Jump to content

Recommended Posts

Hi everyone

I'm new to the forum and would welcome any help with regards to my PC problems!

Internet Explorer will not load - hour glass starts, screen flashes momentarily and then nothing happens. Other programs also try and run e.g. systray etc. I have scanned with Malwarebytes and Spybot S&E and neither picked up any issues. I uninstalled AVG after the problem started, as it was not updating.

Most other programs, e.g. e-mail, scans etc seem to be running OK. I am using Windows XP.

Please see my HijackThis Scan (which means nothing to me!) below: -

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:31:14, on 25/01/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17091)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\UMonit.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\MsiExec.exe

E:\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html?p=DK

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

F2 - REG:system.ini: UserInit=userinit.exe,C:\Program Files\iwjoontt\qdbbyndk.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\system32\UMonit.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallati...uot;ver=9.0.872

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [qmidyttv] C:\WINDOWS\TEMP\lnspngfbm\pvbqyuglajb.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo!\Help\bin\matcli.exe

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.co.uk/SnapfishUKActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229600381046

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba250.exe

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--

End of file - 11924 bytes

I would appreciate any advice on how I can get the internet up and running again!

Many thanks

Adam

Link to post
Share on other sites

Hi Adam ;)

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. When we are done you can reinstall AVG. You could use AVG Remover at:

http://www.avg.com/us-en/download-tools

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hi Adam :D

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. When we are done you can reinstall AVG. You could use AVG Remover at:

http://www.avg.com/us-en/download-tools

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Hi

Thank you very much for such a quick response!

I have finally been able to post the results of the ComboFix log. The first time I tried there was an error and the PC wouldn't re-boot correctly (blue screen saying there had been a serious error. I turned it on and off again and did it again and have copied the log below. There is also a'TrapApp' box that keeps popping up on the desktop.

Combo Fix Log: -

ComboFix 11-01-25.05 - callum 26/01/2011 21:04:03.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.455 [GMT 0:00]

Running from: c:\documents and settings\callum\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Internet Explorer\dmlconf.dat

.

---- Previous Run -------

.

c:\documents and settings\NetworkService\Application Data\6AD622C7D128FCB79A5EB986617A56D3\enemies-names.txt

c:\documents and settings\NetworkService\Application Data\6AD622C7D128FCB79A5EB986617A56D3\local.ini

c:\documents and settings\NetworkService\Application Data\desktop.ini

c:\program files\Internet Explorer\dmlconf.dat

C:\Thumbs.db

c:\windows\system32\drivers\npf.sys

c:\windows\system32\msdtc_32.exe

c:\windows\system32\Packet.dll

c:\windows\system32\wpcap.dll

C:\XES9E.tmp

.

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))

.

2011-01-24 22:21 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-01-24 22:21 . 2001-08-17 22:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-01-24 22:21 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-01-24 22:21 . 2001-08-17 22:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-01-24 22:21 . 2001-08-17 22:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-01-24 22:21 . 2001-08-17 22:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2011-01-24 22:21 . 2001-08-17 12:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-01-24 22:21 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-01-24 22:21 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys

2011-01-24 22:21 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-01-24 22:21 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2011-01-24 22:19 . 2001-08-17 12:13 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys

2011-01-24 22:19 . 2004-08-04 04:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll

2011-01-24 22:19 . 2001-08-17 12:13 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys

2011-01-24 22:19 . 2001-08-17 13:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys

2011-01-24 22:19 . 2001-08-17 13:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys

2011-01-24 22:19 . 2001-08-17 13:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys

2011-01-24 22:19 . 2001-08-17 12:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys

2011-01-24 22:19 . 2001-08-17 13:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys

2011-01-24 22:19 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2011-01-24 22:19 . 2001-08-17 13:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2011-01-24 22:19 . 2001-08-17 13:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys

2011-01-24 22:19 . 2001-08-17 13:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys

2011-01-24 22:19 . 2001-08-17 13:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys

2011-01-24 22:17 . 2001-08-17 22:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll

2011-01-24 22:17 . 2001-08-17 22:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll

2011-01-24 22:17 . 2001-08-17 22:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll

2011-01-24 22:17 . 2001-08-17 22:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll

2011-01-24 22:17 . 2004-08-04 04:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe

2011-01-24 22:17 . 2001-08-17 13:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys

2011-01-24 22:17 . 2001-08-17 12:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys

2011-01-24 22:17 . 2001-08-17 22:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll

2011-01-24 22:17 . 2001-08-17 12:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys

2011-01-24 22:17 . 2001-08-17 14:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll

2011-01-24 22:17 . 2001-08-17 12:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys

2011-01-24 22:17 . 2001-08-17 14:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll

2011-01-24 22:15 . 2001-08-17 13:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys

2011-01-24 22:15 . 2001-08-17 13:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys

2011-01-24 22:15 . 2001-08-17 12:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys

2011-01-24 22:15 . 2001-08-17 14:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-01-24 22:15 . 2001-08-17 22:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll

2011-01-24 22:15 . 2001-08-17 13:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys

2011-01-24 22:15 . 2001-08-17 14:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys

2011-01-24 22:15 . 2001-08-17 22:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-01-24 22:15 . 2001-08-17 22:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll

2011-01-24 22:15 . 2001-08-17 22:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll

2011-01-24 22:15 . 2001-08-17 22:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll

2011-01-24 22:15 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys

2011-01-24 22:15 . 2001-08-17 22:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll

2011-01-24 22:13 . 2004-08-04 04:00 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll

2011-01-24 22:12 . 2004-08-04 04:00 29184 ----a-w- c:\windows\system32\dllcache\sm8cw.dll

2011-01-24 22:11 . 2001-07-21 14:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-01-24 22:10 . 2001-08-17 22:36 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll

2011-01-24 22:10 . 2001-08-17 12:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys

2011-01-24 22:10 . 2001-08-17 14:56 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll

2011-01-24 22:10 . 2001-08-17 12:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys

2011-01-24 22:10 . 2001-08-17 14:56 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll

2011-01-24 22:10 . 2001-08-17 12:50 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys

2011-01-24 22:10 . 2001-08-17 14:56 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll

2011-01-24 22:10 . 2001-08-17 14:56 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll

2011-01-24 22:10 . 2001-08-17 22:36 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll

2011-01-24 22:10 . 2001-08-17 12:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys

2011-01-24 22:10 . 2001-08-17 14:56 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll

2011-01-24 22:10 . 2001-08-17 12:50 166720 ----a-w- c:\windows\system32\dllcache\s3m.sys

2011-01-24 22:10 . 2001-08-17 13:57 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys

2011-01-24 22:08 . 2001-08-17 22:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll

2011-01-24 22:07 . 2001-08-17 22:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll

2011-01-24 22:06 . 2004-08-04 04:00 14336 ----a-w- c:\windows\system32\dllcache\padrs412.dll

2011-01-24 22:05 . 2001-08-17 12:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys

2011-01-24 22:04 . 2001-08-17 22:36 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll

2011-01-24 22:03 . 2004-08-04 04:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll

2011-01-24 22:02 . 2001-08-17 14:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll

2011-01-24 22:01 . 2001-08-17 12:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys

2011-01-24 22:00 . 2001-08-17 14:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll

2011-01-24 21:59 . 2001-08-17 22:36 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll

2011-01-24 21:58 . 2001-08-17 13:28 50751 ----a-w- c:\windows\system32\dllcache\hsf_tone.sys

2011-01-24 21:57 . 2001-08-17 22:36 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll

2011-01-24 21:56 . 2001-08-17 12:49 320384 ----a-w- c:\windows\system32\dllcache\g200m.sys

2011-01-24 21:55 . 2001-08-17 13:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys

2011-01-24 21:54 . 2001-08-17 13:50 144896 ----a-w- c:\windows\system32\dllcache\epcfw2k.sys

2011-01-24 21:53 . 2008-04-13 18:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys

2011-01-24 21:52 . 2001-08-17 22:36 80896 ----a-w- c:\windows\system32\dllcache\dc210usd.dll

2011-01-24 21:51 . 2001-08-17 12:13 980034 ----a-w- c:\windows\system32\dllcache\cicap.sys

2011-01-24 21:50 . 2001-08-17 13:12 60416 ----a-w- c:\windows\system32\dllcache\brserwdm.sys

2011-01-24 21:49 . 2001-08-17 12:19 747392 ----a-w- c:\windows\system32\dllcache\adm8830.sys

2011-01-24 19:16 . 2011-01-24 19:16 -------- d-----w- C:\logs

2011-01-24 11:46 . 2011-01-24 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-01-23 17:22 . 2011-01-23 17:22 -------- d-----w- C:\Adobe

2011-01-22 12:35 . 2011-01-26 20:56 -------- d-----w- c:\program files\iwjoontt

2011-01-22 12:35 . 2011-01-22 12:35 149428 --s---w- C:\qdbbyndk.exe

2011-01-22 12:35 . 2011-01-22 14:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-01-17 19:20 . 2011-01-17 19:20 29996 ---h--w- c:\documents and settings\NetworkService\Application Data\ntuser.dat

