Jump to content

Google Redirect and IE startup malware


Recommended Posts

It's been a couple of weeks now and I've run out of plausible ideas on how to remove this one. It has two effects I've noted:

1) When I search with Google in Firefox or Chrome (not sure about IE; I've blocked it from accessing the internet)I get a normal list of results. If I click on any of them it redirects me to unrelated pages. Other search engines do not give me the same problem.

2) IE keeps starting up and trying to access the internet but is blocked by my firewall. I close the iexplore.exe process and it pops up again 10 mins or so later. I uninstalled IE8 via Control Panel and it is no longer in my Add/Remove programs list but it is nonetheless still here and repeatedly opening in the background without being asked.

I currently use:

Windows XP Home Edition SP3

Firefox 4.0.1

Virgin Media Security Firewall and AntiVirus (Radialpoint Security)

Since I got this virus I also ran AVG Antivirus, Spybot Search and Destroy and SuperAntiSpyware which have all detected and removed various spyware cookies and trojans but sadly failed to solve the problem.

Yesterday I ran:

* MBAM (twice)

* Defogger

* DDS

* GMER

Any help you can give me would be very much appreciated......... ;)

Steve

The DDS log is as follows:

MBAM Logs, ark and attached.zip are zipped and attached.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26

Run by Steve at 21:36:26 on 2011-06-24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3070.2095 [GMT 1:00]

.

AV: Virgin Media Security Anti-Virus *Enabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: Virgin Media Security Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Virgin Media\Security\Fws.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe

C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Virgin Media\Security\rps.exe

C:\Program Files\Logitech\G35\G35.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe

C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.GOOGLE.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

uURLSearchHooks: H - No File

BHO: AutorunsDisabled - No File

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed

uRun: [backup & Storage] "c:\program files\virginmedia\v stuff backup\Backup & Storage.exe" /delayed

mRun: [Logitech G35] c:\program files\logitech\g35\G35.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [serviceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN

mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNjUwODgzNDMwLVhMKzEtVDQtRlA5Mis2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrMy1UVUcrMy1MU0RTKzI"&"prod=55"&"ver=10.0.1382

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160681654593

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{16D1F4BF-D69F-4993-891E-63914EC2CD46} : NameServer = 92.31.242.20,92.31.242.21

TCP: Interfaces\{80451425-583A-40E2-BC39-984E15CFE742} : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\yj2kaqq4.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4df26e75&v=7.005.030.004&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll

.

---- FIREFOX POLICIES ----

FF - user.js: signed.applets.codebase_principal_support - true

.

/* To avoid the user interaction, add the following lines: */

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/

.

/* GLDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/

.

/* BGFR */

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/

.

/* BILD */

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/

.

/* BTUK */

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/

.

/* CLIC */

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/

.

/* COUK */

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/

.

/* MEDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxps://www.metaboli.de/

.

/* CUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/

.

/* EUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/

.

/* FUNR */

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/

.

/* GONE */

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/

.

/* GUDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/

.

/* META */

FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/

.

/* MNDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/

.

/* MNFR */

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/

.

/* MNUK */

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/

.

/* NCNU */

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/

.

/* QPUK */

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/

.

/* SFFR */

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/

.

/* SPDE */

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/

.

/* WOJ_ */

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/

.

.

============= SERVICES / DRIVERS ===============

.

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2007-4-2 241664]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-4 54752]

R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2011-5-15 1406264]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-10-13 3712]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]

R2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]

R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-5-12 689464]

R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-1-30 17152]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [2009-11-11 53976]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [2009-11-11 335064]

R3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2005-12-21 299776]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-6-8 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-6-8 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-6-8 25736]

S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]

S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\virgin media\security\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-6-8 5832712]

S3 cpuz130;cpuz130;\??\c:\docume~1\steve\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\steve\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\steve\locals~1\temp\ewdmaudn.sys --> c:\docume~1\steve\locals~1\temp\ewdmaudn.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-4-17 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-24 39984]

S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2008-2-9 231040]

S3 MSSQL$ICARE;MSSQL$ICARE;c:\program files\microsoft sql server\mssql$icare\binn\sqlservr.exe -sicare --> c:\program files\microsoft sql server\mssql$icare\binn\sqlservr.exe -sICARE [?]

S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]

S3 SQLAgent$ICARE;SQLAgent$ICARE;c:\program files\microsoft sql server\mssql$icare\binn\sqlagent.exe -i icare --> c:\program files\microsoft sql server\mssql$icare\binn\sqlagent.EXE -i ICARE [?]

S3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]

.

=============== Created Last 30 ================

.

