Jump to content

sempr0n

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. thanks, but my system is a Dell dimension 3100 32 bit pentium
  2. i have recently installed the Samsung Kies application an when I run MBAM it identifies 80 objects as Trojan.Agent. Many of the objects identified are prefixed "muz" which is a common prefix in the Samsung kies application. I would be grateful if you could investigate and reply as to whether this is a false positive or malware. MBAM /developer log follows... Thanks Simon Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4377 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/08/2010 16:01:39 mbam-log-2010-08-01 (16-01-39).txt Scan type: Quick scan Objects scanned: 224469 Time elapsed: 42 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 50 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 29 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{a043783e-4380-4270-b770-3b457c7d4cdf} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{616ee024-f676-45e5-8933-5be48fa9a60e} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\AppID\{99806add-c5ef-4632-a3d0-3e778b051f94} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{99806add-c5ef-4632-a3d0-3e778b051f94} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\TypeLib\{e7c28ebf-91a9-411a-9293-ce9deb0fd816} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{b792a203-fb64-4909-aefe-a9efb2697e55} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\TypeLib\{067b5d39-578c-4d25-a119-a475e24d5f95} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{039b7df6-3103-48f0-bd6f-24291bc7e637} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{1bd69f2f-96b4-41b3-accf-c46ed55e3a58} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{2194682f-acb0-45ce-b900-3fcd2d13bfb5} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{24d4e9fc-5097-483b-b0fe-6e3ef28bff4a} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{382be372-d636-451d-8fa8-54c51569ad88} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{3a60359d-0eb2-4437-ad15-a08bee794c14} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{46902815-1008-40c8-ba07-4f3d2276e6d2} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{777421f7-878b-426e-b7f7-593cbe6b543d} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{777421f7-878b-426e-b7f7-593cbe6b543f} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{7876dc2b-dd2e-48d3-b182-6e261698aadb} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{9b7984e0-1b06-434d-a233-5323ab08f05f} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{a0f36689-35ea-4b9b-8b16-2236b0581557} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{b1ce34ce-dfa2-4a5e-a99a-5fdef5021994} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{ce9cc21b-4f0c-4da5-9a2b-cb4d6a631228} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{e0778c77-10e3-4ab3-9077-fe845de401b4} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{e5b630a9-c1e3-42f3-b58b-9afa3662c010} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{02aab237-8e24-46ce-bd71-ab4f4df52e3c} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{0d37433c-8c73-458e-a7d6-15de1cec0f91} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{11921be2-a0a6-4532-b708-76537c9bb86d} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{37f08bce-c7b2-48e8-88b0-666bc1c58c36} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{5b2f6a77-8a7e-4aa7-b6d7-fac7657f58bd} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{5e395ec3-30f4-4a0e-a7f6-8878c60e8eb1} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{6126a5f4-a096-4f8a-a272-c54fd7f63c17} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{69f34ba8-7ed4-4911-97f4-4b88adf25441} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{7aa18156-1945-45af-9ac6-f1a9787ace06} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{841643d5-d102-4b24-917c-0caf6d9dfbf1} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{b359b6ea-e892-4018-8cd2-4ecc9bd477a2} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{cbabf241-9875-46c8-bb0b-6f90cc8d12fe} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{e8cd244f-1836-4ffe-af58-1776580d1622} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{f39659cf-699b-47ef-bb19-c15a84bbb143} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{fa150b05-7510-471d-9afb-467b94462fde} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\TypeLib\{b3774019-f8c2-4a55-b075-ff0529b79c31} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{b373722b-f571-43a6-b51d-15766456ca91} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{ba79865a-c1ef-402f-9706-609eb2fb2360} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\Interface\{bae10fb0-a2ac-4c36-92ce-14bd30be0bb6} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{f251bed0-0544-42c7-abbc-93556e513238} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{f1aa2cad-0e89-4239-85e5-a91b69c5862d} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{f92ace0c-4692-4793-bc37-eabc55da988a} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{f9458b32-119c-4301-b86d-53a845894d5b} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{f4a40134-ed3b-4069-bc86-ed9733bd3217} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{f9a9f058-a535-45d3-8414-e80cafd6d31f} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{ff7bcf7c-1d4b-4717-a39a-0db1a107b62b} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] HKEY_CLASSES_ROOT\CLSID\{f817f096-9e9d-45fc-be44-11cef283faea} (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\System32 (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] Files Infected: C:\WINDOWS\system32\System32\cis-2.4.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\issacapi_bs-2.3.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\issacapi_pe-2.3.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\issacapi_se-2.3.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MACXMLProto.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MaDRM.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MaJGUILib.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MaJUtilLib.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MAMACExtract.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MASetupCaller.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MASetupCleaner.exe (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MaXMLProto.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MK_Lyric.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MSCLib.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MSFLib.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MSLUR71.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\msvcp60.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MTTELECHIP.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\MTXSYNCICON.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzaf1.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzapp.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzapp.exe (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzdecode.ax (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzeffect.ax (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzmp4sp.ax (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzmpgsp.ax (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzoggsp.ax (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\muzwmts.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554] C:\WINDOWS\system32\System32\psapi.dll (Trojan.Agent) -> No action taken. [F8D5E8971ABBD49543D126CD7CACE554]
