as requested
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:48, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dlbucoms.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nottinghamforest.premiumtv.co.uk/page/Home/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.one.microsoft.com/crl ... crlocx.ocxO17 - HKLM\System\CCS\Services\Tcpip\..\{F4F27770-931E-4811-B3EB-2EFA7C30F454}: NameServer = 212.139.132.27 212.139.132.26
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10175 bytes
ComboFix 08-06-20.4 - vince 2008-07-01 13:49:00.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1522 [GMT 1:00]
Running from: C:\Documents and Settings\vince\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-06-28 04:36 . 2008-06-28 04:36 7,327,865 --a------ C:\WINDOWS\SYSTEM32\LimeWireWin.exe
2008-06-28 04:36 . 2008-06-28 04:36 688,129 --a------ C:\WINDOWS\SYSTEM32\1.4 XR6.exe
2008-06-25 22:51 . 2008-06-25 22:51 <DIR> d-------- C:\Documents and Settings\vince\WINDOWS
2008-06-25 22:40 . 2008-06-25 22:40 <DIR> d-------- C:\Program Files\GSP
2008-06-25 22:39 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe
2008-06-25 22:39 . 2008-06-25 22:41 66 --a------ C:\WINDOWS\GSP_ApRg.INI
2008-06-25 22:31 . 2008-06-25 22:31 <DIR> d-------- C:\Documents and Settings\vince\Application Data\Uniblue
2008-06-25 10:30 . 2008-06-25 10:30 <DIR> d-------- C:\Documents and Settings\vince\Application Data\Apple Computer
2008-06-24 14:23 . 2008-06-24 14:23 <DIR> d-------- C:\VundoFix Backups
2008-06-22 13:46 . 2008-06-22 13:46 29 --a------ C:\WINDOWS\AlphaPlayer.INI
2008-06-22 13:23 . 1999-09-10 12:06 45,056 -ra------ C:\WINDOWS\SYSTEM32\wnaspi32.dll
2008-06-22 13:23 . 1999-09-10 12:06 45,056 -ra------ C:\WINDOWS\SYSTEM32\wnaspi32.bak
2008-06-22 13:23 . 1999-09-10 12:06 25,244 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.sys
2008-06-22 13:23 . 1999-09-10 12:06 5,600 -ra------ C:\WINDOWS\SYSTEM\Winaspi.dll
2008-06-22 13:23 . 1999-09-10 12:06 4,672 -ra------ C:\WINDOWS\SYSTEM\Wowpost.exe
2008-06-22 13:23 . 2008-06-22 13:23 2,368 --a------ C:\WINDOWS\SYSTEM32\STEC3.sys
2008-06-19 17:36 . 2008-06-19 17:36 <DIR> d-------- C:\Program Files\CCleaner
2008-06-14 08:49 . 2008-06-14 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fellowes
2008-06-14 08:48 . 2008-06-14 08:48 <DIR> d-------- C:\Program Files\Fellowes
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys
2008-06-11 14:45 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
2008-06-11 14:45 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-08 08:33 . 2008-06-08 08:33 <DIR> d-------- C:\Program Files\DVD Shrink
2008-06-08 08:33 . 2008-06-08 08:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-07 17:29 . 2008-06-07 17:29 <DIR> d-------- C:\de149883b38d9ef120750e26980c9e
2008-06-07 17:25 . 2008-06-07 17:29 <DIR> d-------- C:\e135fb76c7d00b5aaa55
2008-06-05 20:54 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-06-05 20:52 . 2008-06-05 20:52 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-04 09:46 . 2008-06-04 09:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-01 12:40 --------- d-----w C:\Program Files\Dl_cats
2008-07-01 12:25 --------- d-----w C:\Program Files\SPAMfighter
2008-07-01 10:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-01 07:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-30 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-30 07:55 --------- d-----w C:\Documents and Settings\vince\Application Data\wsInspector
2008-06-29 18:10 --------- d-----w C:\Documents and Settings\vince\Application Data\LimeWire
2008-06-29 14:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-28 13:16 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 13:16 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 12:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 03:37 --------- d-----w C:\Program Files\LimeWire
2008-06-21 07:45 --------- d-----w C:\Documents and Settings\vince\Application Data\Roxio
2008-06-14 07:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-07 16:29 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-05 19:54 --------- d-----w C:\Program Files\Java
2008-06-04 08:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-04 08:47 --------- d-----w C:\Documents and Settings\vince\Application Data\SUPERAntiSpyware.com
2008-05-31 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-05-31 08:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 08:47 60,800 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-05-31 08:47 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 08:47 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 08:47 --------- d-----w C:\Program Files\Symantec
2008-05-29 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-29 14:16 --------- d-----w C:\Program Files\BillP Studios
2008-05-29 14:16 --------- d-----w C:\Documents and Settings\vince\Application Data\WinPatrol
2008-05-23 15:33 --------- d-----w C:\Documents and Settings\vince\Application Data\ArcSoft
2008-05-23 12:12 --------- d-----w C:\Program Files\ArcSoft
2008-05-23 12:11 --------- d-----w C:\Documents and Settings\vince\Application Data\Diino
2008-05-23 11:10 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-23 11:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-23 11:08 1,245,064 ----a-w C:\Documents and Settings\vince\SymLCSVC.EXE
2008-05-22 19:45 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-21 15:19 --------- d-----w C:\Program Files\Sonic
2008-05-15 20:11 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-15 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-15 16:27 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-14 08:01 --------- d-----w C:\Program Files\Dell Photo AIO Printer 942