2011-06-24 19:41:08 -------- d-----w- c:\documents and settings\steve\application data\Malwarebytes

2011-06-24 19:40:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-24 19:40:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-24 19:40:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-19 19:32:54 -------- d-----w- c:\program files\SopCast

2011-06-16 20:22:01 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 20:21:54 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-10 19:37:14 -------- d-----w- c:\documents and settings\steve\local settings\application data\AVG Security Toolbar

2011-06-08 23:07:34 -------- d-----w- c:\documents and settings\steve\application data\SUPERAntiSpyware.com

2011-06-08 23:07:34 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-06-08 21:47:37 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2011-06-08 21:47:32 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys

2011-06-08 21:47:21 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys

2011-06-08 21:47:10 -------- d-----w- c:\program files\Raxco

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\repository\export

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-04 06:08:41 -------- d-----w- C:\spoolerlogs

2011-05-29 16:07:50 1115008 ----a-w- c:\windows\system32\ativvamv.dll

2011-05-29 16:07:44 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-05-29 16:07:29 -------- d-----w- c:\program files\ATI

.

==================== Find3M ====================

.

2011-07-14 20:48:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 19:23:11 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-06-24 19:23:03 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-06-24 19:23:03 270856 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-06-24 19:21:10 281296 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47:19 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56:44 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 21:36:41.19 ===============

ark.zip

attach.zip

mbam-log-2011-06-24 (20-50-24).zip

mbam-log-2011-06-24 (21-15-14).txt

Link to post
Share on other sites

Hi,

uTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

Hi Blade,

Many thanks for your reply. I have uninstalled my P2P apps and run Combofix and DDS as directed. I have pasted the Combofix.txt log and DDS log below with the attach.txt file zipped and attached if needed.

Combofix.txt

ComboFix 11-06-27.01 - Steve 27/06/2011 22:21:03.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3070.2439 [GMT 1:00]

Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe

AV: Virgin Media Security Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: Virgin Media Security Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Steve\WINDOWS

c:\windows\settings.reg

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))

.

.

2011-06-24 19:41 . 2011-06-24 19:41 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes

2011-06-24 19:40 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-24 19:40 . 2011-06-24 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-24 19:40 . 2011-06-24 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-16 20:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 20:21 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-10 19:37 . 2011-06-10 19:37 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\AVG Security Toolbar

2011-06-08 23:07 . 2011-06-08 23:07 -------- d-----w- c:\documents and settings\Steve\Application Data\SUPERAntiSpyware.com

2011-06-08 23:07 . 2011-06-08 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-08 21:47 . 2009-10-23 12:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2011-06-08 21:47 . 2011-06-08 21:47 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys

2011-06-08 21:47 . 2011-06-08 21:47 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys

2011-06-08 21:47 . 2011-06-08 21:47 -------- d-----w- c:\program files\Raxco

2011-06-08 21:47 . 2011-06-08 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco

2011-06-05 07:50 . 2011-06-05 07:50 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-04 06:08 . 2011-06-04 06:08 -------- d-----w- C:\spoolerlogs

2011-05-29 16:07 . 2011-05-09 23:55 1115008 ----a-w- c:\windows\system32\ativvamv.dll

2011-05-29 16:07 . 2011-05-09 23:55 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-05-29 16:07 . 2011-05-29 16:07 -------- d-----w- c:\program files\ATI

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-14 20:48 . 2011-05-13 17:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 19:23 . 2007-04-16 21:28 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-06-24 19:23 . 2009-02-18 23:41 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-06-24 19:23 . 2007-04-14 21:31 270856 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-06-24 19:21 . 2007-04-14 21:31 281296 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-05-09 23:55 . 2009-09-23 22:21 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-05-09 23:55 . 2009-09-23 22:19 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-05-09 23:55 . 2009-09-23 22:17 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-05-09 23:55 . 2009-09-23 22:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-05-09 23:55 . 2008-09-12 05:49 3265920 ----a-w- c:\windows\system32\ativvaxx.dll

2011-05-09 23:55 . 2009-09-23 21:32 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-05-09 23:55 . 2008-09-12 05:49 4017408 ----a-w- c:\windows\system32\ati3duag.dll

2011-05-09 23:55 . 2008-09-12 05:49 302080 ----a-w- c:\windows\system32\ati2dvag.dll

2011-05-09 23:55 . 2009-09-23 22:39 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-05-09 23:55 . 2008-09-12 05:49 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-05-09 23:55 . 2001-11-09 15:01 24064 ----a-w- c:\windows\system32\ativcoxx.dll

2011-05-09 23:55 . 2009-09-23 21:36 64512 ----a-w- c:\windows\system32\atimpc32.dll

2011-05-09 23:55 . 2009-09-23 21:36 64512 ----a-w- c:\windows\system32\amdpcom32.dll

2011-05-09 23:55 . 2009-09-23 21:29 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-05-09 23:55 . 2009-09-23 21:58 17743872 ----a-w- c:\windows\system32\atioglxx.dll

2011-05-09 23:55 . 2009-09-23 22:20 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-05-09 23:55 . 2009-09-23 21:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-05-09 23:55 . 2009-09-23 21:29 5459968 ----a-w- c:\windows\system32\aticaldd.dll

2011-05-09 23:55 . 2009-09-23 21:31 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-05-09 23:55 . 2009-09-23 22:21 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-05-09 23:55 . 2008-09-12 05:49 851968 ----a-w- c:\windows\system32\ati2cqag.dll