  3. Hi Malware Heroes You have helped me once before and I now have a pretty neighbour in trouble. Her PC is running dead slow from boot onwards (e.g. 5 minutes to get XP signon screen to display). Also, the performance degredation is such that the audio is distorted and elongated. I have run the latest malwarebytes anti-malware version in both quick and full modes. I have fully scanned with AVG anti-virus also. Both scans clean. I enclose a Hijackthis log and would be grateful if someone could cast a suspicious and competent eye over it before I make it worse. Many thanks for your help.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:16:00, on 14/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S43.tmp" /EF "HKCU" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 9704 bytes
  4. Hi Tigger I have not had any error messages since the last fix so that is looking positive. Laptop still runs slowly but that may be its relatively low processor spec. Thanks very much for your help I am most grateful. Cheers
  5. Hi Tigger Glad you are nibbling away at this devil. What exactly are you dealing with. Is it remnants of past infections or a variant of some sort? Many Thanks for your continuing assistance. ComboFix 09-03-06.02 - Winner 2009-03-10 0:32:31.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.45 [GMT 0:00] Running from: c:\fix_trouble\ComboFix.exe Command switches used :: c:\fix_trouble\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\windows\system32\AK083E209605E394C.lie . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AK083E209605E394C.lie . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWSAPAGENT -------\Legacy_VEATVEXHI -------\Service_NwSapAgent -------\Service_VeAtvexhi ((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))))) . 2009-03-10 00:30 . 2009-03-10 00:30 <DIR> d-------- C:\32788R22FWJFW 2009-03-08 00:24 . 2009-03-08 00:24 <DIR> d-------- c:\documents and settings\Winner\jmeeting 2009-03-04 23:05 . 2009-03-04 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-03-04 21:27 . 2009-03-09 10:58 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-04 21:27 . 2009-03-04 21:27 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-04 21:27 . 2009-03-04 21:27 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-04 21:27 . 2009-03-04 21:27 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-03 16:24 . 2008-04-14 00:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-03-03 16:24 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-03-03 16:24 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-03-03 16:24 . 2008-04-14 00:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-03-03 16:24 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-03-03 16:23 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-03-03 16:23 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-03-03 16:23 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-03-03 16:23 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys 2009-03-03 16:23 . 2008-04-14 00:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-03 16:22 . 2001-08-17 13:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys 2009-03-03 16:22 . 2004-08-03 22:31 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys 2009-03-03 16:22 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys 2009-03-03 16:22 . 2008-04-13 18:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys 2009-03-03 16:21 . 2001-08-17 13:28 701,386 --a--c--- c:\windows\system32\dllcache\wdhaalba.sys 2009-03-03 16:21 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll 2009-03-03 16:21 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\wiamsmud.dll 2009-03-03 16:21 . 2001-08-17 12:10 35,871 --a--c--- c:\windows\system32\dllcache\wbfirdma.sys 2009-03-03 16:21 . 2008-04-13 18:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys 2009-03-03 16:21 . 2004-08-03 22:29 23,615 --a--c--- c:\windows\system32\dllcache\wch7xxnt.sys 2009-03-03 16:20 . 2001-08-17 13:28 64,605 --a--c--- c:\windows\system32\dllcache\vvoice.sys 2009-03-03 16:20 . 2004-08-03 22:29 33,599 --a--c--- c:\windows\system32\dllcache\watv04nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 29,311 --a--c--- c:\windows\system32\dllcache\watv01nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 19,551 --a--c--- c:\windows\system32\dllcache\watv02nt.sys 2009-03-03 16:20 . 2001-08-17 12:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys 2009-03-03 16:20 . 2001-08-17 12:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys 2009-03-03 16:20 . 2001-08-17 12:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys 2009-03-03 16:20 . 2004-08-03 22:29 12,415 --a--c--- c:\windows\system32\dllcache\wadv01nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 12,127 --a--c--- c:\windows\system32\dllcache\wadv02nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 11,775 --a--c--- c:\windows\system32\dllcache\wadv05nt.sys 2009-03-03 16:19 . 2001-08-17 13:28 604,253 --a--c--- c:\windows\system32\dllcache\vmodem.sys 2009-03-03 16:19 . 2001-08-17 13:28 397,502 --a--c--- c:\windows\system32\dllcache\vpctcom.sys 2009-03-03 16:19 . 2001-08-17 12:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys 2009-03-03 16:19 . 2001-08-17 13:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys 2009-03-03 16:19 . 2008-04-13 18:40 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys 2009-03-03 16:18 . 2001-08-17 13:28 794,399 --a--c--- c:\windows\system32\dllcache\usr1806v.sys 2009-03-03 16:18 . 2001-08-17 13:28 793,598 --a--c--- c:\windows\system32\dllcache\usr1806.sys 2009-03-03 16:18 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys 2009-03-03 16:18 . 2001-08-17 13:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys 2009-03-03 16:18 . 2001-08-17 13:28 224,802 --a--c--- c:\windows\system32\dllcache\usr1807a.sys 2009-03-03 16:18 . 2001-08-17 13:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys 2009-03-03 16:18 . 2001-08-17 13:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys 2009-03-03 16:17 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-03-03 16:17 . 2001-08-17 22:36 94,720 --a--c--- c:\windows\system32\dllcache\umaxud32.dll 2009-03-03 16:17 . 2001-08-17 22:36 69,632 --a--c--- c:\windows\system32\dllcache\umaxu12.dll 2009-03-03 16:17 . 2004-08-03 22:31 32,384 --a--c--- c:\windows\system32\dllcache\usb101et.sys 2009-03-03 16:17 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\umaxu40.dll 2009-03-03 16:17 . 2001-08-17 22:36 26,624 --a--c--- c:\windows\system32\dllcache\umaxu22.dll 2009-03-03 16:17 . 