2011-01-17 19:19 . 2011-01-19 17:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\rbgimmb2ingr2eac1navwizawhgfvst2

2011-01-13 20:45 . 2011-01-13 20:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-01-11 14:50 . 2011-01-26 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 18:09 . 2009-08-16 14:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 18:08 . 2009-08-16 14:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UMonit"="c:\windows\system32\UMonit.exe" [2007-11-12 200704]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-27 185896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 577902]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 291295]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]

"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BT Yahoo! Help.lnk - c:\program files\BT Yahoo!\Help\bin\matcli.exe [N/A]

dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [N/A]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SNDSrvc"=2 (0x2)

"navapsvc"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"SymWSC"=2 (0x2)

"SPBBCSvc"=3 (0x3)

"SBService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [03/10/2010 22:43 59240]

R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]

S2 YHWEIQVX;YHWEIQVX;\??\c:\windows\system32\yhweiqvx.dpj --> c:\windows\system32\yhweiqvx.dpj [?]

S3 FIXUSTOR;FIXUSTOR;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [11/06/2007 09:27 12416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-01-26 c:\windows\Tasks\DMEPeriodicTask.job

- c:\program files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 07:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

AddRemove-InstallShield_{1267949C-73FC-4692-AA22-176F5E909647} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe

AddRemove-InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025} - c:\progra~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

AddRemove-InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe

AddRemove-InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe

AddRemove-Windows Live Toolbar - c:\program files\Windows Live Toolbar\UnInstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-26 21:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

c:\documents and settings\callum\Start Menu\Programs\Startup\qdbbyndk.exe 149428 bytes executable

C:\qdbbyndk.exe 149428 bytes executable

scan completed successfully

hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\YHWEIQVX]

"ImagePath"="\??\c:\windows\system32\yhweiqvx.dpj"

.

Completion time: 2011-01-26 21:21:02

ComboFix-quarantined-files.txt 2011-01-26 21:20

Pre-Run: 76,519,907,328 bytes free

Post-Run: 76,475,822,080 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - 8A592C260133D00CF81

Many thanks

Adam

Link to post
Share on other sites

Hi,

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::
File::
c:\windows\system32\yhweiqvx.dpj
C:\qdbbyndk.exe
Folder::
c:\program files\iwjoontt
Driver::
YHWEIQVX

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Hi,

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::
File::
c:\windows\system32\yhweiqvx.dpj
C:\qdbbyndk.exe
Folder::
c:\program files\iwjoontt
Driver::
YHWEIQVX

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Thanks again for your assitance. Please find the log results below - it's quite long! The SysTray box is still popping up and trying to load.

ComboFix 11-01-25.05 - callum 27/01/2011 20:11:08.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.461 [GMT 0:00]

Running from: c:\documents and settings\callum\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\callum\Desktop\CFScript.txt

FILE ::

"C:\qdbbyndk.exe"

"c:\windows\system32\yhweiqvx.dpj"

.

/wow section - STAGE 48

The system cannot find the path specified.

Access is denied.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\iwjoontt

C:\qdbbyndk.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_YHWEIQVX

-------\Service_YHWEIQVX

((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))

.

2011-01-27 20:20 . 2011-01-27 20:20 -------- d-----w- c:\program files\iwjoontt

2011-01-24 22:21 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2011-01-24 22:21 . 2001-08-17 22:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2011-01-24 22:21 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2011-01-24 22:21 . 2001-08-17 22:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2011-01-24 22:21 . 2001-08-17 22:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2011-01-24 22:21 . 2001-08-17 22:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2011-01-24 22:21 . 2001-08-17 12:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2011-01-24 22:21 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2011-01-24 22:21 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys

2011-01-24 22:21 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2011-01-24 22:21 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2011-01-24 22:19 . 2001-08-17 12:13 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys

2011-01-24 22:19 . 2004-08-04 04:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll

2011-01-24 22:19 . 2001-08-17 12:13 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys

2011-01-24 22:19 . 2001-08-17 13:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys

2011-01-24 22:19 . 2001-08-17 13:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys

2011-01-24 22:19 . 2001-08-17 13:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys

2011-01-24 22:19 . 2001-08-17 12:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys

2011-01-24 22:19 . 2001-08-17 13:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys

2011-01-24 22:19 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2011-01-24 22:19 . 2001-08-17 13:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2011-01-24 22:19 . 2001-08-17 13:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys

2011-01-24 22:19 . 2001-08-17 13:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys

2011-01-24 22:19 . 2001-08-17 13:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys

2011-01-24 22:17 . 2001-08-17 22:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll

2011-01-24 22:17 . 2001-08-17 22:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll

2011-01-24 22:17 . 2001-08-17 22:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll

2011-01-24 22:17 . 2001-08-17 22:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll

2011-01-24 22:17 . 2004-08-04 04:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe

2011-01-24 22:17 . 2001-08-17 13:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys

2011-01-24 22:17 . 2001-08-17 12:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys

2011-01-24 22:17 . 2001-08-17 22:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll

2011-01-24 22:17 . 2001-08-17 12:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys

2011-01-24 22:17 . 2001-08-17 14:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll

2011-01-24 22:17 . 2001-08-17 12:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys

2011-01-24 22:17 . 2001-08-17 14:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll

2011-01-24 22:15 . 2001-08-17 13:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys

2011-01-24 22:15 . 2001-08-17 13:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys

2011-01-24 22:15 . 2001-08-17 12:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys

2011-01-24 22:15 . 2001-08-17 14:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll

2011-01-24 22:15 . 2001-08-17 22:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll

2011-01-24 22:15 . 2001-08-17 13:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys

2011-01-24 22:15 . 2001-08-17 14:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys

2011-01-24 22:15 . 2001-08-17 22:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll

2011-01-24 22:15 . 2001-08-17 22:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll

2011-01-24 22:15 . 2001-08-17 22:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll

2011-01-24 22:15 . 2001-08-17 22:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll

2011-01-24 22:15 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys

2011-01-24 22:15 . 2001-08-17 22:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll

2011-01-24 22:13 . 2004-08-04 04:00 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll

2011-01-24 22:12 . 2004-08-04 04:00 29184 ----a-w- c:\windows\system32\dllcache\sm8cw.dll

2011-01-24 22:11 . 2001-07-21 14:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys

2011-01-24 22:10 . 2001-08-17 22:36 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll

2011-01-24 22:10 . 2001-08-17 12:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys

2011-01-24 22:10 . 2001-08-17 14:56 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll

2011-01-24 22:10 . 2001-08-17 12:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys

2011-01-24 22:10 . 2001-08-17 14:56 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll

2011-01-24 22:10 . 2001-08-17 12:50 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys

2011-01-24 22:10 . 2001-08-17 14:56 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll

2011-01-24 22:10 . 2001-08-17 14:56 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll

2011-01-24 22:10 . 2001-08-17 22:36 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll

2011-01-24 22:10 . 2001-08-17 12:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys

2011-01-24 22:10 . 2001-08-17 14:56 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll

2011-01-24 22:10 . 2001-08-17 12:50 166720 ----a-w- c:\windows\system32\dllcache\s3m.sys

2011-01-24 22:10 . 2001-08-17 13:57 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys

2011-01-24 22:08 . 2001-08-17 22:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll

2011-01-24 22:07 . 2001-08-17 22:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll

2011-01-24 22:06 . 2004-08-04 04:00 14336 ----a-w- c:\windows\system32\dllcache\padrs412.dll

2011-01-24 22:05 . 2001-08-17 12:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys

2011-01-24 22:04 . 2001-08-17 22:36 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll

2011-01-24 22:03 . 2004-08-04 04:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll

2011-01-24 22:02 . 2001-08-17 14:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll

2011-01-24 22:01 . 2001-08-17 12:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys

2011-01-24 22:00 . 2001-08-17 14:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll

2011-01-24 21:59 . 2001-08-17 22:36 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll

2011-01-24 21:58 . 2001-08-17 13:28 50751 ----a-w- c:\windows\system32\dllcache\hsf_tone.sys

2011-01-24 21:57 . 2001-08-17 22:36 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll

2011-01-24 21:56 . 2001-08-17 12:49 320384 ----a-w- c:\windows\system32\dllcache\g200m.sys

2011-01-24 21:55 . 2001-08-17 13:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys

2011-01-24 21:54 . 2001-08-17 13:50 144896 ----a-w- c:\windows\system32\dllcache\epcfw2k.sys

2011-01-24 21:53 . 2008-04-13 18:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys

2011-01-24 21:52 . 2001-08-17 22:36 80896 ----a-w- c:\windows\system32\dllcache\dc210usd.dll

2011-01-24 21:51 . 2001-08-17 12:13 980034 ----a-w- c:\windows\system32\dllcache\cicap.sys

2011-01-24 21:50 . 2001-08-17 13:12 60416 ----a-w- c:\windows\system32\dllcache\brserwdm.sys