2011-05-09 23:55 . 2009-02-03 20:52 45056 ----a-w- c:\windows\system32\ATIODCLI.exe

2011-05-09 23:55 . 2009-09-23 21:31 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-05-09 23:55 . 2009-09-23 22:21 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-05-09 23:55 . 2009-09-23 21:27 503808 ----a-w- c:\windows\system32\atiok3x2.dll

2011-05-09 23:55 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe

2011-05-09 23:55 . 2009-09-23 22:11 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-05-09 23:55 . 2009-09-23 21:30 200704 ----a-w- c:\windows\system32\atiadlxx.dll

2011-05-09 23:55 . 2009-02-18 17:55 294912 ----a-w- c:\windows\system32\ATIODE.exe

2011-05-04 03:52 . 2010-08-18 19:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 01:25 . 2007-04-21 08:38 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31 . 2006-10-11 21:37 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47 . 2009-07-04 21:44 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 14:47 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-05-06 17:40 . 2011-05-06 17:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]

@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"

[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]

2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]

@="{15054241-49B4-4FA6-B4C7-A0071F118110}"

[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]

2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Backup & Storage"="c:\program files\VirginMedia\V Stuff Backup\Backup & Storage.exe" [2011-04-04 12273328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2010-10-05 1811800]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]

"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Mas\Start Menu\Programs\Startup\

OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [N/A]

.

c:\documents and settings\Steve\Start Menu\Programs\Startup\AutorunsDisabled

BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-8-29 95232]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-14 805392]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [N/A]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-14 805392]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty world at war\\CoDWaW.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty world at war\\CoDWaWmp.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=

"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\stalker call of pripyat\\Stalker-COP.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1033:TCP"= 1033:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [02/04/2007 11:46 241664]

R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [15/05/2011 21:45 1406264]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [13/10/2006 21:49 3712]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 14:06 80896]

R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [12/05/2011 09:05 689464]

R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [30/01/2009 20:19 17152]

R3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [21/12/2005 18:44 299776]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [08/06/2011 22:48 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [08/06/2011 22:48 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [08/06/2011 22:48 25736]

S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys --> c:\windows\system32\drivers\AVGIDSEH.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2010 19:13 136176]

S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]

S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [08/06/2011 22:47 5832712]

S3 cpuz130;cpuz130;\??\c:\docume~1\Steve\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Steve\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Steve\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\Steve\LOCALS~1\Temp\ewdmaudn.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2010 19:13 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17/04/2011 20:32 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248]

S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [11/11/2009 14:18 53976]

S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [11/11/2009 14:18 335064]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24/06/2011 20:40 39984]

S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [09/02/2008 21:23 231040]

S3 MSSQL$ICARE;MSSQL$ICARE;c:\program files\Microsoft SQL Server\MSSQL$ICARE\Binn\sqlservr.exe -sICARE --> c:\program files\Microsoft SQL Server\MSSQL$ICARE\Binn\sqlservr.exe -sICARE [?]

S3 SQLAgent$ICARE;SQLAgent$ICARE;c:\program files\Microsoft SQL Server\MSSQL$ICARE\Binn\sqlagent.EXE -i ICARE --> c:\program files\Microsoft SQL Server\MSSQL$ICARE\Binn\sqlagent.EXE -i ICARE [?]

S3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [18/11/2008 11:01 15496]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 7F0573A8

*NewlyCreated* - 9C044A42

*NewlyCreated* - C29997C5

*Deregistered* - 7f0573a8

*Deregistered* - 9c044a42

*Deregistered* - c29997c5

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan sysagent

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 18:13]

.

2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 18:13]

.

2011-03-20 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 1 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 2 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 3 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 4 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 5 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.GOOGLE.com

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{16D1F4BF-D69F-4993-891E-63914EC2CD46}: NameServer = 92.31.242.20,92.31.242.21

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\yj2kaqq4.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4df26e75&v=7.005.030.004&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=

FF - user.js: signed.applets.codebase_principal_support - true

/* To avoid the user interaction, add the following lines: */

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/

/* GLDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/

/* BGFR */

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/

/* BILD */

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/

/* BTUK */

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/

/* CLIC */

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/

/* COUK */

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/

/* MEDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxps://www.metaboli.de/

/* CUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/

/* EUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/

/* FUNR */

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/

/* GONE */

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/

/* GUDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/

/* META */

FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/

/* MNDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/

/* MNFR */

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/

/* MNUK */

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/

/* NCNU */

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/

/* QPUK */

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/

/* SFFR */

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/

/* SPDE */

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/

/* WOJ_ */

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-V Stuff Backup - c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe

Notify-WgaLogon - (no file)

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-27 22:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-57989841-1390067357-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:0f,af,79,a2,f9,4a,26,21,81,e9,d6,88,4b,af,96,15,15,c2,e9,53,2b,d9,b1,

2c,81,11,21,93,8f,c2,20,86,0b,21,dc,cf,81,36,73,f8,e5,3c,98,3e,9f,27,be,44,\

"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

.