2008-04-13 18:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-03-03 16:17 . 2008-04-13 18:45 20,608 --a--c--- c:\windows\system32\dllcache\usbuhci.sys 2009-03-03 16:17 . 2008-04-13 18:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-03-03 16:16 . 2001-08-17 22:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll 2009-03-03 16:16 . 2001-08-17 22:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll 2009-03-03 16:16 . 2001-08-17 22:36 50,688 --a--c--- c:\windows\system32\dllcache\umaxscan.dll 2009-03-03 16:16 . 2001-08-17 22:36 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll 2009-03-03 16:16 . 2001-08-17 22:36 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll 2009-03-03 16:16 . 2001-08-17 13:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys 2009-03-03 16:16 . 2001-08-17 13:58 22,912 --a--c--- c:\windows\system32\dllcache\umaxpcls.sys 2009-03-03 16:16 . 2001-08-17 13:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys 2009-03-03 16:15 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-03-03 16:15 . 2001-08-17 14:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll 2009-03-03 16:15 . 2001-08-17 14:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll 2009-03-03 16:15 . 2001-08-17 12:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys 2009-03-03 16:15 . 2001-08-17 12:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys 2009-03-03 16:15 . 2001-08-17 12:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys 2009-03-03 16:14 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys 2009-03-03 16:14 . 2001-08-17 14:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys 2009-03-03 16:14 . 2008-04-14 00:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe 2009-03-03 16:14 . 2001-08-17 22:35 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll 2009-03-03 16:14 . 2001-08-17 12:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys 2009-03-03 16:14 . 2001-08-17 22:36 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll 2009-03-03 16:14 . 2001-08-17 12:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys 2009-03-03 16:14 . 2001-08-17 13:51 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys 2009-03-03 16:13 . 2008-04-13 18:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys 2009-03-03 16:13 . 2001-08-17 12:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys 2009-03-03 16:13 . 2001-08-17 12:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys 2009-03-03 16:13 . 2001-08-17 14:56 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll 2009-03-03 16:13 . 2001-08-17 12:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys 2009-03-03 16:13 . 2001-08-17 12:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys 2009-03-03 16:12 . 2001-08-17 14:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll 2009-03-03 16:12 . 2001-08-17 12:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys 2009-03-03 16:12 . 2001-08-17 14:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys 2009-03-03 16:12 . 2001-08-17 13:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys 2009-03-03 16:12 . 2001-08-17 14:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys 2009-03-03 16:12 . 2001-08-17 13:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys 2009-03-03 16:11 . 2001-08-17 13:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys 2009-03-03 16:11 . 2001-08-17 22:36 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll 2009-03-03 16:11 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll 2009-03-03 16:11 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll 2009-03-03 16:11 . 2001-08-17 14:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys 2009-03-03 16:11 . 2001-08-17 14:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys 2009-03-03 16:11 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll 2009-03-03 16:11 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll 2009-03-03 16:11 . 2001-08-17 14:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys 2009-03-03 16:10 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-03-03 16:10 . 2001-08-17 22:36 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll 2009-03-03 16:10 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll 2009-03-03 16:10 . 2001-08-17 22:36 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll 2009-03-03 16:10 . 2001-08-17 12:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys 2009-03-03 16:10 . 2001-08-17 13:51 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys 2009-03-03 16:09 . 2001-08-17 22:36 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll 2009-03-03 16:09 . 2001-08-17 22:36 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll 2009-03-03 16:09 . 2001-08-17 13:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys 2009-03-03 16:09 . 2001-08-17 12:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys 2009-03-03 16:09 . 2001-08-17 22:36 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll 2009-03-03 16:09 . 2001-08-17 12:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys 2009-03-03 16:09 . 2001-08-17 14:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys 2009-03-03 16:09 . 2001-08-17 13:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys 2009-03-03 16:09 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2009-03-03 16:08 . 2001-08-17 14:56 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll 2009-03-03 16:08 . 2004-08-04 12:00 143,422 --a--c--- c:\windows\system32\dllcache\softkey.dll 2009-03-03 16:08 . 2001-08-17 12:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys 2009-03-03 16:08 . 2001-08-17 12:10 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys 2009-03-03 16:08 . 2001-08-17 12:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys 2009-03-03 16:08 . 2001-08-17 12:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys 2009-03-03 16:08 . 2008-04-13 18:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys 2009-03-03 16:08 . 2008-04-13 18:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys 2009-03-03 16:08 . 2001-08-17 13:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 12:23 --------- d-----w c:\program files\LimeWire 2006-11-01 08:29 21,184 ----a-w c:\documents and settings\Winner\Application Data\GDIPFONTCACHEV1.DAT 2006-06-10 15:09 24,192 ----a-w c:\documents and settings\Winner\usbsermptxp.sys 2006-06-10 15:09 22,768 ----a-w c:\documents and settings\Winner\usbsermpt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 729178] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-04 1932568] "SoundMan"="SOUNDMAN.EXE" [2005-08-18 c:\windows\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-09-21 114688] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-04 21:27 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-04 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-04 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-04 298264] S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2007-08-31 138112] . Contents of the 'Scheduled Tasks' folder 2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-10 00:38:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(808) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-03-10 0:45:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-10 00:45:48 ComboFix2.txt 2009-03-08 10:40:47 Pre-Run: 26,482,860,032 bytes free Post-Run: 26,463,768,576 bytes free Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 255 --- E O F --- 2009-03-03 22:19:40 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:54:28, on 10/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Fix_trouble\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235984590390 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6742 bytes
