\documents and settings\Justin\Application Data\Skype
2009-04-22 10:03 . 2009-04-22 10:03 31096 ----a-w C:\log.txt
2009-04-22 10:01 . 2009-04-22 10:01 199 ----a-w C:\CFScript.txt
2009-04-22 08:36 . 2005-06-06 09:54 1062767 -c--a-w c:\windows\clientupgrade.exe
2009-04-21 16:21 . 2005-04-22 14:26 -------- d-----w c:\documents and settings\Justin\Application Data\IBP
2009-04-21 13:15 . 2004-06-28 16:28 -------- d-----w c:\program files\MSN Messenger
2009-04-21 13:15 . 2005-11-02 16:55 -------- d-----w c:\documents and settings\Justin\Application Data\aignes
2009-04-21 13:14 . 2004-02-10 22:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 13:13 . 2005-07-22 07:42 -------- d-----w c:\program files\Microsoft SQL Server
2009-04-21 13:13 . 2005-07-22 07:42 -------- d-----w c:\program files\Web Scraper Plus+
2009-04-21 13:11 . 2004-09-01 09:16 -------- d-----w c:\program files\Common Files\SourceTec
2009-04-21 13:05 . 2008-08-07 09:44 -------- d-----w c:\program files\MAGIX
2009-04-21 13:05 . 2008-08-07 09:45 -------- d-----w c:\documents and settings\All Users\Application Data\MAGIX
2009-04-21 13:02 . 2004-07-13 11:17 -------- d-----w c:\program files\Link Checker Pro
2009-04-21 13:02 . 2004-05-18 16:14 -------- d-----w c:\program files\LinkExplore
2009-04-21 13:01 . 2008-10-09 15:46 -------- d-----w c:\program files\Kapow Mashup Server 6.3 Openkapow Edition SR1
2009-04-21 12:56 . 2005-04-28 15:22 -------- d-----w c:\program files\AgentWebRanking PRO
2009-04-21 12:55 . 2004-06-07 12:46 -------- d-----w c:\program files\pranalyzer
2009-04-21 12:53 . 2005-06-06 09:54 349200 ----a-w c:\windows\marketing tips messenger.exe
2009-04-20 09:33 . 2009-03-02 10:26 -------- d-----w c:\documents and settings\Justin\Application Data\FileZilla
2009-04-18 14:13 . 2009-03-04 21:08 -------- d-----w c:\program files\TVUPlayer
2009-03-23 09:35 . 2004-04-09 10:40 -------- d-----w c:\program files\Yahoo!
2009-03-21 14:18 . 2007-04-16 15:52 986112 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-17 15:04 . 2008-01-07 12:37 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-06 14:44 . 2003-03-31 02:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-04 18:18 . 2006-02-13 13:18 -------- d-----w c:\program files\ewido anti-malware
2009-03-03 00:18 . 2007-04-18 12:31 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-23 19:32 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 20:56 . 2004-08-20 15:31 84040 ----a-w c:\documents and settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-02 16:28 . 2009-01-15 10:48 -------- d-----w c:\documents and settings\Justin\Application Data\SUPERAntiSpyware.com
2009-03-02 16:28 . 2004-02-10 22:25 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-02 16:27 . 2009-01-15 10:48 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-02 10:23 . 2008-11-24 21:43 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-02 10:23 . 2008-11-24 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-03-02 10:08 . 2008-03-19 19:55 -------- d-----w c:\program files\Citrix
2009-03-02 10:05 . 2008-03-26 11:21 -------- d-----w c:\program files\Email Extractor 1.3.5
2009-03-01 12:59 . 2008-01-31 10:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-01 11:39 . 2007-08-10 09:55 -------- d-----w c:\program files\Kontiki
2009-03-01 11:39 . 2009-03-01 11:39 -------- d-----w c:\program files\Sky
2009-03-01 11:39 . 2009-03-01 11:39 -------- d-----w c:\documents and settings\All Users\Application Data\Sky
2009-02-28 04:54 . 2007-08-13 17:43 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2008-06-06 08:50 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 17:39 70656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2007-08-13 16:56 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 10:20 . 2007-11-07 09:26 723456 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-06-21 07:40 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2003-03-31 02:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2003-03-31 02:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2003-03-31 02:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2008-03-19 09:47 1846272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:19 . 2003-03-31 02:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2008-10-16 08:08 2180480 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 17:24 . 2005-03-02 00:59 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:22 . 2008-10-16 08:09 2136064 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 17:14 . 2003-03-31 02:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2003-03-31 02:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2008-10-16 08:08 2015744 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 16:49 . 2008-10-16 08:08 2057728 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 16:49 . 2003-03-31 02:00 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 20:08 . 2003-03-31 02:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-02-04 13:47 . 2008-02-04 13:47 74073 ----a-w c:\program files\lightbox2.03.3.zip
2006-04-03 17:48 . 2006-04-03 17:48 70144 ---ha-w c:\documents and settings\Justin\Application Data\EHGrid.dll
2006-04-03 17:48 . 2006-04-03 17:48 66560 ---ha-w c:\documents and settings\Justin\Application Data\rbmysql.DLL
2006-04-03 17:48 . 2006-04-03 17:48 325632 ---ha-w c:\documents and settings\Justin\Application Data\FrontBase Plugin.DLL
2006-04-03 17:48 . 2006-04-03 17:48 17408 ---ha-w c:\documents and settings\Justin\Application Data\EHEncrypt.dll
2006-04-03 17:48 . 2006-04-03 17:48 79360 ---ha-w c:\documents and settings\Justin\Application Data\EHStyleGrid.dll
2006-04-03 17:48 . 2006-04-03 17:48 65884 ---ha-w c:\documents and settings\Justin\Application Data\EHWindowSplitter.dll
2006-02-21 12:19 . 2006-02-13 13:19 58168 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 09:20 . 2005-09-16 09:20 28672 ----a-w c:\documents and settings\Justin\atwbxdet.dll
2005-09-16 09:20 . 2005-09-16 09:20 6623 ----a-w c:\documents and settings\Justin\atwbxdet.tmp
2005-06-28 11:22 . 2005-06-28 11:17 10562512 ----a-w c:\program files\GoogleEarth.exe
2005-06-21 12:01 . 2005-06-21 12:00 4823796 ----a-w c:\program files\dancer.zip
2005-06-11 10:38 . 2005-06-11 10:38 1520966 ----a-w c:\program files\inetprot2.exe
2005-06-09 12:02 . 2005-06-09 12:02 375398 ----a-w c:\program files\lma-final-1.21.zip
2005-06-01 18:15 . 2005-06-01 17:53 66471271 ----a-w c:\program files\erol_trial_v3.exe
2005-05-05 13:22 . 2005-05-05 13:21 1454080 ----a-w c:\program files\GoogleWebAcceleratorSetup.msi
2005-05-05 12:07 . 2005-05-05 12:07 326167 ----a-w c:\program files\ecommerce30.zip
2005-05-04 15:12 . 2005-05-04 15:12 2799 ----a-w c:\program files\form_php.zip
2005-05-04 14:49 . 2005-04-07 10:23 3608865 ----a-w c:\program files\FormsToGo.exe
2005-05-04 14:19 . 2005-05-04 14:19 168737 ----a-w c:\program files\contactform30.zip
2005-04-28 15:19 . 2005-04-28 15:19 503270 ----a-w c:\program files\AWR_PRO_setup.exe
2005-04-27 11:09 . 2005-04-27 10:59 27123200 ----a-w c:\program files\awrj.msi.part
2005-04-22 14:19 . 2005-04-22 14:16 8539820 ----a-w c:\program files\IBP-Installer.exe
2005-04-20 14:39 . 2005-04-20 14:39 437867 ----a-w c:\program files\grkdademo.zip
2005-04-14 11:09 . 2005-04-14 10:57 7351496 ----a-w c:\program files\INSTALL_MSN_MESSENGER_DL.EXE
2005-04-12 17:48 . 2005-04-12 17:46 3755091 ----a-w c:\program files\httrack-3.33.exe
2005-04-07 10:57 . 2005-04-07 10:57 102211 ----a-w c:\program files\fbsh.exe
2005-03-30 12:11 . 2005-03-30 12:11 1824904 ----a-w c:\program files\dzperl56.exe
2005-03-18 11:31 . 2005-03-18 11:31 54030 ----a-w c:\program files\IISLogfileAnalyser.zip
2005-03-16 15:57 . 2005-03-16 15:54 4634191 ----a-w c:\program files\FileZilla_2_2_12b_setup.exe
2005-02-21 13:40 . 2005-02-21 13:40 101117 ----a-w c:\program files\domit_rss_0_4.zip
2005-02-16 10:56 . 2005-02-16 10:56 1065 ----a-w c:\program files\Cult3D Exporter for 3D Studio Max 6-Uninstall.log
2005-02-16 10:51 . 2005-02-16 10:50 12075965 ----a-w c:\program files\C3DDesigner53Setup.exe
2005-02-10 15:16 . 2005-02-10 15:16 226544 ----a-w c:\program files\jre-1_5_0_01-windows-i586-p-iftw.exe
2005-02-03 13:46 . 2005-02-03 13:46 918274 ----a-w c:\program files\e3kwdcheck.exe
2005-01-10 15:37 . 2005-01-10 15:35 45340 ----a-w c:\program files\htmlarea.zip
2005-01-05 11:38 . 2005-01-05 11:38 122 ----a-w c:\program files\AdbeRdr70_enu_full_FEAD_error.log
2005-01-05 11:35 . 2005-01-05 11:27 20798256 ----a-w c:\program files\AdbeRdr70_enu_full.exe
2005-09-20 14:2005-05-05 13:23 41:42 . c:\program files\mozilla firefox\components\googlewebaccfirefox.dll
1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w c:\windows\system32\fnmode.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-22_09.32.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-22 10:23 . 2009-04-22 10:23 16384 c:\windows\Temp\Perflib_Perfdata_7c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-11 25343016]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-22 149040]
"Philips Intelligent Agent"="c:\program files\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2006-04-21 420864]
"Google Update"="c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-12-19 856133]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-19 4730880]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-12-11 241664]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-10-17 196670]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2003-12-24 2344160]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"PRISMSVR.EXE"="c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" [2004-04-26 295001]
"AS00_WPN511"="c:\program files\NETGEAR\WPN511\Utility\WPN511.exe" [2005-02-02 483328]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-28 270648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-09 185632]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"realtecks"="c:\documents and settings\Justin\Application Data\Google\wcwdu16814728.exe" [2009-03-01 116736]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-12-12 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-12-19 323584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-18 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-18 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 11:30 72208 ----a-w c:\program files\common files\logishrd\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\SharpReader\\SharpReader.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\webcamXP\\webcamXP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\IBP 9\\IBP.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\IBP 10\\IBP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\Drivers\Ca533av.sys [2002-10-21 515803]
R3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;c:\windows\system32\DRIVERS\3C154G72.sys [2004-05-18 386432]
R3 BTUsbrXP(R);BT Voyager 1010 USB Adapter;c:\windows\system32\DRIVERS\btusbrxp.sys [2003-01-21 93056]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\DRIVERS\wpn511.sys [2004-08-13 395840]
R3 PCMCIABTXP;BT Voyager 1020 Laptop Adapter;c:\windows\system32\DRIVERS\BTNetXP.sys [2002-11-20 77952]
R3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\Drivers\Bulk533.sys [2002-12-04 11144]
R3 ZSMC302;VIMICRO USB PC Camera; [x]
S0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2006-01-25 78336]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 65536]
S2 InternetProtectorService;Internet Protector System Service;c:\program files\iNet Protector\IProtectorService.exe [2005-05-15 549376]
S2 PGPdisk;PGPdisk; [x]
S2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\Drivers\PGPsdk.sys [2004-06-09 26624]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2006-01-17 1527895]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a0b1d36-bdbe-11da-9a07-00023f6ea8c6}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea660e66-bdbe-11da-9a08-00023f6ea8c6}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2009-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1344734455-1439202154-709122288-1266.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 09:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
TCP: {9C762DC2-C685-4C5E-A179-16A42DF48735} = 217.13.128.17,217.13.128.27
TCP: {AF929751-7500-461A-A08E-4AA733344717} = 217.13.128.17,217.13.128.27
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\mtjvegth.justin\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\Mozilla Firefox\components\googlewebaccfirefox.dll
FF - plugin: c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\mtjvegth.justin\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Justin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPAbacheck.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npswf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAbacheck.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\windows\SYSTEM32\Cult3D\NPMCult3DP.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 11:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????'?n??|?`???? ?(?B???????????????B? ??????