2008-05-13 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-12 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-12 17:12 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-05-12 17:12 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-12 17:05 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-12 17:05 --------- d-----w C:\Program Files\MSBuild
2008-05-12 14:11 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-05-12 14:11 --------- d--h--r C:\Documents and Settings\vince\Application Data\SecuROM
2008-05-12 14:11 --------- d-----w C:\Documents and Settings\vince\Application Data\Sports Interactive
2008-05-12 14:08 --------- d-----w C:\Program Files\Sports Interactive
2008-05-09 10:17 --------- d-----w C:\Program Files\Sage EBanking
2008-05-09 10:17 --------- d-----w C:\Program Files\Informer50
2008-05-09 10:16 --------- d-----w C:\Program Files\Common Files\Sage Line50
2008-05-09 10:15 --------- d-----w C:\Program Files\Sage
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-08 07:03 --------- d-----w C:\Program Files\Microsoft Works
2008-05-08 07:02 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-06 14:42 --------- d-----w C:\Program Files\Apple Software Update
2008-05-06 14:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-05 14:41 3,434 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-04 17:35 --------- d-----w C:\Program Files\QuickTime
2008-05-04 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-04 16:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-03 08:42 --------- d-----w C:\Program Files\Trend Micro
2008-05-02 07:42 --------- d-----w C:\Program Files\Incomplete
2008-05-01 13:19 --------- d-----w C:\Documents and Settings\vince\Application Data\Malwarebytes
2008-05-01 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 21:16 3,591,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-04-19 08:07 184 ----a-w C:\setuplog.exe
2008-04-14 04:43 92,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rdpdd.dll
2008-04-14 04:43 87,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rdpwsx.dll
2008-04-14 04:43 40,840 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\termdd.sys
2008-04-14 04:43 299,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\drmclien.dll
2008-04-14 04:43 21,896 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tdtcp.sys
2008-04-14 04:43 139,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rdpwd.sys
2008-04-14 04:43 12,168 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tsddd.dll
2008-04-14 04:43 12,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tdpipe.sys
2008-04-14 04:41 98,304 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\actxprxy.dll
2008-04-14 04:40 67,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pmigrate.dll
2008-04-14 04:40 53,760 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pintlcsd.dll
2008-04-14 04:40 53,279 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\odbcji32.dll
2008-04-14 04:40 4,126 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msdxmlc.dll
2008-04-14 04:40 3,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msafd.dll
2008-04-14 04:40 259,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\perm3dd.dll
2008-04-14 04:40 211,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\perm2dll.dll
2008-04-14 04:40 175,104 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pintlcsa.dll
2008-04-14 04:40 15,872 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\padrs404.dll
2008-04-14 04:40 15,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\padrs804.dll
2008-04-13 23:51 162,816 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\netbt.sys
2008-04-13 23:50 91,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ndiswan.sys
2008-04-13 23:50 182,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ndis.sys
2002-04-16 10:27 5 --sha-w C:\WINDOWS\SYSTEM32\CdI5T.drv
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-06-17 14:23 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-23 12:09 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 10:42 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-02-03 09:08 294912]
"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 15:08 262144]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 08:38 185896]
"DLBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 22:47 69632]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-06 22:49 718704]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 18:31 333120]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-02-26 11:10 317072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2004-07-01 19:08 53248 C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-02-26 11:10]
S3 APL531;OVT Scanner;C:\WINDOWS\system32\Drivers\ov550i.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-02 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - vince.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-06-10 17:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-07-01 12:23:56 C:\WINDOWS\Tasks\RegCure Program Check.job"
- G:\RegCure\RegCure.exe
"2008-04-24 08:37:06 C:\WINDOWS\Tasks\RegCure.job"
- G:\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-01 13:50:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-01 13:51:05
ComboFix-quarantined-files.txt 2008-07-01 12:50:53
ComboFix2.txt 2008-07-01 12:48:01
Pre-Run: 136,221,446,144 bytes free
Post-Run: 136,208,478,208 bytes free
233 --- E O F --- 2008-06-20 06:57:17