  6. ComboFix 09-03-06.02 - Winner 2009-03-08 22:41:03.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.46 [GMT 0:00] Running from: c:\fix_trouble\ComboFix.exe Command switches used :: c:\fix_trouble\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\windows\system32\2.tmp c:\windows\system32\drivers\1eb6ce68.sys c:\windows\system32\Drivers\Winpy21.sys c:\windows\system32\jkkKdCRh.dll c:\windows\Tasks\uptmoupp.job E:\fooool.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\1eb6ce68.sys c:\windows\Tasks\uptmoupp.job c:\windows\V2lubmVy\ c:\windows\V2lubmVy\\pZ5RvApV.vbs . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MEMSWEEP2 -------\Legacy_WINPY21 -------\Service_1eb6ce68 -------\Service_Winpy21 ((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))))) . 2009-03-08 00:24 . 2009-03-08 00:24 <DIR> d-------- c:\documents and settings\Winner\jmeeting 2009-03-04 23:05 . 2009-03-04 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-03-04 21:27 . 2009-03-08 09:50 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-04 21:27 . 2009-03-04 21:27 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-04 21:27 . 2009-03-04 21:27 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-04 21:27 . 2009-03-04 21:27 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-04 20:33 . 2009-03-04 20:33 42 --a------ c:\windows\system32\AK083E209605E394C.lie 2009-03-03 16:24 . 2008-04-14 00:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-03-03 16:24 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-03-03 16:24 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-03-03 16:24 . 2008-04-14 00:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-03-03 16:24 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-03-03 16:23 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-03-03 16:23 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-03-03 16:23 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-03-03 16:23 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys 2009-03-03 16:23 . 2008-04-14 00:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-03 16:22 . 2001-08-17 13:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys 2009-03-03 16:22 . 2004-08-03 22:31 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys 2009-03-03 16:22 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys 2009-03-03 16:22 . 2008-04-13 18:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys 2009-03-03 16:21 . 2001-08-17 13:28 701,386 --a--c--- c:\windows\system32\dllcache\wdhaalba.sys 2009-03-03 16:21 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll 2009-03-03 16:21 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\wiamsmud.dll 2009-03-03 16:21 . 2001-08-17 12:10 35,871 --a--c--- c:\windows\system32\dllcache\wbfirdma.sys 2009-03-03 16:21 . 2008-04-13 18:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys 2009-03-03 16:21 . 2004-08-03 22:29 23,615 --a--c--- c:\windows\system32\dllcache\wch7xxnt.sys 2009-03-03 16:20 . 2001-08-17 13:28 64,605 --a--c--- c:\windows\system32\dllcache\vvoice.sys 2009-03-03 16:20 . 2004-08-03 22:29 33,599 --a--c--- c:\windows\system32\dllcache\watv04nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 29,311 --a--c--- c:\windows\system32\dllcache\watv01nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 19,551 --a--c--- c:\windows\system32\dllcache\watv02nt.sys 2009-03-03 16:20 . 2001-08-17 12:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys 2009-03-03 16:20 . 2001-08-17 12:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys 2009-03-03 16:20 . 2001-08-17 12:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys 2009-03-03 16:20 . 2004-08-03 22:29 12,415 --a--c--- c:\windows\system32\dllcache\wadv01nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 12,127 --a--c--- c:\windows\system32\dllcache\wadv02nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 11,775 --a--c--- c:\windows\system32\dllcache\wadv05nt.sys 2009-03-03 16:19 . 2001-08-17 13:28 604,253 --a--c--- c:\windows\system32\dllcache\vmodem.sys 2009-03-03 16:19 . 2001-08-17 13:28 397,502 --a--c--- c:\windows\system32\dllcache\vpctcom.sys 2009-03-03 16:19 . 2001-08-17 12:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys 2009-03-03 16:19 . 2001-08-17 13:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys 2009-03-03 16:19 . 2008-04-13 18:40 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys 2009-03-03 16:18 . 2001-08-17 13:28 794,399 --a--c--- c:\windows\system32\dllcache\usr1806v.sys 2009-03-03 16:18 . 2001-08-17 13:28 793,598 --a--c--- c:\windows\system32\dllcache\usr1806.sys 2009-03-03 16:18 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys 2009-03-03 16:18 . 2001-08-17 13:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys 2009-03-03 16:18 . 2001-08-17 13:28 224,802 --a--c--- c:\windows\system32\dllcache\usr1807a.sys 2009-03-03 16:18 . 2001-08-17 13:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys 2009-03-03 16:18 . 2001-08-17 13:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys 2009-03-03 16:17 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-03-03 16:17 . 2001-08-17 22:36 94,720 --a--c--- c:\windows\system32\dllcache\umaxud32.dll 2009-03-03 16:17 . 2001-08-17 22:36 69,632 --a--c--- c:\windows\system32\dllcache\umaxu12.dll 2009-03-03 16:17 . 2004-08-03 22:31 32,384 --a--c--- c:\windows\system32\dllcache\usb101et.sys 2009-03-03 16:17 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\umaxu40.dll 2009-03-03 16:17 . 2001-08-17 22:36 26,624 --a--c--- c:\windows\system32\dllcache\umaxu22.dll 2009-03-03 16:17 . 2008-04-13 18:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-03-03 16:17 . 2008-04-13 18:45 20,608 --a--c--- c:\windows\system32\dllcache\usbuhci.sys 2009-03-03 16:17 . 2008-04-13 18:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-03-03 16:16 . 2001-08-17 22:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll 2009-03-03 16:16 . 2001-08-17 22:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll 2009-03-03 16:16 . 2001-08-17 22:36 50,688 --a--c--- c:\windows\system32\dllcache\umaxscan.dll 2009-03-03 16:16 . 2001-08-17 22:36 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll 2009-03-03 16:16 . 2001-08-17 22:36 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll 2009-03-03 16:16 . 2001-08-17 13:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys 2009-03-03 16:16 . 2001-08-17 13:58 22,912 --a--c--- c:\windows\system32\dllcache\umaxpcls.sys 2009-03-03 16:16 . 