[HKEY_USERS\S-1-5-21-57989841-1390067357-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:c6,17,58,97,2b,f3,32,ec,53,bc,ff,80,11,6e,4f,79,bf,50,df,b3,ad,

47,dd,20,3e,1f,94,35,31,ce,70,a5,fd,7e,61,f1,9c,9e,48,ab,a5,a3,a6,dc,02,c7,\

"rkeysecu"=hex:10,cc,8b,28,b3,1f,25,e1,36,cb,bf,7d,60,91,e3,f3

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1248)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

Completion time: 2011-06-27 22:29:28

ComboFix-quarantined-files.txt 2011-06-27 21:29

.

Pre-Run: 59,836,542,976 bytes free

Post-Run: 60,292,022,272 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 92A29483A78EE3C2DED341ECD4E19C8F

The new DDS log is:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26

Run by Steve at 22:31:38 on 2011-06-27

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3070.2477 [GMT 1:00]

.

AV: Virgin Media Security Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: Virgin Media Security Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Virgin Media\Security\Fws.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Logitech\G35\G35.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.GOOGLE.com

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

BHO: AutorunsDisabled - No File

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [backup & Storage] "c:\program files\virginmedia\v stuff backup\Backup & Storage.exe" /delayed

mRun: [Logitech G35] c:\program files\logitech\g35\G35.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [serviceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN

mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNjUwODgzNDMwLVhMKzEtVDQtRlA5Mis2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrMy1UVUcrMy1MU0RTKzI"&"prod=55"&"ver=10.0.1382

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160681654593

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{16D1F4BF-D69F-4993-891E-63914EC2CD46} : NameServer = 92.31.242.20,92.31.242.21

TCP: Interfaces\{80451425-583A-40E2-BC39-984E15CFE742} : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\yj2kaqq4.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4df26e75&v=7.005.030.004&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll

.

---- FIREFOX POLICIES ----

FF - user.js: signed.applets.codebase_principal_support - true

/* To avoid the user interaction, add the following lines: */

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/

/* GLDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/

/* BGFR */

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/

/* BILD */

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/

/* BTUK */

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/

/* CLIC */

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/

/* COUK */

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/

/* MEDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxps://www.metaboli.de/

/* CUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/

/* EUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/

/* FUNR */

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/

/* GONE */

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/

/* GUDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/

/* META */

FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/

/* MNDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/

/* MNFR */

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/

/* MNUK */

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/

/* NCNU */

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/

/* QPUK */

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/

/* SFFR */

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/

/* SPDE */

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/

/* WOJ_ */

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/

.

============= SERVICES / DRIVERS ===============

.

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2007-4-2 241664]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-4 54752]

R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2011-5-15 1406264]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-10-13 3712]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]

R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-5-12 689464]

R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-1-30 17152]

R3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2005-12-21 299776]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-6-8 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-6-8 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-6-8 25736]

S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]

S2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]

S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\virgin media\security\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-6-8 5832712]

S3 cpuz130;cpuz130;\??\c:\docume~1\steve\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\steve\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\steve\locals~1\temp\ewdmaudn.sys --> c:\docume~1\steve\locals~1\temp\ewdmaudn.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-4-17 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [2009-11-11 53976]

S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [2009-11-11 335064]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-24 39984]

S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2008-2-9 231040]

S3 MSSQL$ICARE;MSSQL$ICARE;c:\program files\microsoft sql server\mssql$icare\binn\sqlservr.exe -sicare --> c:\program files\microsoft sql server\mssql$icare\binn\sqlservr.exe -sICARE [?]

S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]

S3 SQLAgent$ICARE;SQLAgent$ICARE;c:\program files\microsoft sql server\mssql$icare\binn\sqlagent.exe -i icare --> c:\program files\microsoft sql server\mssql$icare\binn\sqlagent.EXE -i ICARE [?]

S3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]

.

=============== Created Last 30 ================

.

2011-06-27 21:17:02 -------- d-sha-r- C:\cmdcons

2011-06-27 21:15:05 98816 ----a-w- c:\windows\sed.exe

2011-06-27 21:15:05 518144 ----a-w- c:\windows\SWREG.exe

2011-06-27 21:15:05 256512 ----a-w- c:\windows\PEV.exe

2011-06-27 21:15:05 208896 ----a-w- c:\windows\MBR.exe

2011-06-24 19:41:08 -------- d-----w- c:\documents and settings\steve\application data\Malwarebytes

2011-06-24 19:40:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-24 19:40:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-24 19:40:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-16 20:22:01 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 20:21:54 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-10 19:37:14 -------- d-----w- c:\documents and settings\steve\local settings\application data\AVG Security Toolbar

2011-06-08 23:07:34 -------- d-----w- c:\documents and settings\steve\application data\SUPERAntiSpyware.com

2011-06-08 23:07:34 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-06-08 21:47:37 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2011-06-08 21:47:32 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys

2011-06-08 21:47:21 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys

2011-06-08 21:47:10 -------- d-----w- c:\program files\Raxco

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\repository\export

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-04 06:08:41 -------- d-----w- C:\spoolerlogs

2011-05-29 16:07:50 1115008 ----a-w- c:\windows\system32\ativvamv.dll

2011-05-29 16:07:44 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-05-29 16:07:29 -------- d-----w- c:\program files\ATI

.