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\nView.dll
c:\windows\system32\NVWRSENG.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\documents and settings\Justin\Application Data\Google\mccklrp32.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Whisper Technology\FTP Surfer\wtftpshx.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\Smc.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PGPServ.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-22 11:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 10:46
ComboFix2.txt 2009-04-22 09:54

Pre-Run: 23,145,308,160 bytes free
Post-Run: 23,132,774,400 bytes free

392 --- E O F --- 2009-04-18 10:09

KasberSky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, April 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 22, 2009 11:52:30
Records in database: 2068659
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
X:\
Y:\
Z:\

Scan statistics:
Files scanned: 226335
Threat name: 42
Infected objects: 71
Suspicious objects: 50
Duration of the scan: 10:03:08


File name / Threat name / Threats count
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 4
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Diehard.bn 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Diehard.r 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Diehard.br 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Diehard.bw 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Diehard.cf 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox Infected: Trojan-Downloader.Win32.Agent.deu 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox Infected: Trojan.Win32.Pakes.bpn 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\iipgroup.sbd\justin Infected: Trojan-Spy.Win32.Zbot.dun 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Suspicious: Trojan-Spy.HTML.Fraud.gen 9
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Email-Worm.Win32.Luder.a 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Email-Worm.Win32.Warezov.pk 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Email-Worm.Win32.Zhelatin.a 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Email-Worm.Win32.Banwarum.l 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Email-Worm.Win32.Zhelatin.k 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Email-Worm.Win32.Zhelatin.o 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Email-Worm.Win32.Zhelatin.r 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan-Spy.HTML.Chasfraud.u 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan-Spy.HTML.Bankfraud.rw 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan-Downloader.Win32.Diehard.cf 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan-Downloader.Win32.Agent.crz 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan-Downloader.Win32.Banload.drs 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan-Dropper.Win32.Agent.bzp 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Laptech.sbd\sem Infected: Trojan.Win32.Pakes.bpa 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Netaec.sbd\justin.sbd\link directories Suspicious: Trojan-Spy.HTML.Fraud.gen 13
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Netaec.sbd\justin.sbd\link directories Infected: Trojan-Spy.Win32.Zbot.gxn 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\Netaec.sbd\justin.sbd\link directories Infected: Trojan-Mailfinder.Win32.Agent.we 2
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Infected: Trojan-Downloader.HTML.Agent.km 8
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Infected: Trojan.Win32.Crypt.mv 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Infected: Backdoor.Win32.Hijack.e 3
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Suspicious: Trojan-Spy.HTML.Fraud.gen 12
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Infected: Trojan-Spy.HTML.Fraud.eo 3
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Infected: Trojan-Spy.HTML.Fraud.ez 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Suspicious: Exploit.HTML.Iframe.FileDownload 3
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Infected: Email-Worm.Win32.NetSky.q 6
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Inbox.sbd\WHUFC.sbd\admin Infected: Trojan-Spy.HTML.Fraud.fd 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\SHIT Infected: Email-Worm.Win32.Luder.a 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan-Downloader.Win32.Diehard.bw 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan-Downloader.Win32.Diehard.cf 2
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan-Downloader.Win32.Agent.crz 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan-Downloader.Win32.Agent.deu 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan-Downloader.Win32.Banload.drs 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 9
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan-Dropper.Win32.Agent.bzp 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan.Win32.Pakes.bpa 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan.Win32.Pakes.bpn 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan.Win32.Pakes.bsw 1
C:\Documents and Settings\Justin\Application Data\Thunderbird\Profiles\6ivgdv6o.juffield\Mail\Local Folders\Trash Infected: Trojan.Win32.Pakes.btf 1
C:\Documents and Settings\Justin\Desktop\Vista Transformation Pack 6.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
C:\Program Files\alexa\Alexa_digitalpoints-20.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.a 1
C:\Program Files\alexa\Alexa_digitalpoints-20.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.ar 1
C:\WINDOWS\Pointdev\VNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\WINDOWS\Pointdev\VNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1
C:\WINDOWS\system32\pCastCtl.dll Infected: not-a-virus:AdWare.Win32.Dudu.f 1
C:\WINDOWS\system32\vimc.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1

The selected area was scanned.

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 01:11:39, on 23/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\iNet Protector\IProtectorService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Justin\Local Settings\Temp\jkos-Justin\binaries\ScanningProcess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [realtecks] "C:\Documents and Settings\Justin\Application Data\Google\wcwdu16814728.exe" 2
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C762DC2-C685-4C5E-A179-16A42DF48735}: NameServer = 217.13.128.17,217.13.128.27
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF929751-7500-461A-A08E-4AA733344717}: NameServer = 217.13.128.17,217.13.128.27
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Internet Protector System Service (InternetProtectorService) - Unknown owner - C:\Program Files\iNet Protector\IProtectorService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)

hope this helps Adam
Cheers
Best Regards
Bumpy
Bumpy
Active Member
 
Posts: 11
Joined: March 26th, 2009, 10:30 am

Re: My Hijackthis File and my Issues thread

Unread postby Axephilic » April 24th, 2009, 11:43 am

Extremely sorry about not being able to reply sooner, some stuff has come up and I have not been able to get to my computer. I'm at school now with no access to my home files, but I will be able to respond in full tonight.