2001-08-17 13:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys 2009-03-03 16:15 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-03-03 16:15 . 2001-08-17 14:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll 2009-03-03 16:15 . 2001-08-17 14:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll 2009-03-03 16:15 . 2001-08-17 12:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys 2009-03-03 16:15 . 2001-08-17 12:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys 2009-03-03 16:15 . 2001-08-17 12:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys 2009-03-03 16:14 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys 2009-03-03 16:14 . 2001-08-17 14:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys 2009-03-03 16:14 . 2008-04-14 00:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe 2009-03-03 16:14 . 2001-08-17 22:35 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll 2009-03-03 16:14 . 2001-08-17 12:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys 2009-03-03 16:14 . 2001-08-17 22:36 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll 2009-03-03 16:14 . 2001-08-17 12:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys 2009-03-03 16:14 . 2001-08-17 13:51 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys 2009-03-03 16:13 . 2008-04-13 18:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys 2009-03-03 16:13 . 2001-08-17 12:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys 2009-03-03 16:13 . 2001-08-17 12:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys 2009-03-03 16:13 . 2001-08-17 14:56 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll 2009-03-03 16:13 . 2001-08-17 12:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys 2009-03-03 16:13 . 2001-08-17 12:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys 2009-03-03 16:12 . 2001-08-17 14:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll 2009-03-03 16:12 . 2001-08-17 12:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys 2009-03-03 16:12 . 2001-08-17 14:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys 2009-03-03 16:12 . 2001-08-17 13:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys 2009-03-03 16:12 . 2001-08-17 14:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys 2009-03-03 16:12 . 2001-08-17 13:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys 2009-03-03 16:11 . 2001-08-17 13:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys 2009-03-03 16:11 . 2001-08-17 22:36 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll 2009-03-03 16:11 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll 2009-03-03 16:11 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll 2009-03-03 16:11 . 2001-08-17 14:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys 2009-03-03 16:11 . 2001-08-17 14:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys 2009-03-03 16:11 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll 2009-03-03 16:11 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll 2009-03-03 16:11 . 2001-08-17 14:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys 2009-03-03 16:10 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-03-03 16:10 . 2001-08-17 22:36 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll 2009-03-03 16:10 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll 2009-03-03 16:10 . 2001-08-17 22:36 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll 2009-03-03 16:10 . 2001-08-17 12:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys 2009-03-03 16:10 . 2001-08-17 13:51 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys 2009-03-03 16:09 . 2001-08-17 22:36 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll 2009-03-03 16:09 . 2001-08-17 22:36 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll 2009-03-03 16:09 . 2001-08-17 13:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys 2009-03-03 16:09 . 2001-08-17 12:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys 2009-03-03 16:09 . 2001-08-17 22:36 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll 2009-03-03 16:09 . 2001-08-17 12:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys 2009-03-03 16:09 . 2001-08-17 14:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys 2009-03-03 16:09 . 2001-08-17 13:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys 2009-03-03 16:09 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2009-03-03 16:08 . 2001-08-17 14:56 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll 2009-03-03 16:08 . 2004-08-04 12:00 143,422 --a--c--- c:\windows\system32\dllcache\softkey.dll 2009-03-03 16:08 . 2001-08-17 12:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys 2009-03-03 16:08 . 2001-08-17 12:10 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys 2009-03-03 16:08 . 2001-08-17 12:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys 2009-03-03 16:08 . 2001-08-17 12:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys 2009-03-03 16:08 . 2008-04-13 18:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys 2009-03-03 16:08 . 2008-04-13 18:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys 2009-03-03 16:08 . 2001-08-17 13:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 12:23 --------- d-----w c:\program files\LimeWire 2006-11-01 08:29 21,184 ----a-w c:\documents and settings\Winner\Application Data\GDIPFONTCACHEV1.DAT 2006-06-10 15:09 24,192 ----a-w c:\documents and settings\Winner\usbsermptxp.sys 2006-06-10 15:09 22,768 ----a-w c:\documents and settings\Winner\usbsermpt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 729178] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-04 1932568] "SoundMan"="SOUNDMAN.EXE" [2005-08-18 c:\windows\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-09-21 114688] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-04 21:27 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-04 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-04 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-04 298264] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2005-10-07 14336] S2 VeAtvexhi;VeAtvexhi;c:\windows\System32\svchost.exe -k netsvcs [2005-10-07 14336] S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2007-08-31 138112] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs VeAtvexhi . Contents of the 'Scheduled Tasks' folder 2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - SafeBoot-Winpy21.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 22:47:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(808) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-03-08 22:54:38 - machine was rebooted [Winner] ComboFix-quarantined-files.txt 2009-03-08 22:54:31 ComboFix2.txt 2009-03-08 10:40:47 Pre-Run: 26,467,307,520 bytes free Post-Run: 26,448,424,960 bytes free Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 269 --- E O F --- 2009-03-03 22:19:40 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:39:30, on 08/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\WINDOWS\explorer.exe C:\Fix_trouble\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235984590390 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6803 bytes