==================== Find3M ====================

.

2011-07-14 20:48:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 19:23:11 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-06-24 19:23:03 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-06-24 19:23:03 270856 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-06-24 19:21:10 281296 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47:19 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56:44 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 22:31:51.93 ===============

Many thanks for your help on this!

:)

attach2.zip

Combofix log 2011-06-27.zip

dds2.zip

Link to post
Share on other sites

Good. Please find a few more steps to take :)

Open notepad and copy/paste the text in the quotebox below into it:


DDS::
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall these old Javas:

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java 6 Update 2

Java 6 Update 22

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Link to post
Share on other sites

First, an apology. I accidentally installed Norton Antivirus last night. That sounds stupid but I had intended to download it and not run it. Turns out that was more difficult to do than I expected as it kind of autoran. The new DDS scan was run after Norton was installed; the other instructions were all carried out before I ran DDS again.

1) DDS3

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26

Run by Steve at 11:13:07 on 2011-06-29

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3070.2069 [GMT 1:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\G35\G35.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

mRun: [Logitech G35] c:\program files\logitech\g35\G35.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [serviceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN

mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNjUwODgzNDMwLVhMKzEtVDQtRlA5Mis2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrMy1UVUcrMy1MU0RTKzI"&"prod=55"&"ver=10.0.1382

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\steve\startm~1\programs\startup\autoru~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160681654593

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{16D1F4BF-D69F-4993-891E-63914EC2CD46} : NameServer = 92.31.242.20,92.31.242.21

TCP: Interfaces\{80451425-583A-40E2-BC39-984E15CFE742} : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\yj2kaqq4.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4df26e75&v=7.005.030.004&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll

.

---- FIREFOX POLICIES ----

FF - user.js: signed.applets.codebase_principal_support - true

/* To avoid the user interaction, add the following lines: */

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/

/* GLDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/

/* BGFR */

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/

/* BILD */

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/

/* BTUK */

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/

/* CLIC */

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/

/* COUK */

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/

/* MEDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxps://www.metaboli.de/

/* CUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/

/* EUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/

/* FUNR */

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/

/* GONE */

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/

/* GUDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/

/* META */

FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/

/* MNDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/

/* MNFR */

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/

/* MNUK */

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/

/* NCNU */

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/

/* QPUK */

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/

/* SFFR */

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/

/* SPDE */

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/

/* WOJ_ */

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-6-29 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-6-29 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-5-19 810616]

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2007-4-2 241664]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-6-29 136312]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-4 54752]

R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2011-5-15 1406264]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-10-13 3712]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-6-29 130008]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]

R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-5-12 689464]

R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-1-30 17152]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110628.050\IDSXpx86.sys [2011-6-29 355256]

R3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2005-12-21 299776]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110628.035\NAVENG.SYS [2011-6-29 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110628.035\NAVEX15.SYS [2011-6-29 1542392]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]

S3 cpuz130;cpuz130;\??\c:\docume~1\steve\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\steve\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\steve\locals~1\temp\ewdmaudn.sys --> c:\docume~1\steve\locals~1\temp\ewdmaudn.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-4-17 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [2009-11-11 53976]

S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [2009-11-11 335064]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-24 39984]

S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2008-2-9 231040]

S3 MSSQL$ICARE;MSSQL$ICARE;c:\program files\microsoft sql server\mssql$icare\binn\sqlservr.exe -sicare --> c:\program files\microsoft sql server\mssql$icare\binn\sqlservr.exe -sICARE [?]

S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]

S3 SQLAgent$ICARE;SQLAgent$ICARE;c:\program files\microsoft sql server\mssql$icare\binn\sqlagent.exe -i icare --> c:\program files\microsoft sql server\mssql$icare\binn\sqlagent.EXE -i ICARE [?]

S3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]

.

=============== Created Last 30 ================

.

2011-06-29 08:35:38 -------- d-----w- c:\windows\system32\N360_BACKUP

2011-06-28 23:16:55 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D

2011-06-28 23:16:55 -------- d-----w- c:\windows\system32\drivers\N360

2011-06-28 23:16:54 -------- d-----w- c:\program files\Norton 360

2011-06-28 23:16:44 -------- d-----w- c:\program files\NortonInstaller

2011-06-28 23:16:44 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-06-28 21:16:09 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-06-28 20:16:17 -------- d-----w- c:\program files\ESET

2011-06-27 21:17:02 -------- d-sha-r- C:\cmdcons

2011-06-27 21:15:05 98816 ----a-w- c:\windows\sed.exe

2011-06-27 21:15:05 518144 ----a-w- c:\windows\SWREG.exe

2011-06-27 21:15:05 256512 ----a-w- c:\windows\PEV.exe

2011-06-27 21:15:05 208896 ----a-w- c:\windows\MBR.exe

2011-06-24 19:41:08 -------- d-----w- c:\documents and settings\steve\application data\Malwarebytes

2011-06-24 19:40:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-24 19:40:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-24 19:40:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-16 20:22:01 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 20:21:54 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-10 19:37:14 -------- d-----w- c:\documents and settings\steve\local settings\application data\AVG Security Toolbar

2011-06-08 23:07:34 -------- d-----w- c:\documents and settings\steve\application data\SUPERAntiSpyware.com

2011-06-08 23:07:34 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-06-06 11:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-06-06 11:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\repository\export

2011-06-05 07:50:03 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-04 06:08:41 -------- d-----w- C:\spoolerlogs

.