2011-01-24 21:49 . 2001-08-17 12:19 747392 ----a-w- c:\windows\system32\dllcache\adm8830.sys

2011-01-24 19:16 . 2011-01-24 19:16 -------- d-----w- C:\logs

2011-01-24 11:46 . 2011-01-24 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-01-23 17:22 . 2011-01-23 17:22 -------- d-----w- C:\Adobe

2011-01-22 12:35 . 2011-01-22 12:35 149428 --s---w- C:\qdbbyndk.exe

2011-01-22 12:35 . 2011-01-22 14:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-01-17 19:20 . 2011-01-17 19:20 29996 ---h--w- c:\documents and settings\NetworkService\Application Data\ntuser.dat

2011-01-17 19:19 . 2011-01-19 17:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\rbgimmb2ingr2eac1navwizawhgfvst2

2011-01-13 20:45 . 2011-01-13 20:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-01-11 14:50 . 2011-01-26 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 18:09 . 2009-08-16 14:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 18:08 . 2009-08-16 14:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-18 18:12 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52 . 2004-08-04 04:00 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:34 . 2004-08-04 04:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:34 . 2004-08-04 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-11-06 00:34 . 2004-08-04 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-06 00:34 . 2004-08-04 04:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-11-03 12:25 . 2004-08-04 04:00 389120 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 04:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

.

((((((((((((((((((((((((((((( SnapShot@2011-01-26_21.17.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-01-27 20:14 . 2011-01-27 20:14 16384 c:\windows\Temp\Perflib_Perfdata_fb0.dat

+ 2011-01-27 20:21 . 2011-01-27 20:21 16384 c:\windows\Temp\Perflib_Perfdata_c00.dat

- 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\SYSTEM32\tzchange.exe

+ 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\SYSTEM32\tzchange.exe

- 2008-05-09 11:43 . 2010-02-22 14:23 17272 c:\windows\SYSTEM32\spmsg.dll

+ 2008-05-09 11:43 . 2009-05-26 11:40 17272 c:\windows\SYSTEM32\spmsg.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 44544 c:\windows\SYSTEM32\pngfilt.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 44544 c:\windows\SYSTEM32\pngfilt.dll

+ 2007-08-13 17:54 . 2010-11-06 00:34 52224 c:\windows\SYSTEM32\msfeedsbs.dll

- 2007-08-13 17:54 . 2010-09-09 13:38 52224 c:\windows\SYSTEM32\msfeedsbs.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 27648 c:\windows\SYSTEM32\jsproxy.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 27648 c:\windows\SYSTEM32\jsproxy.dll

- 2007-08-13 17:39 . 2010-09-08 15:57 13824 c:\windows\SYSTEM32\ieudinit.exe

+ 2007-08-13 17:39 . 2010-11-03 12:24 13824 c:\windows\SYSTEM32\ieudinit.exe

- 2004-08-04 04:00 . 2010-09-09 13:38 44544 c:\windows\SYSTEM32\iernonce.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 44544 c:\windows\SYSTEM32\iernonce.dll

- 2004-08-04 04:00 . 2010-09-08 15:57 70656 c:\windows\SYSTEM32\ie4uinit.exe

+ 2004-08-04 04:00 . 2010-11-03 12:24 70656 c:\windows\SYSTEM32\ie4uinit.exe

+ 2007-08-13 17:36 . 2010-11-06 00:34 63488 c:\windows\SYSTEM32\icardie.dll

- 2007-08-13 17:36 . 2010-09-09 13:38 63488 c:\windows\SYSTEM32\icardie.dll

+ 2004-08-04 04:00 . 2010-10-11 14:59 45568 c:\windows\SYSTEM32\DLLCACHE\wab.exe

+ 2004-08-04 04:00 . 2010-11-06 00:34 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll

+ 2004-08-04 04:00 . 2010-11-02 15:17 40960 c:\windows\SYSTEM32\DLLCACHE\ndproxy.sys

+ 2008-04-21 20:40 . 2010-11-06 00:34 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

- 2008-04-21 20:40 . 2010-09-09 13:38 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

- 2004-08-04 04:00 . 2008-04-14 00:11 81920 c:\windows\SYSTEM32\DLLCACHE\isign32.dll

+ 2004-08-04 04:00 . 2010-11-18 18:12 81920 c:\windows\SYSTEM32\DLLCACHE\isign32.dll

+ 2008-04-21 20:40 . 2010-11-03 12:24 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe

- 2008-04-21 20:40 . 2010-09-08 15:57 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe

- 2004-08-04 04:00 . 2010-09-09 13:38 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll

- 2004-08-04 04:00 . 2010-09-08 15:57 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

+ 2004-08-04 04:00 . 2010-11-03 12:24 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

- 2008-04-21 20:40 . 2010-09-09 13:38 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll

+ 2008-04-21 20:40 . 2010-11-06 00:34 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll

+ 2006-04-13 18:39 . 2011-01-27 20:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2011-01-27 19:47 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\pngfilt.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 52224 c:\windows\ie7updates\KB2416400-IE7\msfeedsbs.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 27648 c:\windows\ie7updates\KB2416400-IE7\jsproxy.dll

+ 2011-01-27 19:47 . 2010-09-08 15:57 13824 c:\windows\ie7updates\KB2416400-IE7\ieudinit.exe

+ 2011-01-27 19:47 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\iernonce.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 78336 c:\windows\ie7updates\KB2416400-IE7\ieencode.dll

+ 2011-01-27 19:47 . 2010-09-08 15:57 70656 c:\windows\ie7updates\KB2416400-IE7\ie4uinit.exe

+ 2011-01-27 19:47 . 2010-09-09 13:38 63488 c:\windows\ie7updates\KB2416400-IE7\icardie.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 17408 c:\windows\ie7updates\KB2416400-IE7\corpol.dll

+ 2006-04-13 18:39 . 2011-01-27 20:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2004-08-04 04:00 . 2010-09-09 13:38 233472 c:\windows\SYSTEM32\webcheck.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 233472 c:\windows\SYSTEM32\webcheck.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 105984 c:\windows\SYSTEM32\url.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 105984 c:\windows\SYSTEM32\url.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 102912 c:\windows\SYSTEM32\occache.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 102912 c:\windows\SYSTEM32\occache.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 671232 c:\windows\SYSTEM32\mstime.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 671232 c:\windows\SYSTEM32\mstime.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 193024 c:\windows\SYSTEM32\msrating.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 193024 c:\windows\SYSTEM32\msrating.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 478208 c:\windows\SYSTEM32\mshtmled.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 478208 c:\windows\SYSTEM32\mshtmled.dll

- 2007-08-13 17:54 . 2010-09-09 13:38 468480 c:\windows\SYSTEM32\msfeeds.dll

+ 2007-08-13 17:54 . 2010-11-06 00:34 468480 c:\windows\SYSTEM32\msfeeds.dll

+ 2007-08-13 17:34 . 2010-11-06 00:34 268288 c:\windows\SYSTEM32\iertutil.dll

- 2007-08-13 17:34 . 2010-09-09 13:38 268288 c:\windows\SYSTEM32\iertutil.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 192512 c:\windows\SYSTEM32\iepeers.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 192512 c:\windows\SYSTEM32\iepeers.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 384512 c:\windows\SYSTEM32\iedkcs32.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 384512 c:\windows\SYSTEM32\iedkcs32.dll

+ 2007-07-11 11:27 . 2010-11-06 00:34 380928 c:\windows\SYSTEM32\ieapfltr.dll

- 2007-07-11 11:27 . 2010-09-09 13:38 380928 c:\windows\SYSTEM32\ieapfltr.dll

- 2004-08-04 04:00 . 2010-08-25 11:29 161792 c:\windows\SYSTEM32\ieakui.dll

+ 2004-08-04 04:00 . 2010-10-18 11:06 161792 c:\windows\SYSTEM32\ieakui.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 230400 c:\windows\SYSTEM32\ieaksie.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 230400 c:\windows\SYSTEM32\ieaksie.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 153088 c:\windows\SYSTEM32\ieakeng.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 153088 c:\windows\SYSTEM32\ieakeng.dll

- 2004-08-10 12:08 . 2010-11-01 12:38 247904 c:\windows\SYSTEM32\FNTCACHE.DAT

+ 2004-08-10 12:08 . 2011-01-27 19:53 247904 c:\windows\SYSTEM32\FNTCACHE.DAT

- 2004-08-04 04:00 . 2010-09-09 13:38 133120 c:\windows\SYSTEM32\extmgr.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 133120 c:\windows\SYSTEM32\extmgr.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 214528 c:\windows\SYSTEM32\dxtrans.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 214528 c:\windows\SYSTEM32\dxtrans.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 347136 c:\windows\SYSTEM32\dxtmsft.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 347136 c:\windows\SYSTEM32\dxtmsft.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll

+ 2004-08-04 04:00 . 2010-11-09 14:52 249856 c:\windows\SYSTEM32\DLLCACHE\odbc32.dll

- 2004-08-04 04:00 . 2008-04-14 00:12 249856 c:\windows\SYSTEM32\DLLCACHE\odbc32.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll

+ 2004-08-04 04:00 . 2010-11-09 14:52 102400 c:\windows\SYSTEM32\DLLCACHE\msjro.dll

- 2004-08-04 04:00 . 2008-04-14 00:12 102400 c:\windows\SYSTEM32\DLLCACHE\msjro.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 478208 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 478208 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll

+ 2008-04-21 20:40 . 2010-11-06 00:34 468480 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll

- 2008-04-21 20:40 . 2010-09-09 13:38 468480 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll

+ 2004-08-04 04:00 . 2010-11-09 14:52 200704 c:\windows\SYSTEM32\DLLCACHE\msadox.dll

- 2004-08-04 04:00 . 2008-04-14 00:11 200704 c:\windows\SYSTEM32\DLLCACHE\msadox.dll

- 2004-08-04 04:00 . 2008-04-14 00:11 180224 c:\windows\SYSTEM32\DLLCACHE\msadomd.dll

+ 2004-08-04 04:00 . 2010-11-09 14:52 180224 c:\windows\SYSTEM32\DLLCACHE\msadomd.dll

- 2004-08-04 04:00 . 2008-04-14 00:11 536576 c:\windows\SYSTEM32\DLLCACHE\msado15.dll

+ 2004-08-04 04:00 . 2010-11-09 14:52 536576 c:\windows\SYSTEM32\DLLCACHE\msado15.dll

- 2004-08-04 04:00 . 2008-04-14 00:11 143360 c:\windows\SYSTEM32\DLLCACHE\msadco.dll

+ 2004-08-04 04:00 . 2010-11-09 14:52 143360 c:\windows\SYSTEM32\DLLCACHE\msadco.dll

+ 2004-08-04 04:00 . 2010-10-18 11:07 634648 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe

- 2004-08-04 04:00 . 2010-08-25 11:30 634648 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe

- 2008-04-21 20:40 . 2010-09-09 13:38 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll

+ 2008-04-21 20:40 . 2010-11-06 00:34 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll

+ 2008-04-21 20:40 . 2010-11-06 00:34 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll

- 2008-04-21 20:40 . 2010-09-09 13:38 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll

- 2004-08-04 04:00 . 2010-08-25 11:29 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll

+ 2004-08-04 04:00 . 2010-10-18 11:06 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll

+ 2004-08-04 04:00 . 2010-10-28 13:13 290048 c:\windows\SYSTEM32\DLLCACHE\atmfd.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll

+ 2004-08-04 04:00 . 2010-10-28 13:13 290048 c:\windows\SYSTEM32\atmfd.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 124928 c:\windows\SYSTEM32\advpack.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 124928 c:\windows\SYSTEM32\advpack.dll

+ 2010-11-12 11:08 . 2010-11-12 11:08 889344 c:\windows\Installer\6046c.msp

- 2006-04-13 18:39 . 2010-11-11 11:05 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2006-04-13 18:39 . 2011-01-27 20:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2006-04-13 18:39 . 2010-11-11 11:05 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2011-01-27 19:47 . 2010-09-09 13:38 832512 c:\windows\ie7updates\KB2416400-IE7\wininet.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 233472 c:\windows\ie7updates\KB2416400-IE7\webcheck.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 105984 c:\windows\ie7updates\KB2416400-IE7\url.dll

+ 2011-01-27 19:47 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2416400-IE7\spuninst\updspapi.dll

+ 2011-01-27 19:47 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2416400-IE7\spuninst\spuninst.exe

+ 2011-01-27 19:47 . 2010-09-09 13:38 102912 c:\windows\ie7updates\KB2416400-IE7\occache.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 671232 c:\windows\ie7updates\KB2416400-IE7\mstime.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 193024 c:\windows\ie7updates\KB2416400-IE7\msrating.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 478208 c:\windows\ie7updates\KB2416400-IE7\mshtmled.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 468480 c:\windows\ie7updates\KB2416400-IE7\msfeeds.dll

+ 2011-01-27 19:47 . 2010-08-25 11:30 634648 c:\windows\ie7updates\KB2416400-IE7\iexplore.exe

+ 2011-01-27 19:47 . 2010-09-09 13:38 268288 c:\windows\ie7updates\KB2416400-IE7\iertutil.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 192512 c:\windows\ie7updates\KB2416400-IE7\iepeers.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 384512 c:\windows\ie7updates\KB2416400-IE7\iedkcs32.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 380928 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dll