  7. ComboFix 09-03-06.02 - Winner 2009-03-08 10:27:08.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.39 [GMT 0:00] Running from: c:\fix_trouble\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\gkexrxaj.ini c:\windows\system32\ijrcvmoy.ini c:\windows\system32\puilonkc.ini c:\windows\system32\rvgsbgjp.ini c:\windows\system32\SBHOnXyb.ini c:\windows\system32\SBHOnXyb.ini2 c:\windows\system32\TDSSlrvd.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FCI -------\Legacy_ICF -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))))) . 2009-03-08 00:24 . 2009-03-08 00:24 <DIR> d-------- c:\documents and settings\Winner\jmeeting 2009-03-04 23:05 . 2009-03-04 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-03-04 21:27 . 2009-03-08 09:50 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-04 21:27 . 2009-03-04 21:27 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-04 21:27 . 2009-03-04 21:27 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-04 21:27 . 2009-03-04 21:27 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-04 20:33 . 2009-03-04 20:33 42 --a------ c:\windows\system32\AK083E209605E394C.lie 2009-03-03 16:24 . 2008-04-14 00:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-03-03 16:24 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-03-03 16:24 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-03-03 16:24 . 2008-04-14 00:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-03-03 16:24 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-03-03 16:23 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-03-03 16:23 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-03-03 16:23 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-03-03 16:23 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys 2009-03-03 16:23 . 2008-04-14 00:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-03 16:22 . 2001-08-17 13:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys 2009-03-03 16:22 . 2004-08-03 22:31 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys 2009-03-03 16:22 . 2001-08-17 12:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys 2009-03-03 16:22 . 2008-04-13 18:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys 2009-03-03 16:21 . 2001-08-17 13:28 701,386 --a--c--- c:\windows\system32\dllcache\wdhaalba.sys 2009-03-03 16:21 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll 2009-03-03 16:21 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\wiamsmud.dll 2009-03-03 16:21 . 2001-08-17 12:10 35,871 --a--c--- c:\windows\system32\dllcache\wbfirdma.sys 2009-03-03 16:21 . 2008-04-13 18:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys 2009-03-03 16:21 . 2004-08-03 22:29 23,615 --a--c--- c:\windows\system32\dllcache\wch7xxnt.sys 2009-03-03 16:20 . 2001-08-17 13:28 64,605 --a--c--- c:\windows\system32\dllcache\vvoice.sys 2009-03-03 16:20 . 2004-08-03 22:29 33,599 --a--c--- c:\windows\system32\dllcache\watv04nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 29,311 --a--c--- c:\windows\system32\dllcache\watv01nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 19,551 --a--c--- c:\windows\system32\dllcache\watv02nt.sys 2009-03-03 16:20 . 2001-08-17 12:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys 2009-03-03 16:20 . 2001-08-17 12:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys 2009-03-03 16:20 . 2001-08-17 12:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys 2009-03-03 16:20 . 2004-08-03 22:29 12,415 --a--c--- c:\windows\system32\dllcache\wadv01nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 12,127 --a--c--- c:\windows\system32\dllcache\wadv02nt.sys 2009-03-03 16:20 . 2004-08-03 22:29 11,775 --a--c--- c:\windows\system32\dllcache\wadv05nt.sys 2009-03-03 16:19 . 2001-08-17 13:28 604,253 --a--c--- c:\windows\system32\dllcache\vmodem.sys 2009-03-03 16:19 . 2001-08-17 13:28 397,502 --a--c--- c:\windows\system32\dllcache\vpctcom.sys 2009-03-03 16:19 . 2001-08-17 12:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys 2009-03-03 16:19 . 2001-08-17 13:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys 2009-03-03 16:19 . 2008-04-13 18:40 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys 2009-03-03 16:18 . 2001-08-17 13:28 794,399 --a--c--- c:\windows\system32\dllcache\usr1806v.sys 2009-03-03 16:18 . 2001-08-17 13:28 793,598 --a--c--- c:\windows\system32\dllcache\usr1806.sys 2009-03-03 16:18 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys 2009-03-03 16:18 . 2001-08-17 13:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys 2009-03-03 16:18 . 2001-08-17 13:28 224,802 --a--c--- c:\windows\system32\dllcache\usr1807a.sys 2009-03-03 16:18 . 2001-08-17 13:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys 2009-03-03 16:18 . 2001-08-17 13:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys 2009-03-03 16:17 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-03-03 16:17 . 2001-08-17 22:36 94,720 --a--c--- c:\windows\system32\dllcache\umaxud32.dll 2009-03-03 16:17 . 2001-08-17 22:36 69,632 --a--c--- c:\windows\system32\dllcache\umaxu12.dll 2009-03-03 16:17 . 2004-08-03 22:31 32,384 --a--c--- c:\windows\system32\dllcache\usb101et.sys 2009-03-03 16:17 . 2001-08-17 22:36 28,160 --a--c--- c:\windows\system32\dllcache\umaxu40.dll 2009-03-03 16:17 . 2001-08-17 22:36 26,624 --a--c--- c:\windows\system32\dllcache\umaxu22.dll 2009-03-03 16:17 . 2008-04-13 18:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-03-03 16:17 . 2008-04-13 18:45 20,608 --a--c--- c:\windows\system32\dllcache\usbuhci.sys 2009-03-03 16:17 . 2008-04-13 18:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-03-03 16:16 . 2001-08-17 22:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll 2009-03-03 16:16 . 2001-08-17 22:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll 2009-03-03 16:16 . 2001-08-17 22:36 50,688 --a--c--- c:\windows\system32\dllcache\umaxscan.dll 2009-03-03 16:16 . 2001-08-17 22:36 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll 2009-03-03 16:16 . 2001-08-17 22:36 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll 2009-03-03 16:16 . 2001-08-17 13:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys 2009-03-03 16:16 . 2001-08-17 13:58 22,912 --a--c--- c:\windows\system32\dllcache\umaxpcls.sys 2009-03-03 16:16 . 2001-08-17 13:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys 2009-03-03 16:15 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-03-03 16:15 . 2001-08-17 14:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll 2009-03-03 16:15 . 2001-08-17 14:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll 2009-03-03 16:15 . 2001-08-17 12:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys 2009-03-03 16:15 . 2001-08-17 12:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys 2009-03-03 16:15 . 2001-08-17 12:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys 2009-03-03 16:14 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys 2009-03-03 16:14 . 2001-08-17 14:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys 2009-03-03 16:14 . 