==================== Find3M ====================

.

2011-07-14 20:48:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-28 23:17:26 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-06-28 23:17:26 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-06-24 19:23:11 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-06-24 19:23:03 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-06-24 19:23:03 270856 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-06-24 19:21:10 281296 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47:19 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56:44 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 11:13:47.85 ===============

2) Combofix 2

ComboFix 11-06-28.04 - Steve 28/06/2011 20:41:41.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3070.2054 [GMT 1:00]

Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt

AV: Virgin Media Security Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: Virgin Media Security Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

* Resident AV is active

.

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))

.

.

2011-06-24 19:41 . 2011-06-24 19:41 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes

2011-06-24 19:40 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-24 19:40 . 2011-06-24 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-24 19:40 . 2011-06-24 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-16 20:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 20:21 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll

2011-06-10 19:37 . 2011-06-10 19:37 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\AVG Security Toolbar

2011-06-08 23:07 . 2011-06-08 23:07 -------- d-----w- c:\documents and settings\Steve\Application Data\SUPERAntiSpyware.com

2011-06-08 23:07 . 2011-06-08 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-08 21:47 . 2009-10-23 12:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2011-06-08 21:47 . 2011-06-08 21:47 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys

2011-06-08 21:47 . 2011-06-08 21:47 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys

2011-06-08 21:47 . 2011-06-08 21:47 -------- d-----w- c:\program files\Raxco

2011-06-08 21:47 . 2011-06-08 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco

2011-06-05 07:50 . 2011-06-05 07:50 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-04 06:08 . 2011-06-04 06:08 -------- d-----w- C:\spoolerlogs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-14 20:48 . 2011-05-13 17:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 19:23 . 2007-04-16 21:28 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-06-24 19:23 . 2009-02-18 23:41 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-06-24 19:23 . 2007-04-14 21:31 270856 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-06-24 19:21 . 2007-04-14 21:31 281296 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-05-09 23:55 . 2009-09-23 22:21 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-05-09 23:55 . 2009-09-23 22:19 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-05-09 23:55 . 2009-09-23 22:17 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-05-09 23:55 . 2009-09-23 22:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-05-09 23:55 . 2008-09-12 05:49 3265920 ----a-w- c:\windows\system32\ativvaxx.dll

2011-05-09 23:55 . 2009-09-23 21:32 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-05-09 23:55 . 2008-09-12 05:49 4017408 ----a-w- c:\windows\system32\ati3duag.dll

2011-05-09 23:55 . 2011-05-29 16:07 1115008 ----a-w- c:\windows\system32\ativvamv.dll

2011-05-09 23:55 . 2008-09-12 05:49 302080 ----a-w- c:\windows\system32\ati2dvag.dll

2011-05-09 23:55 . 2009-09-23 22:39 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-05-09 23:55 . 2008-09-12 05:49 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-05-09 23:55 . 2001-11-09 15:01 24064 ----a-w- c:\windows\system32\ativcoxx.dll

2011-05-09 23:55 . 2009-09-23 21:36 64512 ----a-w- c:\windows\system32\atimpc32.dll

2011-05-09 23:55 . 2009-09-23 21:36 64512 ----a-w- c:\windows\system32\amdpcom32.dll

2011-05-09 23:55 . 2009-09-23 21:29 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-05-09 23:55 . 2009-09-23 21:58 17743872 ----a-w- c:\windows\system32\atioglxx.dll

2011-05-09 23:55 . 2009-09-23 22:20 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-05-09 23:55 . 2009-09-23 21:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-05-09 23:55 . 2009-09-23 21:29 5459968 ----a-w- c:\windows\system32\aticaldd.dll

2011-05-09 23:55 . 2009-09-23 21:31 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-05-09 23:55 . 2009-09-23 22:21 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-05-09 23:55 . 2008-09-12 05:49 851968 ----a-w- c:\windows\system32\ati2cqag.dll

2011-05-09 23:55 . 2009-02-03 20:52 45056 ----a-w- c:\windows\system32\ATIODCLI.exe

2011-05-09 23:55 . 2009-09-23 21:31 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-05-09 23:55 . 2011-05-29 16:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-05-09 23:55 . 2009-09-23 22:21 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-05-09 23:55 . 2009-09-23 21:27 503808 ----a-w- c:\windows\system32\atiok3x2.dll