Thanks for your patience.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: My Hijackthis File and my Issues thread

Unread postby Bumpy » April 24th, 2009, 12:05 pm

Hi Adam thanks for the heads up.

Take it easy man.

Bumpy.
Bumpy
Active Member
 
Posts: 11
Joined: March 26th, 2009, 10:30 am

Re: My Hijackthis File and my Issues thread

Unread postby Axephilic » April 25th, 2009, 2:12 am

Hi and thank you for being so patient.

First, you have a virus in your Thunderbird Inbox and other emails. You will need to backup any important emails and then delete the rest to make sure you get all of the infected ones.

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [realtecks] "C:\Documents and Settings\Justin\Application Data\Google\wcwdu16814728.exe" 2
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\WINDOWS\system32\pCastCtl.dll
C:\Documents and Settings\Justin\Application Data\Google\wcwdu16814728.exe
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

In your next reply, please include:
  1. ComboFix log
  2. MBAM log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: My Hijackthis File and my Issues thread

Unread postby Bumpy » April 25th, 2009, 7:51 am

Hi Adam, here are the three logs you have requested.

ComboFix Log:
ComboFix 09-04-25.A1 - Justin 25/04/2009 10:57.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.212 [GMT 1:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Justin\Desktop\CFScript.txt
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\Justin\Application Data\Google\wcwdu16814728.exe
c:\windows\system32\pCastCtl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Justin\Application Data\Google\mccklrp32.dll
c:\documents and settings\Justin\Application Data\Google\wcwdu16814728.exe
c:\windows\system32\pCastCtl.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-22 11:16 . 2009-04-22 11:16 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-22 11:16 . 2009-04-22 11:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-18 14:13 . 2009-04-18 14:13 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-04-18 12:55 . 2009-04-18 12:55 -------- d-----w c:\documents and settings\Justin\Application Data\Logitech
2009-04-18 12:53 . 2009-04-18 12:53 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-04-18 12:50 . 2009-04-18 12:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-18 12:49 . 2009-04-18 12:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-18 12:46 . 2008-01-09 11:26 301656 ----a-w c:\windows\system32\BtCoreIf.dll
2009-04-18 12:46 . 2008-01-09 11:28 76304 ----a-w c:\windows\system32\KemXML.dll
2009-04-18 12:46 . 2008-01-09 11:27 170512 ----a-w c:\windows\system32\kemutb.dll
2009-04-18 12:46 . 2008-01-09 11:28 117264 ----a-w c:\windows\system32\KemWnd.dll
2009-04-18 12:46 . 2008-01-09 11:28 141840 ----a-w c:\windows\system32\KemUtil.dll
2009-04-18 12:45 . 2009-04-18 12:55 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-18 12:45 . 2009-04-18 12:54 -------- d-----w c:\program files\Common Files\Logishrd
2009-04-18 12:44 . 2009-04-18 12:53 -------- d-----w c:\program files\Logitech
2009-04-18 12:42 . 2009-04-18 12:42 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-18 12:42 . 2004-08-04 06:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-18 12:42 . 2004-08-04 06:56 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-17 09:22 . 2009-04-17 09:22 -------- d-----w c:\program files\Market Samurai
2009-04-17 08:56 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 08:56 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 08:56 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 08:56 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 08:56 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 08:56 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 08:56 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 08:56 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 08:56 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 08:56 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 08:41 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 13:13 . 2009-04-12 13:15 -------- d-----w c:\documents and settings\Justin\Application Data\CoreFTP
2009-04-11 14:10 . 2009-04-11 14:10 -------- d-----w c:\documents and settings\Justin\Application Data\TVU networks
2009-04-02 23:30 . 2009-04-22 10:25 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-02 23:30 . 2009-04-02 23:30 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 10:06 . 2006-12-18 12:47 -------- d-----w c:\documents and settings\Justin\Application Data\Skype
2009-04-25 10:06 . 2007-08-10 09:55 -------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-04-23 15:11 . 2005-04-22 14:26 -------- d-----w c:\documents and settings\Justin\Application Data\IBP
2009-04-23 00:10 . 2009-04-23 00:10 10085 ----a-w C:\caspersky.txt
2009-04-22 11:16 . 2004-02-10 22:13 -------- d-----w c:\program files\Java
2009-04-22 10:03 . 2009-04-22 10:03 31096 ----a-w C:\log.txt
2009-04-22 08:36 . 2005-06-06 09:54 1062767 -c--a-w c:\windows\clientupgrade.exe
2009-04-21 13:15 . 2004-06-28 16:28 -------- d-----w c:\program files\MSN Messenger
2009-04-21 13:15 . 2005-11-02 16:55 -------- d-----w c:\documents and settings\Justin\Application Data\aignes
2009-04-21 13:14 . 2004-02-10 22:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 13:13 . 2005-07-22 07:42 -------- d-----w c:\program files\Microsoft SQL Server
2009-04-21 13:13 . 2005-07-22 07:42 -------- d-----w c:\program files\Web Scraper Plus+
2009-04-21 13:11 . 2004-09-01 09:16 -------- d-----w c:\program files\Common Files\SourceTec
2009-04-21 13:05 . 2008-08-07 09:44 -------- d-----w c:\program files\MAGIX
2009-04-21 13:05 . 2008-08-07 09:45 -------- d-----w c:\documents and settings\All Users\Application Data\MAGIX
2009-04-21 13:02 . 2004-07-13 11:17 -------- d-----w c:\program files\Link Checker Pro
2009-04-21 13:02 . 2004-05-18 16:14 -------- d-----w c:\program files\LinkExplore
2009-04-21 13:01 . 2008-10-09 15:46 -------- d-----w c:\program files\Kapow Mashup Server 6.3 Openkapow Edition SR1
2009-04-21 12:56 . 2005-04-28 15:22 -------- d-----w c:\program files\AgentWebRanking PRO
2009-04-21 12:55 . 2004-06-07 12:46 -------- d-----w c:\program files\pranalyzer
2009-04-21 12:53 . 2005-06-06 09:54 349200 ----a-w c:\windows\marketing tips messenger.exe
2009-04-20 09:33 . 2009-03-02 10:26 -------- d-----w c:\documents and settings\Justin\Application Data\FileZilla
2009-04-18 14:13 . 2009-03-04 21:08 -------- d-----w c:\program files\TVUPlayer
2009-03-23 09:35 . 2004-04-09 10:40 -------- d-----w c:\program files\Yahoo!
2009-03-21 14:18 . 2007-04-16 15:52 986112 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-17 15:04 . 2008-01-07 12:37 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-06 14:44 . 2003-03-31 02:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-04 18:18 . 2006-02-13 13:18 -------- d-----w c:\program files\ewido anti-malware
2009-03-03 00:18 . 2007-04-18 12:31 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-23 19:32 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 20:56 . 2004-08-20 15:31 84040 ----a-w c:\documents and settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-02 16:28 . 2009-01-15 10:48 -------- d-----w c:\documents and settings\Justin\Application Data\SUPERAntiSpyware.com
2009-03-02 16:28 . 2004-02-10 22:25 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-02 16:27 . 2009-01-15 10:48 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-02 10:23 . 2008-11-24 21:43 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-02 10:23 . 2008-11-24 21:43 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-03-02 10:08 . 2008-03-19 19:55 -------- d-----w c:\program files\Citrix
2009-03-02 10:05 . 2008-03-26 11:21 -------- d-----w c:\program files\Email Extractor 1.3.5
2009-03-01 12:59 . 2008-01-31 10:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-01 11:39 . 2007-08-10 09:55 -------- d-----w c:\program files\Kontiki
2009-03-01 11:39 . 2009-03-01 11:39 -------- d-----w c:\program files\Sky
2009-03-01 11:39 . 2009-03-01 11:39 -------- d-----w c:\documents and settings\All Users\Application Data\Sky
2009-02-28 04:54 . 2007-08-13 17:43 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2008-06-06 08:50 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 17:39 70656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2007-08-13 16:56 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 10:20 . 2007-11-07 09:26 723456 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-06-21 07:40 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2003-03-31 02:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2003-03-31 02:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2003-03-31 02:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2008-03-19 09:47 1846272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:19 . 2003-03-31 02:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2008-10-16 08:08 2180480 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 17:24 . 2005-03-02 00:59 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:22 . 2008-10-16 08:09 2136064 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 17:14 . 2003-03-31 02:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2003-03-31 02:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2008-10-16 08:08 2015744 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 16:49 . 2008-10-16 08:08 2057728 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 16:49 . 2003-03-31 02:00 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 20:08 . 2003-03-31 02:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-02-04 13:47 . 2008-02-04 13:47 74073 ----a-w c:\program files\lightbox2.03.3.zip