2008-04-14 00:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe 2009-03-03 16:14 . 2001-08-17 22:35 42,496 --a--c--- c:\windows\system32\dllcache\tp4res.dll 2009-03-03 16:14 . 2001-08-17 12:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys 2009-03-03 16:14 . 2001-08-17 22:36 31,744 --a--c--- c:\windows\system32\dllcache\tp4.dll 2009-03-03 16:14 . 2001-08-17 12:10 28,232 --a--c--- c:\windows\system32\dllcache\tos4mo.sys 2009-03-03 16:14 . 2001-08-17 13:51 4,992 --a--c--- c:\windows\system32\dllcache\toside.sys 2009-03-03 16:13 . 2008-04-13 18:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys 2009-03-03 16:13 . 2001-08-17 12:51 138,528 --a--c--- c:\windows\system32\dllcache\tgiulnt5.sys 2009-03-03 16:13 . 2001-08-17 12:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys 2009-03-03 16:13 . 2001-08-17 14:56 81,408 --a--c--- c:\windows\system32\dllcache\tgiul50.dll 2009-03-03 16:13 . 2001-08-17 12:13 37,961 --a--c--- c:\windows\system32\dllcache\tdk100b.sys 2009-03-03 16:13 . 2001-08-17 12:13 17,129 --a--c--- c:\windows\system32\dllcache\tdkcd31.sys 2009-03-03 16:12 . 2001-08-17 14:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll 2009-03-03 16:12 . 2001-08-17 12:50 36,640 --a--c--- c:\windows\system32\dllcache\t2r4mini.sys 2009-03-03 16:12 . 2001-08-17 14:07 32,640 --a--c--- c:\windows\system32\dllcache\symc8xx.sys 2009-03-03 16:12 . 2001-08-17 13:49 30,464 --a--c--- c:\windows\system32\dllcache\tbatm155.sys 2009-03-03 16:12 . 2001-08-17 14:07 16,256 --a--c--- c:\windows\system32\dllcache\symc810.sys 2009-03-03 16:12 . 2001-08-17 13:52 7,040 --a--c--- c:\windows\system32\dllcache\tandqic.sys 2009-03-03 16:11 . 2001-08-17 13:50 103,936 --a--c--- c:\windows\system32\dllcache\sx.sys 2009-03-03 16:11 . 2001-08-17 22:36 94,293 --a--c--- c:\windows\system32\dllcache\sxports.dll 2009-03-03 16:11 . 2001-08-17 22:36 53,760 --a--c--- c:\windows\system32\dllcache\sw_wheel.dll 2009-03-03 16:11 . 2001-08-17 22:36 41,472 --a--c--- c:\windows\system32\dllcache\sw_effct.dll 2009-03-03 16:11 . 2001-08-17 14:07 30,688 --a--c--- c:\windows\system32\dllcache\sym_u3.sys 2009-03-03 16:11 . 2001-08-17 14:07 28,384 --a--c--- c:\windows\system32\dllcache\sym_hi.sys 2009-03-03 16:11 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpidflt.dll 2009-03-03 16:11 . 2001-08-17 22:36 10,240 --a--c--- c:\windows\system32\dllcache\swpdflt2.dll 2009-03-03 16:11 . 2001-08-17 14:02 3,968 --a--c--- c:\windows\system32\dllcache\swusbflt.sys 2009-03-03 16:10 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-03-03 16:10 . 2001-08-17 22:36 155,648 --a--c--- c:\windows\system32\dllcache\stlnprop.dll 2009-03-03 16:10 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll 2009-03-03 16:10 . 2001-08-17 22:36 53,248 --a--c--- c:\windows\system32\dllcache\stlncoin.dll 2009-03-03 16:10 . 2001-08-17 12:11 48,736 --a--c--- c:\windows\system32\dllcache\srwlnd5.sys 2009-03-03 16:10 . 2001-08-17 13:51 16,896 --a--c--- c:\windows\system32\dllcache\stcusb.sys 2009-03-03 16:09 . 2001-08-17 22:36 114,688 --a--c--- c:\windows\system32\dllcache\sonypi.dll 2009-03-03 16:09 . 2001-08-17 22:36 106,584 --a--c--- c:\windows\system32\dllcache\spdports.dll 2009-03-03 16:09 . 2001-08-17 13:51 61,824 --a--c--- c:\windows\system32\dllcache\speed.sys 2009-03-03 16:09 . 2001-08-17 12:51 37,040 --a--c--- c:\windows\system32\dllcache\sonypi.sys 2009-03-03 16:09 . 2001-08-17 22:36 24,660 --a--c--- c:\windows\system32\dllcache\spxupchk.dll 2009-03-03 16:09 . 2001-08-17 12:51 20,752 --a--c--- c:\windows\system32\dllcache\sonync.sys 2009-03-03 16:09 . 2001-08-17 14:07 19,072 --a--c--- c:\windows\system32\dllcache\sparrow.sys 2009-03-03 16:09 . 2001-08-17 13:53 9,600 --a--c--- c:\windows\system32\dllcache\sonymc.sys 2009-03-03 16:09 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys 2009-03-03 16:08 . 2001-08-17 14:56 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll 2009-03-03 16:08 . 2004-08-04 12:00 143,422 --a--c--- c:\windows\system32\dllcache\softkey.dll 2009-03-03 16:08 . 2001-08-17 12:51 58,368 --a--c--- c:\windows\system32\dllcache\smiminib.sys 2009-03-03 16:08 . 2001-08-17 12:10 35,913 --a--c--- c:\windows\system32\dllcache\smcirda.sys 2009-03-03 16:08 . 2001-08-17 12:12 25,034 --a--c--- c:\windows\system32\dllcache\smcpwr2n.sys 2009-03-03 16:08 . 2001-08-17 12:12 24,576 --a--c--- c:\windows\system32\dllcache\smc8000n.sys 2009-03-03 16:08 . 2008-04-13 18:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys 2009-03-03 16:08 . 2008-04-13 18:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys 2009-03-03 16:08 . 2001-08-17 13:53 7,040 --a--c--- c:\windows\system32\dllcache\snyaitmc.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 12:23 --------- d-----w c:\program files\LimeWire 2006-11-01 08:29 21,184 ----a-w c:\documents and settings\Winner\Application Data\GDIPFONTCACHEV1.DAT 2006-06-10 15:09 24,192 ----a-w c:\documents and settings\Winner\usbsermptxp.sys 2006-06-10 15:09 22,768 ----a-w c:\documents and settings\Winner\usbsermpt.sys 2005-07-29 16:24 472 --sha-r c:\windows\V2lubmVy\pZ5RvApV.vbs . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 729178] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-04 1932568] "SoundMan"="SOUNDMAN.EXE" [2005-08-18 c:\windows\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-09-21 114688] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-04 21:27 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpy21.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-04 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-04 107912] S0 Winpy21;Winpy21;c:\windows\system32\Drivers\Winpy21.sys --> c:\windows\system32\Drivers\Winpy21.sys [?] S1 1eb6ce68;1eb6ce68;c:\windows\system32\drivers\1eb6ce68.sys [2008-12-22 0] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?] S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [2007-08-31 138112] --- Other Services/Drivers In Memory --- *Deregistered* - 6to4 *Deregistered* - ALG *Deregistered* - Apple Mobile Device *Deregistered* - Ati HotKey Poller *Deregistered* - AudioSrv *Deregistered* - avg8wd *Deregistered* - Bonjour Service *Deregistered* - Browser *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - helpsvc *Deregistered* - HTTPFilter *Deregistered* - ImapiService *Deregistered* - iPod Service *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - NwSapAgent *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RemoteAccess *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - UMWdf *Deregistered* - VeAtvexhi *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs VeAtvexhi [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d2bcee-4923-11dc-9579-00173f4e5a8b}] \Shell\AutoRun\command - E:\fooool.exe \Shell\explore\Command - E:\fooool.exe \Shell\open\Command - E:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25727b75-c2b7-11db-9452-00173f4e5a8b}] \Shell\AutoRun\command - F:\fooool.exe \Shell\explore\Command - F:\fooool.exe \Shell\open\Command - F:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dc465df-b62e-11db-9441-00173f4e5a8b}] \Shell\AutoRun\command - E:\fooool.exe \Shell\explore\Command - E:\fooool.exe \Shell\open\Command - E:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{527cf452-7c3f-11dd-98cd-00173f4e5a8b}] \Shell\AutoRun\command - E:\fooool.exe \Shell\explore\Command - E:\fooool.exe \Shell\open\Command - E:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5448d71a-4c6e-11dd-9839-00173f4e5a8b}] \Shell\AutoRun\command - E:\fooool.exe \Shell\explore\Command - E:\fooool.exe \Shell\open\Command - E:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58fe9e88-b6dc-11dd-9966-00142a993dfb}] \Shell\AutoRun\command - E:\fooool.exe \Shell\explore\Command - E:\fooool.exe \Shell\open\Command - E:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9b25aa-37fa-11dd-9801-00173f4e5a8b}] \Shell\AutoRun\command - E:\fooool.exe \Shell\explore\Command - E:\fooool.exe \Shell\open\Command - E:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f88350-9c11-11dc-9678-00142a993dfb}] \Shell\AutoRun\command - E:\fooool.exe \Shell\explore\Command - E:\fooool.exe \Shell\open\Command - E:\fooool.exe . Contents of the 'Scheduled Tasks' folder 2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-03-08 c:\windows\Tasks\uptmoupp.job - c:\windows\system32\jkkKdCRh.dll [] . - - - - ORPHANS REMOVED - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) HKCU-Run-WebPlus7.exe - F:\WEBPLU~1.EXE Notify-awtsTNGy - awtsTNGy.dll SafeBoot-ati6uexx.sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 10:33:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(808) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\AVG\AVG8\avgwdsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-03-08 10:40:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-08 10:40:36 Pre-Run: 26,325,028,864 bytes free Post-Run: 26,483,482,624 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 368 --- E O F --- 2009-03-03 22:19:40 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:23, on 08/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Fix_trouble\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235984590390 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6857 bytes
  8. Hi tigger no zip file to send you... C:\WINDOWS\system32\fqydegxk.dll - was "not found" C:\WINDOWS\system32\drivers\1eb6ce68.sys - was a zero length file
  9. Hi Tigger Added reply yesterday but can't see it listed. So adding again correctly I hope. OTScanIt.Txt OTScanIt.Txt
  10. Hello fellow victims and samaritans I am helping a friend clean a Winbook laptop that was multiple infected with Malware. Initially Malwarebytes (my saviour from a previous encounter) would not load nor would the browser permit access to any AV sites. I managed to get AVG installed which cleaned the machine sufficiently for Malwarebytes to execute. Despite the machine appearing clean to malwarebytes and AVG, I am occasionally getting 'Generic Host Process for Win32 Services has encountered a problem and needs to close'. There is also one odd looking BHO entry in the Hijackthis log. Program load times are taking minutes instead of seconds too. I have attached relevant log information and would appreciate any advice you may be able to offer to resolve the problem. Many thanks in anticipation... Log 1 - this is what malwarebytes identified and dealt with Malwarebytes' Anti-Malware 1.34 Database version: 1814 Windows 5.1.2600 Service Pack 2 02/03/2009 08:51:50 mbam-log-2009-03-02 (08-51-50).txt Scan type: Quick Scan Objects scanned: 84598 Time elapsed: 19 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 48 Registry Values Infected: 14 Registry Data Items Infected: 0 Folders Infected: 11 Files Infected: 59 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ahwqnk (Trojan.Fakealert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati6uexx (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati6uexx (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati6uexx (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati6uexx (Rootkit.Agent) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2009 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\081dd9ec (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Winner\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Winner\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Winner\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Program Files\Spyware Guard 2009 (Rogue.SpywareGuard) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\ahwqnk.dll (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\ati6uexx.sys (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\Winner\Local Settings\Temp\cnwrmsoaxe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Winner\Local Settings\Temp\cwroxensam.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Winner\Local Settings\Temp\TDSSa0c8.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Winner\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ajp1A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\rcy1C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\uls11.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\xwd1E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\yrm17.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\chb12.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\gqn1D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\gzk10.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN15.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hyw9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\jro18.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\kdcF.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\mfhC.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN1.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090222215507421.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Winner\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Winner\Local Settings\Temp\TDSSa03c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSkkbi.log (Trojan.TDSS) -> Quarantined and deleted successfully. =========================== Log 2 - After Malwarebytes repair Malwarebytes' Anti-Malware 1.34 Database version: 1819 Windows 5.1.2600 Service Pack 3 05/03/2009 13:33:24 mbam-log-2009-03-05 (13-33-24).txt Scan type: Full Scan (C:\|) Objects scanned: 137934 Time elapsed: 1 hour(s), 16 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ====================== Log 3 - Hijack this output - post repair Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:36:27, on 05/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Fix_trouble\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe, O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [WebPlus7.exe] F:\WEBPLU~1.EXE /r O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1235984590390 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: atorui.dll hxmwbf.dll xvhneq.dll wutliv.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: awtsTNGy - awtsTNGy.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6980 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.