2011-05-09 23:55 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe

2011-05-09 23:55 . 2009-09-23 22:11 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-05-09 23:55 . 2009-09-23 21:30 200704 ----a-w- c:\windows\system32\atiadlxx.dll

2011-05-09 23:55 . 2009-02-18 17:55 294912 ----a-w- c:\windows\system32\ATIODE.exe

2011-05-04 03:52 . 2010-08-18 19:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 01:25 . 2007-04-21 08:38 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31 . 2006-10-11 21:37 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47 . 2009-07-04 21:44 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 14:47 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-05-06 17:40 . 2011-05-06 17:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-27_21.27.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-28 18:20 . 2011-06-28 18:20 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]

@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"

[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]

2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]

@="{15054241-49B4-4FA6-B4C7-A0071F118110}"

[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]

2011-04-04 09:35 3047088 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Backup & Storage"="c:\program files\VirginMedia\V Stuff Backup\Backup & Storage.exe" [2011-04-04 12273328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2010-10-05 1811800]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]

"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Mas\Start Menu\Programs\Startup\

OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [N/A]

.

c:\documents and settings\Steve\Start Menu\Programs\Startup\AutorunsDisabled

BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-8-29 95232]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-14 805392]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [N/A]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-14 805392]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty world at war\\CoDWaW.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty world at war\\CoDWaWmp.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=

"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\stalker call of pripyat\\Stalker-COP.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1033:TCP"= 1033:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [02/04/2007 11:46 241664]

R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [15/05/2011 21:45 1406264]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [13/10/2006 21:49 3712]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 14:06 80896]

R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]

R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [12/05/2011 09:05 689464]

R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [30/01/2009 20:19 17152]

R3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [21/12/2005 18:44 299776]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [08/06/2011 22:48 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [08/06/2011 22:48 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [08/06/2011 22:48 25736]

S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys --> c:\windows\system32\drivers\AVGIDSEH.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2010 19:13 136176]

S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [08/06/2011 22:47 5832712]

S3 cpuz130;cpuz130;\??\c:\docume~1\Steve\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Steve\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Steve\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\Steve\LOCALS~1\Temp\ewdmaudn.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2010 19:13 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17/04/2011 20:32 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248]

S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [11/11/2009 14:18 53976]

S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [11/11/2009 14:18 335064]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24/06/2011 20:40 39984]

S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [09/02/2008 21:23 231040]

S3 MSSQL$ICARE;MSSQL$ICARE;c:\program files\Microsoft SQL Server\MSSQL$ICARE\Binn\sqlservr.exe -sICARE --> c:\program files\Microsoft SQL Server\MSSQL$ICARE\Binn\sqlservr.exe -sICARE [?]

S3 SQLAgent$ICARE;SQLAgent$ICARE;c:\program files\Microsoft SQL Server\MSSQL$ICARE\Binn\sqlagent.EXE -i ICARE --> c:\program files\Microsoft SQL Server\MSSQL$ICARE\Binn\sqlagent.EXE -i ICARE [?]

S3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [18/11/2008 11:01 15496]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 25B89F31

*NewlyCreated* - 6B41D44E

*NewlyCreated* - 985FBBE1

*Deregistered* - 25b89f31

*Deregistered* - 6b41d44e

*Deregistered* - 985fbbe1

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan sysagent

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 18:13]

.

2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 18:13]

.

2011-03-20 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 1 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 2 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 3 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 4 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

2011-03-20 c:\windows\Tasks\RCHubTask 5 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job

- c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2006-08-07 03:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.GOOGLE.com

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{16D1F4BF-D69F-4993-891E-63914EC2CD46}: NameServer = 92.31.242.20,92.31.242.21

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\yj2kaqq4.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4df26e75&v=7.005.030.004&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=

FF - user.js: signed.applets.codebase_principal_support - true

/* To avoid the user interaction, add the following lines: */

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_YAEL.id - hxxp://yael.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_LHOST.id - hxxp://localhost/

/* GLDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDE.id - hxxp://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WGLDE.id - hxxp://www.gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GLDEINT.id - hxxp://glde-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGLDE.id - hxxps://gamesflatrate.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSGLDE.id - hxxps://www.gamesflatrate.de/

/* BGFR */

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFR.id - hxxp://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBGFR.id - hxxps://linternaute.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BGFRINT.id - hxxp://bgfr-int.metaboli.fr/

/* BILD */

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILD.id - hxxp://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBILD.id - hxxps://bild.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BILDINT.id - hxxp://bild-int.metaboli.fr/

/* BTUK */

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUK.id - hxxp://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SBTUK.id - hxxps://btvision.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_BTUKINT.id - hxxp://bt-int.metaboli.fr/

/* CLIC */

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLIC.id - hxxp://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCLIC.id - hxxps://clubic.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CLICINT.id - hxxp://clic-int.metaboli.fr/

/* COUK */

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUK.id - hxxp://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCOUK.id - hxxps://metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_COUKINT.id - hxxp://uk-int.metaboli.fr/

/* MEDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDE.id - hxxp://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxp://www.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMEDE.id - hxxps://metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MEDEINT.id - hxxp://de-int.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMEDE.id - hxxps://www.metaboli.de/

/* CUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUK.id - hxxp://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SCUUK.id - hxxps://custompc.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_CUUKINT.id - hxxp://cuuk-int.metaboli.fr/

/* EUUK */

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUK.id - hxxp://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SEUUK.id - hxxps://eurogamer.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_EUUKINT.id - hxxp://euuk-int.metaboli.fr/

/* FUNR */

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNR.id - hxxp://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFUNR.id - hxxps://fun.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_FUNRINT.id - hxxp://fun-int.metaboli.fr/

/* GONE */

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONE.id - hxxp://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGONE.id - hxxps://gameone.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GONEINT.id - hxxp://gone-int.metaboli.fr/

/* GUDE */

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDE.id - hxxp://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SGUDE.id - hxxps://gamerunlimited.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_GUDEINT.id - hxxp://gude-int.metaboli.fr/

/* META */

FF - user.js: capability.principal.codebase.YummyPlayer_META.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_META.id - hxxp://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WMETA.id - hxxp://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMETA.id - hxxps://metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WSMETA.id - hxxps://www.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_METAINT.id - hxxp://fr-int.metaboli.fr/

/* MNDE */

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDE.id - hxxp://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNDE.id - hxxps://livegames.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNDEINT.id - hxxp://msde-int.metaboli.fr/

/* MNFR */

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFR.id - hxxp://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNFR.id - hxxps://livegames.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNFRINT.id - hxxp://msfr-int.metaboli.fr/

/* MNUK */

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUK.id - hxxp://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SMNUK.id - hxxps://livegames.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_MNUKINT.id - hxxp://msuk-int.metaboli.fr/

/* NCNU */

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNU.id - hxxp://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SNCNU.id - hxxps://numericable.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_NCNUINT.id - hxxp://ncnu-int.metaboli.fr/

/* QPUK */

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUK.id - hxxp://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SQPUK.id - hxxps://quintplay.metaboli.co.uk/

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_QPUKINT.id - hxxp://qpuk-int.metaboli.fr/

/* SFFR */

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFR.id - hxxp://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFR.id - hxxps://jeux-pc.sfr.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRM.id - hxxp://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSFFRM.id - hxxps://sfr.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SFFRINT.id - hxxp://sfr-int.metaboli.fr/

/* SPDE */

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDE.id - hxxp://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SSPDE.id - hxxps://spieletipps.metaboli.de/

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SPDEINT.id - hxxp://spde-int.metaboli.fr/

/* WOJ_ */

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_.id - hxxp://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_SWOJ_.id - hxxps://woj-prod.metaboli.fr/

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer_WOJ_INT.id - hxxp://woj-int.metaboli.fr/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-28 20:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-57989841-1390067357-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:0f,af,79,a2,f9,4a,26,21,81,e9,d6,88,4b,af,96,15,15,c2,e9,53,2b,d9,b1,

2c,81,11,21,93,8f,c2,20,86,0b,21,dc,cf,81,36,73,f8,e5,3c,98,3e,9f,27,be,44,\

"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

.

[HKEY_USERS\S-1-5-21-57989841-1390067357-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:c6,17,58,97,2b,f3,32,ec,53,bc,ff,80,11,6e,4f,79,bf,50,df,b3,ad,

47,dd,20,3e,1f,94,35,31,ce,70,a5,fd,7e,61,f1,9c,9e,48,ab,a5,a3,a6,dc,02,c7,\

"rkeysecu"=hex:10,cc,8b,28,b3,1f,25,e1,36,cb,bf,7d,60,91,e3,f3

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1248)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(368)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-06-28 20:55:52

ComboFix-quarantined-files.txt 2011-06-28 19:55

ComboFix2.txt 2011-06-27 21:29

.

Pre-Run: 60,285,063,168 bytes free

Post-Run: 60,270,292,992 bytes free

.

- - End Of File - - 8453BB6FF463B92010B6F7B7D8341EE8

3) ESET Results

C:\Documents and Settings\All Users\Application Data\AOL Downloads\WAOL_UK_0.4327.48.1\comps\acs\acssetup.exe multiple threats

C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj2kaqq4.default\Cache\6\AB\6085Cd01 JS/Kryptik.AW.Gen trojan

Link to post
Share on other sites

Hi,

Delete C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\yj2kaqq4.default\Cache\6\AB\6085Cd01 file if found.

Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

NOTE: only do this ONCE,NOT on a regular basis

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates. Make sure you install Internet Explorer 8 too.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.

Just a final reminder for you. I am trying to stress these two points.

UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.

Make sure all of your security programs are up to date.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,

Blade :)

Link to post
Share on other sites

Thanks Blade, I really, really, appreciate your help. I've been using windows and the internet for 15 years+ now and this is the first time I've not been able to find out a way to eliminate some malware. It's been an eye-opening experience. I'd like to show my gratitude by making a Paypal donation to the Paypal account of your choice; where would you like it sent to?

Best wishes,

Steve

:)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.