2006-04-03 17:48 . 2006-04-03 17:48 70144 ---ha-w c:\documents and settings\Justin\Application Data\EHGrid.dll
2006-04-03 17:48 . 2006-04-03 17:48 66560 ---ha-w c:\documents and settings\Justin\Application Data\rbmysql.DLL
2006-04-03 17:48 . 2006-04-03 17:48 325632 ---ha-w c:\documents and settings\Justin\Application Data\FrontBase Plugin.DLL
2006-04-03 17:48 . 2006-04-03 17:48 17408 ---ha-w c:\documents and settings\Justin\Application Data\EHEncrypt.dll
2006-04-03 17:48 . 2006-04-03 17:48 79360 ---ha-w c:\documents and settings\Justin\Application Data\EHStyleGrid.dll
2006-04-03 17:48 . 2006-04-03 17:48 65884 ---ha-w c:\documents and settings\Justin\Application Data\EHWindowSplitter.dll
2006-02-21 12:19 . 2006-02-13 13:19 58168 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 09:20 . 2005-09-16 09:20 28672 ----a-w c:\documents and settings\Justin\atwbxdet.dll
2005-09-16 09:20 . 2005-09-16 09:20 6623 ----a-w c:\documents and settings\Justin\atwbxdet.tmp
2005-06-28 11:22 . 2005-06-28 11:17 10562512 ----a-w c:\program files\GoogleEarth.exe
2005-06-21 12:01 . 2005-06-21 12:00 4823796 ----a-w c:\program files\dancer.zip
2005-06-11 10:38 . 2005-06-11 10:38 1520966 ----a-w c:\program files\inetprot2.exe
2005-06-09 12:02 . 2005-06-09 12:02 375398 ----a-w c:\program files\lma-final-1.21.zip
2005-06-01 18:15 . 2005-06-01 17:53 66471271 ----a-w c:\program files\erol_trial_v3.exe
2005-05-05 13:22 . 2005-05-05 13:21 1454080 ----a-w c:\program files\GoogleWebAcceleratorSetup.msi
2005-05-05 12:07 . 2005-05-05 12:07 326167 ----a-w c:\program files\ecommerce30.zip
2005-05-04 15:12 . 2005-05-04 15:12 2799 ----a-w c:\program files\form_php.zip
2005-05-04 14:49 . 2005-04-07 10:23 3608865 ----a-w c:\program files\FormsToGo.exe
2005-05-04 14:19 . 2005-05-04 14:19 168737 ----a-w c:\program files\contactform30.zip
2005-04-28 15:19 . 2005-04-28 15:19 503270 ----a-w c:\program files\AWR_PRO_setup.exe
2005-04-27 11:09 . 2005-04-27 10:59 27123200 ----a-w c:\program files\awrj.msi.part
2005-04-22 14:19 . 2005-04-22 14:16 8539820 ----a-w c:\program files\IBP-Installer.exe
2005-04-20 14:39 . 2005-04-20 14:39 437867 ----a-w c:\program files\grkdademo.zip
2005-04-14 11:09 . 2005-04-14 10:57 7351496 ----a-w c:\program files\INSTALL_MSN_MESSENGER_DL.EXE
2005-04-12 17:48 . 2005-04-12 17:46 3755091 ----a-w c:\program files\httrack-3.33.exe
2005-04-07 10:57 . 2005-04-07 10:57 102211 ----a-w c:\program files\fbsh.exe
2005-03-30 12:11 . 2005-03-30 12:11 1824904 ----a-w c:\program files\dzperl56.exe
2005-03-18 11:31 . 2005-03-18 11:31 54030 ----a-w c:\program files\IISLogfileAnalyser.zip
2005-03-16 15:57 . 2005-03-16 15:54 4634191 ----a-w c:\program files\FileZilla_2_2_12b_setup.exe
2005-02-21 13:40 . 2005-02-21 13:40 101117 ----a-w c:\program files\domit_rss_0_4.zip
2005-02-16 10:56 . 2005-02-16 10:56 1065 ----a-w c:\program files\Cult3D Exporter for 3D Studio Max 6-Uninstall.log
2005-02-16 10:51 . 2005-02-16 10:50 12075965 ----a-w c:\program files\C3DDesigner53Setup.exe
2005-02-10 15:16 . 2005-02-10 15:16 226544 ----a-w c:\program files\jre-1_5_0_01-windows-i586-p-iftw.exe
2005-02-03 13:46 . 2005-02-03 13:46 918274 ----a-w c:\program files\e3kwdcheck.exe
2005-01-10 15:37 . 2005-01-10 15:35 45340 ----a-w c:\program files\htmlarea.zip
2005-01-05 11:38 . 2005-01-05 11:38 122 ----a-w c:\program files\AdbeRdr70_enu_full_FEAD_error.log
2005-09-20 14:2005-05-05 13:23 41:42 . c:\program files\mozilla firefox\components\googlewebaccfirefox.dll
1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w c:\windows\system32\fnmode.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-22_09.32.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-22 11:16 . 2009-04-22 11:16 16384 c:\windows\Temp\Perflib_Perfdata_fb0.dat
+ 2009-04-22 10:23 . 2009-04-22 10:23 16384 c:\windows\Temp\Perflib_Perfdata_7c.dat
+ 2003-03-31 02:00 . 2003-03-31 02:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-04-22 11:16 . 2009-04-22 11:16 148888 c:\windows\system32\javaws.exe
+ 2009-04-22 11:16 . 2009-04-22 11:16 144792 c:\windows\system32\javaw.exe
+ 2009-04-22 11:16 . 2009-04-22 11:16 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-11 25343016]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-22 149040]
"Philips Intelligent Agent"="c:\program files\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2006-04-21 420864]
"Google Update"="c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-12-19 856133]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-12-19 4730880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-22 148888]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-12-11 241664]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-10-17 196670]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2003-12-24 2344160]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"PRISMSVR.EXE"="c:\program files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" [2004-04-26 295001]
"AS00_WPN511"="c:\program files\NETGEAR\WPN511\Utility\WPN511.exe" [2005-02-02 483328]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-28 270648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-09 185632]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-12-12 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-12-19 323584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-11-29 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-18 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-18 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 11:30 72208 ----a-w c:\program files\common files\logishrd\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\SharpReader\\SharpReader.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\webcamXP\\webcamXP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\3dsmax7\\3dsmax.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\IBP 9\\IBP.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\IBP 10\\IBP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Aptana\\Aptana Studio\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\Drivers\Ca533av.sys [2002-10-21 515803]
R3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;c:\windows\system32\DRIVERS\3C154G72.sys [2004-05-18 386432]
R3 BTUsbrXP(R);BT Voyager 1010 USB Adapter;c:\windows\system32\DRIVERS\btusbrxp.sys [2003-01-21 93056]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\DRIVERS\wpn511.sys [2004-08-13 395840]
R3 PCMCIABTXP;BT Voyager 1020 Laptop Adapter;c:\windows\system32\DRIVERS\BTNetXP.sys [2002-11-20 77952]
R3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\Drivers\Bulk533.sys [2002-12-04 11144]
R3 ZSMC302;VIMICRO USB PC Camera; [x]
S0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2006-01-25 78336]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2006-01-17 65536]
S2 InternetProtectorService;Internet Protector System Service;c:\program files\iNet Protector\IProtectorService.exe [2005-05-15 549376]
S2 PGPdisk;PGPdisk; [x]
S2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\Drivers\PGPsdk.sys [2004-06-09 26624]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2006-01-17 1527895]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a0b1d36-bdbe-11da-9a07-00023f6ea8c6}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea660e66-bdbe-11da-9a08-00023f6ea8c6}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2009-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1344734455-1439202154-709122288-1266.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 09:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
TCP: {9C762DC2-C685-4C5E-A179-16A42DF48735} = 217.13.128.17,217.13.128.27
TCP: {AF929751-7500-461A-A08E-4AA733344717} = 217.13.128.17,217.13.128.27
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\mtjvegth.justin\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\Mozilla Firefox\components\googlewebaccfirefox.dll
FF - plugin: c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\mtjvegth.justin\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Justin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPAbacheck.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npswf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAbacheck.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\windows\SYSTEM32\Cult3D\NPMCult3DP.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 11:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????'?n??|?`???? ?(?B???????????????B? ??????

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\cscui.dll
.
Completion time: 2009-04-25 11:11
ComboFix-quarantined-files.txt 2009-04-25 10:09
ComboFix2.txt 2009-04-22 10:47
ComboFix3.txt 2009-04-22 09:54

Pre-Run: 23,252,045,824 bytes free
Post-Run: 23,346,376,704 bytes free

351 --- E O F --- 2009-04-18 10:09

MBAM:
Malwarebytes' Anti-Malware 1.36
Database version: 2039
Windows 5.1.2600 Service Pack 2

25/04/2009 12:02:43
mbam-log-2009-04-25 (12-02-43).txt

Scan type: Quick Scan
Objects scanned: 96039
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Justin\Application Data\FrontBase Plugin.DLL (Trojan.Lop.H) -> Quarantined and deleted successfully.