+ 2011-01-27 19:47 . 2010-08-25 11:29 161792 c:\windows\ie7updates\KB2416400-IE7\ieakui.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 230400 c:\windows\ie7updates\KB2416400-IE7\ieaksie.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 153088 c:\windows\ie7updates\KB2416400-IE7\ieakeng.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 133120 c:\windows\ie7updates\KB2416400-IE7\extmgr.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 214528 c:\windows\ie7updates\KB2416400-IE7\dxtrans.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 347136 c:\windows\ie7updates\KB2416400-IE7\dxtmsft.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 124928 c:\windows\ie7updates\KB2416400-IE7\advpack.dll

+ 2004-08-04 04:00 . 2010-10-26 13:25 1853312 c:\windows\SYSTEM32\win32k.sys

+ 2004-08-04 04:00 . 2010-11-06 00:34 1168384 c:\windows\SYSTEM32\urlmon.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 1168384 c:\windows\SYSTEM32\urlmon.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 3604480 c:\windows\SYSTEM32\mshtml.dll

- 2007-08-13 17:54 . 2010-09-09 13:38 6075904 c:\windows\SYSTEM32\ieframe.dll

+ 2007-08-13 17:54 . 2010-11-06 00:34 6075904 c:\windows\SYSTEM32\ieframe.dll

+ 2004-08-04 04:00 . 2010-10-26 13:25 1853312 c:\windows\SYSTEM32\DLLCACHE\win32k.sys

+ 2004-08-04 04:00 . 2010-11-06 00:34 1168384 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

- 2004-08-04 04:00 . 2010-09-09 13:38 1168384 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

+ 2004-08-04 04:00 . 2010-11-06 00:34 3604480 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

+ 2008-04-21 20:40 . 2010-11-06 00:34 6075904 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

- 2008-04-21 20:40 . 2010-09-09 13:38 6075904 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

+ 2010-10-22 15:45 . 2010-10-22 15:45 8444928 c:\windows\Installer\60482.msp

+ 2010-12-06 15:02 . 2010-12-06 15:02 5518848 c:\windows\Installer\60453.msp

+ 2010-10-01 21:53 . 2010-10-01 21:53 4147712 c:\windows\Installer\6043e.msp

+ 2011-01-27 19:47 . 2010-09-09 13:38 1168384 c:\windows\ie7updates\KB2416400-IE7\urlmon.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 3601920 c:\windows\ie7updates\KB2416400-IE7\mshtml.dll

+ 2011-01-27 19:47 . 2010-09-09 13:38 6075904 c:\windows\ie7updates\KB2416400-IE7\ieframe.dll

+ 2005-06-20 17:25 . 2011-01-04 17:20 37403080 c:\windows\SYSTEM32\MRT.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UMonit"="c:\windows\system32\UMonit.exe" [2007-11-12 200704]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-27 185896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 577902]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 291295]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]

"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BT Yahoo! Help.lnk - c:\program files\BT Yahoo!\Help\bin\matcli.exe [N/A]

dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [N/A]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\iwjoontt\qdbbyndk.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SNDSrvc"=2 (0x2)

"navapsvc"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"SymWSC"=2 (0x2)

"SPBBCSvc"=3 (0x3)

"SBService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [03/10/2010 22:43 59240]

R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]

S3 FIXUSTOR;FIXUSTOR;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [11/06/2007 09:27 12416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-01-26 c:\windows\Tasks\DMEPeriodicTask.job

- c:\program files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 07:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-27 20:22

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwQueryDirectoryFile

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

c:\documents and settings\callum\Start Menu\Programs\Startup\qdbbyndk.exe 149428 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1536)

c:\windows\system32\WININET.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.EXE

c:\program files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\msiexec.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-01-27 20:26:57 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-27 20:26

ComboFix2.txt 2011-01-26 21:21

Pre-Run: 76,128,395,264 bytes free

Post-Run: 76,063,272,960 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - 19161E161B65D668198B464C714B08B8

Many thanks

Adam

Link to post
Share on other sites

Hi Adam

Please run this online scan:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Hi Adam

Please run this online scan:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Hi Kenny

Thanks again - I'm unable to run the ESET online scanner, as I cannot open a browser on my desktop PC. Is there any other way of doing it?

Also, I do not currently have any anti virus software installed at the moment because I naively uninstalled AVG before posting on this forum as it was not updating, so I though I would just re-install again!

Finally, would backing up my e-mail, documents, photos etc on an external hard drive, followed by a clean install of a new operating system (say Windows 7) solve the problem?

Many thanks

Adam

Link to post
Share on other sites

Hi Adam,

Complete Reformat and Reinstall is the safest way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

  • Backup all your documents and important items only.
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
  • Reformat and Reinstall as outlined HERE

Also, make sure your PC is comptable with Windows 7.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.