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 12:42:39, on 25/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\iNet Protector\IProtectorService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C762DC2-C685-4C5E-A179-16A42DF48735}: NameServer = 217.13.128.17,217.13.128.27
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF929751-7500-461A-A08E-4AA733344717}: NameServer = 217.13.128.17,217.13.128.27
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Internet Protector System Service (InternetProtectorService) - Unknown owner - C:\Program Files\iNet Protector\IProtectorService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)

Cheers
Bumpy
Bumpy
Active Member
 
Posts: 11
Joined: March 26th, 2009, 10:30 am

Re: My Hijackthis File and my Issues thread

Unread postby Axephilic » April 25th, 2009, 1:08 pm

Hey Bumpy, sorry about having you run all these different scanners, but each one I have you run shows a new, different infection that needs special attention.

Run LOP S&D
Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Eset Online Scanner

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

In your next reply, please include:
  1. LOPr.txt
  2. ESET log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: My Hijackthis File and my Issues thread

Unread postby Bumpy » April 26th, 2009, 4:59 pm

Hi Adam,

here are the reports you requested.

LOPr.txt

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP Processor 3000+ )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Justin ( Not Administrator ! )
BOOT : Normal boot
Antivirus : AntiVir PersonalEdition Classic Virus Protection 6.38.1.30
(Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:21 Go)
D:\ (CD or DVD)
X:\ (Network Disk)
Z:\ (Network Disk)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 26/04/2009|21:38 )

--------------------\\ Listing folders in APPLIC~1

[11/06/2004|08:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[22/04/2004|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\BPFTP
[10/02/2004|23:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[09/04/2004|14:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
[24/05/2004|16:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[13/04/2004|01:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[25/04/2004|16:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Propellerhead Software
[13/05/2004|23:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Quest Software-Funnelweb
[29/05/2004|01:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[10/02/2004|23:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Share-to-Web Upload Folder
[10/02/2004|23:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[10/02/2004|23:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[10/02/2004|23:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[04/07/2007|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{F0AFE3FA-E254-489E-BCF9-DD5858FF8D49}
[24/04/2009|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/07/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[23/10/2006|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/01/2005|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[18/04/2007|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[09/04/2008|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[15/11/2008|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GlobalSCAPE
[20/07/2007|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/06/2005|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\inetprot
[24/11/2008|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[15/05/2007|14:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Internetware
[26/04/2009|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
[08/02/2008|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[18/04/2009|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[18/04/2009|13:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[16/11/2005|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[21/04/2004|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/04/2009|14:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[25/04/2009|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01/03/2006|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/12/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[29/03/2004|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[08/02/2008|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[18/04/2007|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[04/02/2005|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PGP Corporation
[08/02/2008|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Philips Intelligent Agent
[02/02/2005|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
[28/03/2004|01:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[11/10/2004|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[02/03/2009|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[10/02/2004|23:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/03/2009|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sky
[18/12/2006|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/10/2004|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[24/11/2008|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[12/02/2009|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[10/02/2006|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[15/01/2009|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[01/02/2006|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[03/10/2007|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[18/04/2009|15:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
[31/07/2007|16:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[02/12/2004|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[12/05/2006|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[30/05/2007|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[10/02/2004|23:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/02/2004|23:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/02/2004|23:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Share-to-Web Upload Folder
[10/02/2004|23:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[10/02/2004|23:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[10/02/2004|23:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[23/08/2006|13:20] C:\DOCUME~1\Justin\APPLIC~1\AbsoluteTelnet
[24/04/2009|23:39] C:\DOCUME~1\Justin\APPLIC~1\Adobe
[13/04/2005|16:52] C:\DOCUME~1\Justin\APPLIC~1\AdobeUM
[12/03/2008|17:42] C:\DOCUME~1\Justin\APPLIC~1\Ahead
[21/04/2009|14:15] C:\DOCUME~1\Justin\APPLIC~1\aignes
[07/09/2004|11:22] C:\DOCUME~1\Justin\APPLIC~1\Alien Skin
[23/10/2006|13:53] C:\DOCUME~1\Justin\APPLIC~1\Apple Computer
[27/10/2008|17:53] C:\DOCUME~1\Justin\APPLIC~1\Aptana
[10/09/2004|08:48] C:\DOCUME~1\Justin\APPLIC~1\ART
[24/05/2004|10:51] C:\DOCUME~1\Justin\APPLIC~1\BPFTP
[17/11/2004|12:20] C:\DOCUME~1\Justin\APPLIC~1\CoffeeCup Software
[12/04/2009|14:15] C:\DOCUME~1\Justin\APPLIC~1\CoreFTP
[18/08/2006|17:32] C:\DOCUME~1\Justin\APPLIC~1\COWON
[05/08/2005|11:52] C:\DOCUME~1\Justin\APPLIC~1\eAcceleration
[23/02/2007|16:17] C:\DOCUME~1\Justin\APPLIC~1\FileMaker
[20/04/2009|10:33] C:\DOCUME~1\Justin\APPLIC~1\FileZilla
[15/11/2008|10:44] C:\DOCUME~1\Justin\APPLIC~1\GlobalSCAPE
[06/05/2008|16:11] C:\DOCUME~1\Justin\APPLIC~1\G-Lock Software
[19/12/2005|12:07] C:\DOCUME~1\Justin\APPLIC~1\Good Keywords v2
[25/04/2009|11:01] C:\DOCUME~1\Justin\APPLIC~1\Google
[19/05/2004|08:09] C:\DOCUME~1\Justin\APPLIC~1\Help
[29/04/2004|14:15] C:\DOCUME~1\Justin\APPLIC~1\HP
[23/04/2009|16:11] C:\DOCUME~1\Justin\APPLIC~1\IBP
[10/02/2004|23:03] C:\DOCUME~1\Justin\APPLIC~1\Identities
[12/02/2009|14:03] C:\DOCUME~1\Justin\APPLIC~1\InstallShield
[15/03/2005|16:49] C:\DOCUME~1\Justin\APPLIC~1\InterTrust
[08/09/2004|11:16] C:\DOCUME~1\Justin\APPLIC~1\InterVideo
[10/02/2006|16:53] C:\DOCUME~1\Justin\APPLIC~1\Lavasoft
[08/06/2004|09:42] C:\DOCUME~1\Justin\APPLIC~1\Leadertech
[18/04/2009|13:55] C:\DOCUME~1\Justin\APPLIC~1\Logitech
[02/01/2005|19:11] C:\DOCUME~1\Justin\APPLIC~1\LPC
[16/11/2005|18:00] C:\DOCUME~1\Justin\APPLIC~1\Macromedia
[07/08/2008|10:55] C:\DOCUME~1\Justin\APPLIC~1\MAGIX
[25/04/2009|11:48] C:\DOCUME~1\Justin\APPLIC~1\Malwarebytes
[05/09/2008|13:02] C:\DOCUME~1\Justin\APPLIC~1\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[12/04/2007|14:00] C:\DOCUME~1\Justin\APPLIC~1\Microsoft
[21/07/2004|11:00] C:\DOCUME~1\Justin\APPLIC~1\Microsoft Web Folders
[07/04/2009|09:02] C:\DOCUME~1\Justin\APPLIC~1\Mozilla
[18/04/2007|10:24] C:\DOCUME~1\Justin\APPLIC~1\Nokia
[26/10/2006|13:30] C:\DOCUME~1\Justin\APPLIC~1\OpenOffice.org2
[19/04/2005|11:23] C:\DOCUME~1\Justin\APPLIC~1\Opera
[18/04/2007|10:23] C:\DOCUME~1\Justin\APPLIC~1\PC Suite
[04/02/2005|10:14] C:\DOCUME~1\Justin\APPLIC~1\PGP Corporation
[25/04/2006|19:03] C:\DOCUME~1\Justin\APPLIC~1\PHP Designer 2006
[06/12/2007|09:35] C:\DOCUME~1\Justin\APPLIC~1\ppstream
[07/05/2004|13:26] C:\DOCUME~1\Justin\APPLIC~1\Propellerhead Software
[13/05/2004|15:36] C:\DOCUME~1\Justin\APPLIC~1\Quest Software-Funnelweb
[11/09/2008|15:13] C:\DOCUME~1\Justin\APPLIC~1\Real
[26/11/2008|10:43] C:\DOCUME~1\Justin\APPLIC~1\Research In Motion
[10/02/2004|23:58] C:\DOCUME~1\Justin\APPLIC~1\Share-to-Web Upload Folder
[01/02/2008|17:54] C:\DOCUME~1\Justin\APPLIC~1\SharpReader
[01/01/2005|20:05] C:\DOCUME~1\Justin\APPLIC~1\Site Content Analyzer 2
[26/04/2009|21:30] C:\DOCUME~1\Justin\APPLIC~1\Skype
[08/06/2004|09:42] C:\DOCUME~1\Justin\APPLIC~1\Sonic
[12/02/2009|14:45] C:\DOCUME~1\Justin\APPLIC~1\Sony Corporation
[18/10/2006|20:12] C:\DOCUME~1\Justin\APPLIC~1\SopCast
[28/05/2007|12:14] C:\DOCUME~1\Justin\APPLIC~1\Stardock
[03/04/2006|19:04] C:\DOCUME~1\Justin\APPLIC~1\Star-Tools
[07/01/2008|13:43] C:\DOCUME~1\Justin\APPLIC~1\StomperScrutinizer.80D30D081DF260F3E4CECC0C2A6ADDA2F74D545F.1
[28/05/2007|12:20] C:\DOCUME~1\Justin\APPLIC~1\Styler
[27/10/2008|17:55] C:\DOCUME~1\Justin\APPLIC~1\Subversion
[10/02/2004|23:14] C:\DOCUME~1\Justin\APPLIC~1\Sun
[02/03/2009|17:28] C:\DOCUME~1\Justin\APPLIC~1\SUPERAntiSpyware.com
[10/02/2004|23:49] C:\DOCUME~1\Justin\APPLIC~1\Symantec
[02/09/2004|17:38] C:\DOCUME~1\Justin\APPLIC~1\Talkback
[30/03/2005|13:16] C:\DOCUME~1\Justin\APPLIC~1\TextPad
[07/12/2004|19:07] C:\DOCUME~1\Justin\APPLIC~1\Thunderbird
[11/04/2009|15:10] C:\DOCUME~1\Justin\APPLIC~1\TVU networks
[20/10/2004|16:51] C:\DOCUME~1\Justin\APPLIC~1\Ulead Systems
[13/02/2006|14:33] C:\DOCUME~1\Justin\APPLIC~1\Webroot

[10/02/2004|23:03] C:\DOCUME~1\JUSTIN~1\APPLIC~1\Identities
[06/04/2004|13:58] C:\DOCUME~1\JUSTIN~1\APPLIC~1\InterVideo
[05/04/2004|11:59] C:\DOCUME~1\JUSTIN~1\APPLIC~1\Microsoft
[29/03/2004|08:49] C:\DOCUME~1\JUSTIN~1\APPLIC~1\MSN6
[28/03/2004|01:06] C:\DOCUME~1\JUSTIN~1\APPLIC~1\Propellerhead Software
[10/02/2004|23:58] C:\DOCUME~1\JUSTIN~1\APPLIC~1\Share-to-Web Upload Folder
[10/02/2004|23:35] C:\DOCUME~1\JUSTIN~1\APPLIC~1\Sonic
[10/02/2004|23:14] C:\DOCUME~1\JUSTIN~1\APPLIC~1\Sun
[10/02/2004|23:49] C:\DOCUME~1\JUSTIN~1\APPLIC~1\Symantec

[08/06/2005|11:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/02/2006|12:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[01/02/2006|12:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
[13/02/2006|14:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot

[10/02/2004|23:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[02/06/2006|11:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Mozilla
[15/02/2006|17:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[26/04/2009 21:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1344734455-1439202154-709122288-1266.job
[22/04/2009 12:40][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[25/04/2009 12:08][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/03/2003 03:00][-rah-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/02/2005|21:16] C:\Program Files\3Com
[28/07/2005|12:52] C:\Program Files\Abacast
[18/11/2004|15:02] C:\Program Files\AbsoluteTelnet
[29/12/2006|13:40] C:\Program Files\activePDF
[23/12/2005|12:21] C:\Program Files\Activo Software
[21/05/2008|11:08] C:\Program Files\Adobe
[02/06/2004|13:15] C:\Program Files\Adobe Type Manager
[21/04/2009|13:56] C:\Program Files\AgentWebRanking PRO
[14/05/2004|15:17] C:\Program Files\alexa
[03/12/2005|16:37] C:\Program Files\Aman Software
[10/02/2004|23:25] C:\Program Files\AMD
[10/02/2004|23:11] C:\Program Files\Analog Devices
[15/09/2006|15:42] C:\Program Files\AnimTree
[12/09/2006|21:29] C:\Program Files\APDMenu
[10/02/2004|23:06] C:\Program Files\Apoint2K
[18/10/2006|12:44] C:\Program Files\Apple Software Update
[27/10/2008|17:26] C:\Program Files\Aptana
[12/09/2006|21:21] C:\Program Files\Apycom Java Menus and Buttons
[27/07/2005|11:10] C:\Program Files\Article Equalizer
[12/07/2005|14:59] C:\Program Files\ASPRunnerPro
[29/12/2005|18:34] C:\Program Files\AXE Games
[09/09/2005|10:41] C:\Program Files\Back Link Analyzer v2.0
[27/01/2005|12:49] C:\Program Files\backburner 2
[28/05/2007|12:14] C:\Program Files\Blaero Start Orb
[27/07/2005|14:49] C:\Program Files\Bradbury
[17/08/2006|14:53] C:\Program Files\BT Business Hub
[16/04/2004|16:06] C:\Program Files\BT Voyager
[02/03/2009|11:08] C:\Program Files\Citrix
[29/06/2004|18:22] C:\Program Files\CL5001
[10/09/2004|17:38] C:\Program Files\CodeLifter5
[25/08/2004|16:38] C:\Program Files\CoffeeCup Software
[25/04/2009|11:02] C:\Program Files\Common Files
[03/01/2005|17:48] C:\Program Files\Compress 2000
[15/05/2007|15:00] C:\Program Files\Connect
[04/05/2005|15:20] C:\Program Files\contactform30
[10/09/2006|11:53] C:\Program Files\CoolMenus
[14/02/2007|14:18] C:\Program Files\CSS Tab Designer 2
[13/01/2005|13:14] C:\Program Files\CSVed
[03/08/2004|11:00] C:\Program Files\CubeCart 2.0.1
[16/02/2005|11:52] C:\Program Files\Cycore
[02/08/2005|13:25] C:\Program Files\DBTools Software
[25/08/2004|18:07] C:\Program Files\DHTML Menu Builder
[18/04/2007|10:23] C:\Program Files\DIFX
[24/08/2005|10:48] C:\Program Files\directx
[15/05/2007|15:18] C:\Program Files\do_not_upload
[15/09/2006|15:40] C:\Program Files\DragModule
[21/04/2004|17:19] C:\Program Files\dreamweaver
[30/11/2005|11:13] C:\Program Files\Dynamic
[30/03/2005|13:12] C:\Program Files\DzSoft
[03/02/2005|14:46] C:\Program Files\e3internet
[10/02/2004|23:29] C:\Program Files\Easy Internet signup
[24/02/2006|11:58] C:\Program Files\EasyPHP1-8
[21/07/2005|17:08] C:\Program Files\eBook Software
[24/02/2006|14:23] C:\Program Files\Ecommerce Shopping Cart Software Installer
[11/06/2004|10:44] C:\Program Files\EFQA
[02/03/2009|11:05] C:\Program Files\Email Extractor 1.3.5
[22/04/2004|15:13] C:\Program Files\EPSON
[01/06/2005|19:16] C:\Program Files\EROL 3.6
[26/04/2009|12:18] C:\Program Files\EsetOnlineScanner
[04/03/2009|19:18] C:\Program Files\ewido anti-malware
[22/08/2006|20:29] C:\Program Files\feidian
[09/05/2008|09:40] C:\Program Files\Firebird
[09/05/2008|09:40] C:\Program Files\FlameRobin
[07/04/2005|11:58] C:\Program Files\Form1 Builder
[09/09/2004|11:54] C:\Program Files\formbuilder
[04/05/2005|15:49] C:\Program Files\Forms To Go
[13/05/2004|14:46] C:\Program Files\funnel
[03/10/2008|13:53] C:\Program Files\gdlibrary
[06/05/2008|16:11] C:\Program Files\G-Lock Software
[14/09/2007|12:09] C:\Program Files\Google
[22/06/2004|14:06] C:\Program Files\googleapi
[20/04/2005|15:40] C:\Program Files\GRKdaDemo
[28/03/2007|13:25] C:\Program Files\Hewlett-Packard
[13/09/2006|22:57] C:\Program Files\HideMyIP
[25/04/2009|12:42] C:\Program Files\HIJACKTHIS
[05/07/2007|11:28] C:\Program Files\HISC
[28/10/2007|11:00] C:\Program Files\HP
[04/04/2005|09:41] C:\Program Files\HPQ
[10/01/2005|16:38] C:\Program Files\htmlarea
[31/07/2007|16:11] C:\Program Files\HTMLValidator65
[15/07/2008|16:04] C:\Program Files\IBP 10
[05/06/2007|09:42] C:\Program Files\IBP 9
[16/02/2006|10:46] C:\Program Files\iNet Protector
[30/08/2006|09:36] C:\Program Files\Infinitie_menu
[21/04/2009|14:14] C:\Program Files\InstallShield Installation Information
[06/04/2004|13:06] C:\Program Files\InterActual
[18/04/2009|11:08] C:\Program Files\Internet Explorer
[15/05/2007|14:39] C:\Program Files\Internetware
[27/03/2004|12:20] C:\Program Files\InterVideo
[04/07/2007|13:00] C:\Program Files\iPod
[04/07/2007|13:00] C:\Program Files\iTunes
[16/12/2005|17:49] C:\Program Files\iWeb
[22/04/2009|12:16] C:\Program Files\Java
[05/08/2004|16:09] C:\Program Files\JavaSoft
[20/08/2006|09:07] C:\Program Files\JetAudio
[14/06/2006|11:07] C:\Program Files\Joomla
[14/06/2006|11:01] C:\Program Files\JSAS
[21/04/2009|14:01] C:\Program Files\Kapow Mashup Server 6.3 Openkapow Edition SR1
[17/05/2006|10:58] C:\Program Files\Kayako
[02/05/2008|00:09] C:\Program Files\Kaze to Desktop
[19/01/2005|11:15] C:\Program Files\kd
[29/11/2007|21:21] C:\Program Files\Kinset
[22/04/2004|12:48] C:\Program Files\KnockOut 2
[01/03/2009|12:39] C:\Program Files\Kontiki
[10/02/2006|16:53] C:\Program Files\Lavasoft
[28/05/2007|12:13] C:\Program Files\LClock
[21/04/2009|14:02] C:\Program Files\Link Checker Pro
[13/07/2004|12:16] C:\Program Files\linkch
[21/04/2009|14:02] C:\Program Files\LinkExplore
[18/04/2009|13:53] C:\Program Files\Logitech
[21/02/2006|13:10] C:\Program Files\Macromedia
[16/06/2004|09:35] C:\Program Files\Macromedia Studio MX Plus
[21/04/2009|14:05] C:\Program Files\MAGIX
[19/05/2004|09:19] C:\Program Files\mailer
[25/04/2009|11:48] C:\Program Files\Malwarebytes' Anti-Malware
[04/08/2005|18:28] C:\Program Files\Market Research Wizard
[17/04/2009|10:22] C:\Program Files\Market Samurai
[24/08/2005|10:46] C:\Program Files\MD 40820
[19/08/2008|10:04] C:\Program Files\Messenger
[12/04/2007|13:16] C:\Program Files\Microsoft Expression
[21/07/2004|11:00] C:\Program Files\microsoft frontpage
[21/04/2009|14:08] C:\Program Files\Microsoft Office
[01/03/2009|13:59] C:\Program Files\Microsoft Silverlight
[21/04/2009|14:13] C:\Program Files\Microsoft SQL Server
[12/04/2007|13:16] C:\Program Files\Microsoft Visual Studio
[23/12/2005|12:21] C:\Program Files\Microsoft Visual Studio .NET 2003
[12/04/2007|13:16] C:\Program Files\Microsoft Visual Studio 8
[12/04/2007|13:16] C:\Program Files\Microsoft Works
[20/07/2004|14:06] C:\Program Files\Microsoft.NET
[26/01/2006|17:55] C:\Program Files\mIRC
[03/02/2005|12:00] C:\Program Files\Movie Maker
[26/04/2009|13:58] C:\Program Files\Mozilla Firefox
[16/02/2006|10:58] C:\Program Files\Mozilla Thunderbird
[16/05/2007|10:24] C:\Program Files\mozilla.org
[18/08/2006|17:44] C:\Program Files\Mpeg2Decoder
[13/02/2006|13:22] C:\Program Files\Mpqyt
[29/03/2004|08:49] C:\Program Files\MSN
[02/03/2006|13:20] C:\Program Files\MSN Apps
[10/02/2004|23:03] C:\Program Files\MSN Gaming Zone
[21/04/2009|14:15] C:\Program Files\MSN Messenger
[01/09/2004|15:25] C:\Program Files\msnboot
[16/11/2006|10:15] C:\Program Files\MSXML 4.0
[26/11/2008|10:37] C:\Program Files\MSXML 6.0
[05/09/2006|16:21] C:\Program Files\MX_Cart
[13/09/2006|22:06] C:\Program Files\MySourceMatrixCMS
[03/01/2005|14:14] C:\Program Files\MySQL
[30/01/2008|15:16] C:\Program Files\MySQL Backup & Restore Databases Software
[13/10/2008|13:04] C:\Program Files\MySQL Editor Software
[03/04/2006|19:02] C:\Program Files\MySQL-Front
[03/04/2006|18:29] C:\Program Files\MyTool
[08/02/2008|17:31] C:\Program Files\Nero
[06/06/2005|14:03] C:\Program Files\NETGEAR
[01/09/2005|14:49] C:\Program Files\NetMeeting
[11/04/2006|17:20] C:\Program Files\Network Stumbler
[22/09/2004|17:53] C:\Program Files\newsmanager
[18/04/2007|10:23] C:\Program Files\Nokia
[04/05/2005|14:31] C:\Program Files\oneadmin
[10/02/2004|23:03] C:\Program Files\Online Services
[30/08/2006|09:37] C:\Program Files\OpenCube
[26/10/2006|13:30] C:\Program Files\OpenOffice.org 2.0
[06/02/2007|19:12] C:\Program Files\Opera
[12/06/2007|23:41] C:\Program Files\Outlook Express
[28/07/2004|09:00] C:\Program Files\Overland
[18/04/2007|10:22] C:\Program Files\PC Connectivity Solution
[23/06/2004|08:56] C:\Program Files\PCPHpro
[04/02/2005|10:13] C:\Program Files\PGP
[04/02/2005|10:14] C:\Program Files\PGP Corporation
[25/03/2005|14:35] C:\Program Files\PHD
[08/02/2008|17:40] C:\Program Files\Philips Intelligent Agent
[25/04/2006|18:51] C:\Program Files\PHP DESIGNER 2006
[22/01/2009|16:39] C:\Program Files\PHP Form Wizard
[14/02/2006|13:17] C:\Program Files\PHPRunner
[24/09/2004|13:14] C:\Program Files\pjl exports
[24/09/2004|13:07] C:\Program Files\popsnap
[24/09/2004|13:08] C:\Program Files\Popularity onSnap
[17/04/2006|13:30] C:\Program Files\PPLive TV
[06/12/2007|09:34] C:\Program Files\PPStream
[21/04/2009|13:55] C:\Program Files\pranalyzer
[24/09/2004|13:12] C:\Program Files\pranker
[02/02/2006|22:02] C:\Program Files\PremiumSoft
[09/09/2004|19:22] C:\Program Files\PrintersBench Plus
[30/05/2007|10:29] C:\Program Files\Profit_Loss
[27/03/2004|12:18] C:\Program Files\Program Shortcuts
[20/07/2004|09:07] C:\Program Files\project
[20/07/2004|14:02] C:\Program Files\Project 2003
[24/03/2005|15:38] C:\Program Files\Propellerhead
[26/05/2004|08:12] C:\Program Files\Quest Software
[04/07/2007|12:57] C:\Program Files\QuickTime
[31/07/2007|16:13] C:\Program Files\readerware
[07/05/2004|11:24] C:\Program Files\Real
[10/02/2004|23:35] C:\Program Files\RecordNow!
[24/05/2004|10:52] C:\Program Files\Robo-FTP
[06/12/2006|17:40] C:\Program Files\RORweb
[04/08/2006|15:51] C:\Program Files\RSSeditor
[23/05/2007|12:14] C:\Program Files\RSSGM
[29/10/2004|10:12] C:\Program Files\script32
[28/06/2004|16:10] C:\Program Files\Search_engine_e-book
[19/07/2005|20:30] C:\Program Files\SEO Elite
[21/06/2005|13:03] C:\Program Files\seoEasy
[14/08/2006|11:33] C:\Program Files\Setup
[20/08/2004|16:30] C:\Program Files\SharpReader
[21/02/2006|13:05] C:\Program Files\ShopFactory V6
[03/01/2005|12:01] C:\Program Files\Site Content Analyzer
[03/10/2007|10:39] C:\Program Files\Site Map Pro 2.2
[24/07/2005|21:17] C:\Program Files\Sizer
[01/03/2009|12:39] C:\Program Files\Sky
[22/10/2008|12:59] C:\Program Files\Sky Broadband
[18/12/2006|18:16] C:\Program Files\Skype
[10/05/2007|12:59] C:\Program Files\Smart Explorer
[20/10/2004|16:49] C:\Program Files\SmartSound Software
[01/06/2005|19:17] C:\Program Files\Snapshot Viewer
[19/12/2005|11:51] C:\Program Files\Softnik Technologies
[13/12/2005|15:41] C:\Program Files\SOFTplus
[12/02/2009|14:14] C:\Program Files\Sonic
[12/02/2009|14:07] C:\Program Files\Sony
[12/12/2007|18:21] C:\Program Files\SopCast
[10/06/2004|16:19] C:\Program Files\Sophtware
[16/02/2006|17:58] C:\Program Files\sothink
[01/09/2004|10:15] C:\Program Files\SourceTec
[10/02/2006|14:07] C:\Program Files\Spybot - Search & Destroy
[09/02/2006|19:38] C:\Program Files\SpyderOpts
[14/11/2008|14:41] C:\Program Files\StomperScrutinizer
[28/05/2007|12:20] C:\Program Files\Styler
[08/03/2007|16:19] C:\Program Files\Submit Suite
[02/03/2009|17:27] C:\Program Files\SUPERAntiSpyware
[23/06/2004|09:44] C:\Program Files\Sygate
[04/12/2007|12:49] C:\Program Files\Sysquake LE
[30/03/2005|13:16] C:\Program Files\TextPad 4
[03/08/2005|09:50] C:\Program Files\TH
[05/12/2006|20:02] C:\Program Files\The Internet Marketing Center
[26/03/2008|12:09] C:\Program Files\ThunderStor
[10/09/2006|13:29] C:\Program Files\TigraTreeMenu
[29/10/2004|10:53] C:\Program Files\TMM
[06/06/2005|13:59] C:\Program Files\TotalSpoof
[18/08/2007|15:46] C:\Program Files\tvants
[18/04/2009|15:13] C:\Program Files\TVUPlayer
[04/12/2007|13:06] C:\Program Files\UM Software Lab
[22/07/2005|08:43] C:\Program Files\Uninstall Information
[15/05/2007|15:18] C:\Program Files\upload
[29/05/2007|09:33] C:\Program Files\Vista Sidebar
[28/05/2007|12:14] C:\Program Files\VisualTooltip
[31/05/2007|12:19] C:\Program Files\Web CEO
[05/04/2005|15:47] C:\Program Files\Web Link Validator
[21/04/2009|14:13] C:\Program Files\Web Scraper Plus+
[10/02/2005|16:06] C:\Program Files\webcamXP
[29/08/2006|09:06] C:\Program Files\WebPosition 3
[13/02/2006|14:33] C:\Program Files\Webroot
[10/04/2006|15:21] C:\Program Files\WebSpinner
[16/05/2007|10:26] C:\Program Files\WebXeL
[24/05/2004|10:57] C:\Program Files\Whisper Technology
[04/07/2007|22:18] C:\Program Files\WhosOnV4
[29/12/2005|18:37] C:\Program Files\WildTangent
[14/08/2006|09:56] C:\Program Files\WinAVIVideoConverter
[20/10/2004|16:46] C:\Program Files\Windows Media Components
[13/05/2008|12:36] C:\Program Files\Windows Media Connect 2
[13/05/2008|12:36] C:\Program Files\Windows Media Player
[03/02/2005|11:51] C:\Program Files\Windows NT
[16/08/2004|08:06] C:\Program Files\WindowsUpdate
[04/01/2005|18:33] C:\Program Files\WinRAR
[19/11/2004|17:47] C:\Program Files\WinSCP2
[16/02/2006|11:10] C:\Program Files\WinZip
[16/06/2004|14:27] C:\Program Files\WT7
[10/02/2004|23:03] C:\Program Files\xerox
[23/03/2009|10:35] C:\Program Files\Yahoo!
[05/08/2004|14:54] C:\Program Files\yourshopadmin-bin-v0.2.0-rc1
[05/08/2004|14:49] C:\Program Files\yourshopadmin-src-v0.2.0-rc1
[09/10/2008|16:48] C:\Program Files\Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[20/05/2008|18:20] C:\Program Files\Common Files\Adobe
[17/03/2009|16:04] C:\Program Files\Common Files\Adobe AIR
[08/02/2008|17:34] C:\Program Files\Common Files\Ahead
[04/07/2007|12:50] C:\Program Files\Common Files\Apple
[24/03/2005|15:36] C:\Program Files\Common Files\Autodesk Shared
[18/08/2006|17:20] C:\Program Files\Common Files\COWON
[23/12/2005|12:21] C:\Program Files\Common Files\Crystal Decisions
[01/06/2005|19:17] C:\Program Files\Common Files\DESIGNER
[22/04/2004|15:13] C:\Program Files\Common Files\EPSON
[10/02/2004|23:46] C:\Program Files\Common Files\Hewlett-Packard
[10/02/2004|23:44] C:\Program Files\Common Files\HP
[10/02/2006|17:32] C:\Program Files\Common Files\ikqu
[20/10/2004|16:45] C:\Program Files\Common Files\InstallShield
[10/02/2004|23:13] C:\Program Files\Common Files\Java
[08/02/2008|17:39] C:\Program Files\Common Files\LightScribe
[18/04/2009|13:54] C:\Program Files\Common Files\Logishrd
[16/11/2005|16:53] C:\Program Files\Common Files\Macromedia
[07/06/2004|09:59] C:\Program Files\Common Files\Macromedia Shared
[21/04/2009|14:08] C:\Program Files\Common Files\Microsoft Shared
[10/02/2004|23:03] C:\Program Files\Common Files\MSSoap
[18/04/2007|10:23] C:\Program Files\Common Files\Nokia
[10/02/2004|23:03] C:\Program Files\Common Files\ODBC
[18/04/2007|10:23] C:\Program Files\Common Files\PCSuite
[09/06/2008|11:29] C:\Program Files\Common Files\Real
[02/03/2009|11:23] C:\Program Files\Common Files\Roxio Shared
[10/02/2004|23:03] C:\Program Files\Common Files\Services
[18/12/2006|13:47] C:\Program Files\Common Files\Skype
[10/02/2004|23:35] C:\Program Files\Common Files\Sonic
[21/04/2009|14:11] C:\Program Files\Common Files\SourceTec
[10/02/2004|23:03] C:\Program Files\Common Files\SpeechEngines
[10/02/2004|23:35] C:\Program Files\Common Files\SureThing Shared
[07/02/2006|14:00] C:\Program Files\Common Files\Symantec Shared
[17/04/2006|13:30] C:\Program Files\Common Files\Synacast
[12/06/2007|23:41] C:\Program Files\Common Files\System
[02/03/2009|17:28] C:\Program Files\Common Files\Wise Installation Wizard
[09/06/2008|11:29] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 73 Processes )

IEXPLORE.EXE ~ [PID:5248]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders



C:\DOCUME~1\Justin\Cookies\justin@advertising[2].txt
C:\DOCUME~1\Justin\Cookies\justin@888[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 21:39:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Justin\Application Data\Opera\Opera\profile\images\forums.crackberry.com.ico
C:\DOCUME~1\Justin\Application Data\Opera\Opera\profile\images\www.crack.ms.ico
C:\DOCUME~1\Justin\Application Data\Opera\Opera\profile\images\www.crackserialkeygen.com.bmp
C:\DOCUME~1\Justin\Application Data\Opera\Opera\profile\images\www.keygen.ms.ico


[F:6][D:2]-> C:\DOCUME~1\Justin\LOCALS~1\Temp
[F:787][D:0]-> C:\DOCUME~1\Justin\Cookies
[F:125][D:4]-> C:\DOCUME~1\Justin\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 26/04/2009|21:44 - Option : [1]

--------------------\\ Scan completed at 21:44:56


ESET log:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4035 (20090425)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=1ebc38d12acf3549bb3466ab04843ff8
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-04-26 02:34:37
# local_time=2009-04-26 03:34:37 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=991400
# found=5
# scan_time=11742
C:\Program Files\alexa\Alexa_digitalpoints-20.exe Win32/Adware.Alexa application DCA51F66FDD456D17979A8082D663FC9
C:\Program Files\alexa\Alexa_digitalpoints-20.exe »NSIS »AlxRes.dll Win32/Adware.Alexa application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Documents and Settings\Justin\Application Data\Google\mccklrp32.dll.vir Win32/TrojanDownloader.FakeAlert.YR trojan 67B5B557A0E1503BF118186345FD4765
C:\Qoobox\Quarantine\C\Documents and Settings\Justin\Application Data\Google\wcwdu16814728.exe.vir Win32/TrojanDownloader.FakeAlert.ZK trojan A202A75EFCF94940A6759EA4A17A3A4D
C:\Qoobox\Quarantine\C\WINDOWS\system32\pCastCtl.dll.vir Win32/Adware.DuDu application E9DF2CF17B5B316D67AB2DF8895A9550


HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 21:58:23, on 26/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\iNet Protector\IProtectorService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HIJACKTHIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pa ... eview.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C762DC2-C685-4C5E-A179-16A42DF48735}: NameServer = 217.13.128.17,217.13.128.27
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF929751-7500-461A-A08E-4AA733344717}: NameServer = 217.13.128.17,217.13.128.27
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Internet Protector System Service (InternetProtectorService) - Unknown owner - C:\Program Files\iNet Protector\IProtectorService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)

Best Regards
Bumpy
Last edited by Bumpy on April 26th, 2009, 9:53 pm, edited 1 time in total.
Bumpy
Active Member
 
Posts: 11
Joined: March 26th, 2009, 10:30 am

Re: My Hijackthis File and my Issues thread

Unread postby Axephilic » April 26th, 2009, 5:36 pm

Congratulations, you are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them. If after 48 hours you have not responded to this, then I will assume you have no questions and have the topic closed.

First, lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

You may also delete any other tool that I had you use.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 313 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware