Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect / Unsure What Else Is Lurking..


  • Please log in to reply
7 replies to this topic

#1 loveredfc

loveredfc

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 14 February 2008 - 12:03 PM

I've followed the guide here aswell as running my usual AV / antispyware programs and I'm still sure there's something lurking. Any help would be much appreciated :thumbsup:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:04, on 14/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202326765.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12327 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 18 February 2008 - 11:09 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum loveredfc
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

You have Kaspersky Internet Security 7.0 and AVG7 and ZoneAlarm installed.
Its not a good idea to have more than one antivirus or firewall program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns,connection problems and other issues within the operating system,due to them conflicting with each other.
You should uninstall one antivirus program,make sure you have only one firewall running,then restart your pc.


Please disable UAC [User Account Control].
1. Click Start and then click the picture at the top of the right column on the Start menu,this opens the User Accounts Control Panel.
2. Click Turn User Account Control on or off,you will have to respond to a UAC prompt to complete this action.
3. Clear the Use User Account Control (UAC) to help protect your computer check box and click OK.
4. Click Restart Now when prompted,after your computer restarts,UAC will be off.
You can repeat these steps to re-enable UAC,just click to select the check box in Step 3 when we've finished.


If you have previously downloaded ComboFix,please delete that version now.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop


Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 loveredfc

loveredfc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 18 February 2008 - 02:39 PM

Hello and thanks :thumbsup: No, i haven't posted on any other forum - of course I appreciate you guys are very busy. I uninstalled Kaspersky after posting after discovering said conflicts myself!

Here's Combofix:

ComboFix 08-02-18.1 - Trev 2008-02-18 19:29:12.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1232 [GMT 0:00]
Running from: C:\Users\Trev\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\autorun.inf
C:\Program Files\Helper
C:\Windows\system32\command.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-17 06:13 . 1997-11-19 14:49 303,616 --a------ C:\Windows\IsUninst.exe
2008-02-17 06:12 . 2008-02-17 06:12 <DIR> d-------- C:\TEMP\GTAINSTALLER
2008-02-17 06:12 . 2008-02-17 06:12 <DIR> d-------- C:\TEMP
2008-02-17 03:02 . 2008-02-17 03:02 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-16 23:48 . 2008-02-16 23:48 <DIR> d-------- C:\Program Files\directx
2008-02-16 23:46 . 2008-02-17 06:19 <DIR> d-------- C:\Program Files\Rockstar Games
2008-02-16 22:53 . 2007-04-11 23:48 <DIR> d-------- C:\Program Files\(EMU) PsOne -ePSXe- Preconfigged 1.60
2008-02-16 22:08 . 2007-04-14 14:23 <DIR> d-------- C:\Users\Trev\closer
2008-02-16 21:03 . 2008-02-16 21:03 <DIR> d-------- C:\Users\Trev\Reflexive Patch
2008-02-16 20:42 . 2008-02-16 20:42 <DIR> d-------- C:\Users\Trev\T-100-CSS
2008-02-15 23:26 . 2008-02-15 23:26 268 --ah----- C:\sqmdata02.sqm
2008-02-15 23:26 . 2008-02-15 23:26 244 --ah----- C:\sqmnoopt02.sqm
2008-02-14 16:54 . 2008-02-17 16:59 237,615,662 --a------ C:\Windows\MEMORY.DMP
2008-02-14 14:34 . 2008-02-14 14:34 91,700 --a------ C:\Windows\System32\drivers\klin.dat
2008-02-14 14:34 . 2008-02-14 14:34 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-02-14 14:31 . 2008-02-14 14:31 268 --ah----- C:\sqmdata01.sqm
2008-02-14 14:31 . 2008-02-14 14:31 244 --ah----- C:\sqmnoopt01.sqm
2008-02-14 10:21 . 2008-02-17 15:38 <DIR> d-------- C:\Users\Trev\AppData\Roaming\AVG7
2008-02-14 10:20 . 2008-02-14 13:38 55,304 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-02-14 10:20 . 2008-02-14 10:20 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-02-14 10:18 . 2008-02-14 10:18 <DIR> d-------- C:\Users\All Users\Grisoft
2008-02-14 10:18 . 2008-02-14 13:36 <DIR> d-------- C:\Users\All Users\avg7
2008-02-14 10:18 . 2008-02-14 10:18 <DIR> d-------- C:\ProgramData\Grisoft
2008-02-14 10:18 . 2008-02-14 13:36 <DIR> d-------- C:\ProgramData\avg7
2008-02-14 09:25 . 2008-02-14 09:25 <DIR> d-------- C:\kis_7_licensa
2008-02-14 03:14 . 2008-02-14 03:14 268 --ah----- C:\sqmdata00.sqm
2008-02-14 03:14 . 2008-02-14 03:14 244 --ah----- C:\sqmnoopt00.sqm
2008-02-14 03:09 . 2008-02-14 03:09 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 03:09 . 2008-02-14 03:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 03:05 . 2008-02-14 03:05 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:04 . 2008-02-14 03:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:04 . 2008-02-14 03:04 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 03:01 . 2008-02-14 03:01 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-14 03:01 . 2008-02-14 03:01 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-14 03:01 . 2008-02-14 03:01 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-13 22:33 . 2008-02-13 22:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-02-13 13:15 . 2008-02-13 13:15 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-13 13:15 . 2008-01-09 03:31 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-02-13 13:14 . 2008-02-13 13:14 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-02-13 13:14 . 2008-02-13 13:14 <DIR> d-------- C:\ProgramData\CheckPoint
2008-02-13 13:14 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-02-13 13:13 . 2008-02-13 13:09 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-02-13 13:12 . 2008-02-13 13:15 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-02-13 13:12 . 2008-02-18 00:55 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-02-13 13:12 . 2008-01-09 03:32 276,368 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-02-13 13:10 . 2008-02-18 19:18 <DIR> d-------- C:\Windows\Internet Logs
2008-02-13 13:09 . 2008-02-13 13:18 <DIR> d-------- C:\Users\Trev\.housecall6.6
2008-02-13 13:09 . 2008-02-13 13:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 18:00 . 2008-02-12 18:00 <DIR> d-------- C:\Program Files\GSPOT
2008-02-11 14:37 . 2008-02-11 14:37 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-02-11 14:35 . 2008-02-11 14:38 <DIR> d-------- C:\Program Files\Avi2Dvd
2008-02-11 14:03 . 2008-02-11 14:03 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-02-11 13:46 . 2008-02-11 13:46 <DIR> d-------- C:\Program Files\Xvid
2008-02-11 13:46 . 2007-06-28 18:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-02-11 13:46 . 2007-06-28 18:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-02-11 13:46 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-02-10 17:34 . 2008-02-10 17:34 <DIR> d-------- C:\Program Files\DivX
2008-02-10 17:33 . 2008-02-10 17:34 684 --a------ C:\Windows\mozver.dat
2008-02-08 23:35 . 2008-02-08 23:35 <DIR> d--h----- C:\Windows\PIF
2008-02-08 20:33 . 2008-02-08 20:37 15,875,072 --a------ C:\Windows\System32\imageres.dll
2008-02-08 14:28 . 2008-02-17 18:01 <DIR> d-------- C:\Users\All Users\Kontiki
2008-02-08 14:28 . 2008-02-17 18:01 <DIR> d-------- C:\ProgramData\Kontiki
2008-02-08 14:28 . 2008-02-08 14:28 <DIR> d-------- C:\Program Files\Kontiki
2008-02-08 13:02 . 2008-02-08 13:02 <DIR> d-------- C:\Users\All Users\ALM
2008-02-08 13:02 . 2008-02-08 13:02 <DIR> d-------- C:\ProgramData\ALM
2008-02-08 12:48 . 2008-02-08 12:48 <DIR> d-------- C:\Program Files\resources
2008-02-08 12:48 . 2008-02-08 12:48 <DIR> d-------- C:\Program Files\redist
2008-02-08 12:46 . 2008-02-08 12:46 <DIR> d-------- C:\Program Files\payloads
2008-02-08 12:46 . 2008-02-08 12:46 <DIR> d-------- C:\Program Files\Crack
2008-02-08 12:43 . 2008-02-08 12:43 <DIR> d-------- C:\Program Files\Content
2008-02-08 12:13 . 2008-02-08 12:13 <DIR> d-------- C:\Users\Trev\AppData\Roaming\SUPERAntiSpyware.com
2008-02-08 12:13 . 2008-02-08 12:13 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-08 12:13 . 2008-02-08 12:13 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-08 12:13 . 2008-02-08 12:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-08 11:50 . 2008-02-08 11:50 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-02-08 11:50 . 2008-02-18 00:55 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-02-08 11:50 . 2008-02-18 00:55 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-02-07 19:28 . 2008-02-07 19:28 <DIR> d-------- C:\Windows\Sun
2008-02-07 16:27 . 2008-02-07 16:27 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-02-07 16:19 . 2008-02-07 16:19 151 --a------ C:\Windows\wininit.ini
2008-02-07 15:42 . 2008-02-07 16:19 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-07 15:42 . 2008-02-07 16:19 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-07 15:42 . 2008-02-07 15:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-06 23:42 . 2008-02-06 23:43 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-06 23:42 . 2008-02-06 23:43 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-06 23:42 . 2008-02-06 23:42 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-06 23:40 . 2008-02-08 12:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 19:39 . 2008-02-13 16:46 <DIR> d-------- C:\Program Files\Sotfone
2008-02-05 18:52 . 2008-02-05 18:52 29 --a------ C:\Windows\.wb4
2008-02-05 17:03 . 2008-02-05 17:03 <DIR> d-------- C:\Program Files\CodeGazer
2008-02-05 15:40 . 2008-02-05 15:40 <DIR> d-------- C:\Users\Trev\AppData\Roaming\CyberLink
2008-02-05 13:37 . 2008-02-05 13:37 <DIR> d-------- C:\Users\Trev\Voodoo Queens - Chocolate Revenge [1993]
2008-02-04 18:07 . 2008-02-04 20:18 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-02-04 17:21 . 2008-02-07 22:00 <DIR> d-------- C:\Program Files\Stardock
2008-02-04 17:21 . 2007-09-12 18:58 58,792 --a------ C:\Windows\System32\wbload.dll
2008-02-04 17:21 . 2007-07-11 15:06 42,672 --a------ C:\Windows\System32\wbsys.dll
2008-02-03 17:10 . 2008-02-03 17:30 <DIR> d-------- C:\Program Files\MagicISO
2008-02-02 10:04 . 2008-02-17 15:44 12,978 --a------ C:\Users\Trev\AppData\Roaming\nvModes.dat
2008-02-01 12:57 . 2008-02-01 12:57 <DIR> d-------- C:\Users\Trev\AppData\Roaming\HP
2008-02-01 11:15 . 2008-02-01 11:16 <DIR> d-------- C:\Users\All Users\PC Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:38 22,528 ----a-w C:\Windows\Internet Logs\xDBBF0A.tmp
2008-02-17 15:34 18,432 ----a-w C:\Windows\Internet Logs\xDBD5F3.tmp
2008-02-17 15:31 87,040 ----a-w C:\Windows\Internet Logs\xDB6B20.tmp
2008-02-16 23:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 12:03 27,136 ----a-w C:\Windows\Internet Logs\xDBD7C7.tmp
2008-02-16 11:54 135,168 ----a-w C:\Windows\Internet Logs\xDB9108.tmp
2008-02-16 11:54 1,346,560 ----a-w C:\Windows\Internet Logs\xDB955C.tmp
2008-02-14 16:53 314,880 ----a-w C:\Windows\Internet Logs\xDB9A3B.tmp
2008-02-14 03:05 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 03:05 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 03:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:05 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 03:05 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 03:05 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 03:05 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 03:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:05 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 03:05 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 03:05 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 03:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 03:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 17:04 --------- d-----w C:\ProgramData\Symantec
2008-02-13 17:04 --------- d-----w C:\Program Files\Google
2008-02-12 14:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-05 18:33 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-02-05 18:33 240,640 ----a-w C:\Windows\System32\uxtheme.dll
2008-02-05 15:40 --------- d-----w C:\ProgramData\CyberLink
2008-02-01 12:57 --------- d-----w C:\ProgramData\HP
2008-01-31 00:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-30 21:27 174 --sha-w C:\Program Files\desktop.ini
2008-01-30 20:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-30 20:53 --------- d-----w C:\Program Files\Windows Mail
2008-01-30 20:53 --------- d-----w C:\Program Files\Windows Calendar
2008-01-30 17:51 --------- d-----w C:\ProgramData\Napster
2008-01-30 17:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-30 14:19 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-30 14:11 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-30 14:11 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-01-30 14:11 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-01-30 14:11 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-01-30 14:11 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-01-30 14:11 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-01-30 14:11 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-01-30 14:11 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-01-30 14:11 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-30 14:11 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-01-30 14:11 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-01-30 14:11 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-01-30 14:04 --------- d-----w C:\Program Files\Java
2008-01-30 13:43 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE74017Y0_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080130_N11AB4353;80864222_(GT887EA#ABU)_XMOBILE_CN10_Z.MRK
2008-01-30 13:33 --------- d-sh--w C:\ProgramData\Templates
2008-01-30 13:33 --------- d-sh--w C:\ProgramData\Start Menu
2008-01-30 13:33 --------- d-sh--w C:\ProgramData\Favorites
2008-01-30 13:33 --------- d-sh--w C:\ProgramData\Documents
2008-01-30 13:33 --------- d-sh--w C:\ProgramData\Desktop
2008-01-30 13:33 --------- d-sh--w C:\ProgramData\Application Data
2008-01-15 22:13 387,934 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\NAIL SCRATCH\NAILSCRA.ZIP
2008-01-15 22:10 509,709 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\SHORTCUT\Shortcut.zip
2008-01-15 22:08 129,559 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\SELFISH\SELFISH.ZIP
2008-01-15 22:07 328,691 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\PRINT ERROR\PRINTERR.ZIP
2008-01-15 22:07 194,841 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\ROCHESTER\ROCHESTE.ZIP
2008-01-15 22:04 219,379 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\PORCELAIN\PORCELAI.ZIP
2008-01-15 22:03 69,864 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\PASTELARIA\PASTELAR.ZIP
2008-01-15 22:02 478,952 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\NASTY\Nasty.zip
2008-01-15 22:01 853,604 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\MISPROJECT\MISPROJE.ZIP
2008-01-15 21:55 117,117 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\MEMORY LAPSES\MEMORYLA.ZIP
2008-01-15 21:54 217,852 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\MAX RHODES\MaxRhodes.zip
2008-01-15 21:52 774,011 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\GUILTY\Guilty.zip
2008-01-15 21:52 251,277 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\HORSE PUKE\HORSEPUK.ZIP
2008-01-15 21:47 327,204 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\DOWNCOME\Downcome.zip
2008-01-15 21:46 334,950 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\DISGUSTING BEHAVIOR\DSGSTNGB.ZIP
2008-01-15 21:44 254,251 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\DIRTY EGO\DIRTYEGO.ZIP
2008-01-15 21:43 423,109 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\DIESEL\DIESEL.ZIP
2008-01-15 21:40 206,107 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\BROKEN 15\BROKEN15.ZIP
2008-01-15 21:38 166,496 ----a-w C:\Windows\Fonts\misprinted-fonts\misprinted_fonts\ASTONISH\ASTONISH.ZIP
2008-01-09 03:32 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2007-12-14 11:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-03-29 23:58 511,676 ----a-w C:\Program Files\WinBootstrapper1.cab
2007-03-29 23:58 2,689,192 ----a-w C:\Program Files\Setup.exe
2007-03-29 23:58 1,823,744 ----a-w C:\Program Files\WinBootstrapper.msi
2007-03-29 23:55 508 ----a-w C:\Program Files\Deployment.xml
2007-03-14 00:46 20,607 ----a-w C:\Program Files\Illustrator CS3 Read Me.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
C:\Program Files\Helper\1202326765.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-30 14:07 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 2159104 C:\Windows\System32\oobefldr.dll]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 19:54 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-08 12:21 1470464]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-01-25 10:08 1032376]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-24 19:50 1006264]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-03-11 11:21 159744]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-29 10:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-29 10:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-29 10:05 81920]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-24 01:11 176128]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-13 02:36 323216]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 18:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 18:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 20:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 23:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 06:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 07:05 217088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-14 13:38 579072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-14 10:20 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-14 10:20 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-02-05 16:46 197912 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-02-14 13:38]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 10:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 10:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 10:45]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 12:49]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-07 09:16]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 07:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 19:31:00 C:\Windows\Tasks\User_Feed_Synchronization-{DF0720CB-74F6-49CC-9900-8DA49BD37FAD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 19:31:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18 19:32:49
ComboFix-quarantined-files.txt 2008-02-18 19:32:47
.
2008-02-17 03:03:01 --- E O F ---


and HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:47, on 18/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202326765.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11345 bytes



#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 18 February 2008 - 03:41 PM

Hello

Disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.


Please disable Spybot S&D’s protection,or it will interfere.
You can enable it after you're clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202326765.dll (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)



Run F-Secure Online Scanner.
Note:
This scanner is for Internet Explorer only.
* Click on Online Services and then Online Scanner.
* Accept the License Agreement.
* Once the ActiveX installs,click Full System Scan.
* Once the download completes,the scan will begin automatically.
* The scan will take some time to finish,so please be patient.
* When the scan completes, click the Automatic cleaning (recommended) button.
* Click the Show Report button then copy and paste the entire report into your next reply.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#5 loveredfc

loveredfc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 25 February 2008 - 04:34 PM

Apologies for the late reply. Here was the result for F-Secure:

Scanning Report
Monday, February 25, 2008 19:56:28 - 21:29:59

Computer name: LAPTOP
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 2 malware found
Backdoor.Win32.Delf.aki (virus)

* System

Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 62599
* System: 4409
* Not scanned: 16

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\BOOT\BCD

Options
Scanning engines:

* F-Secure USS: 2.20.0
* F-Secure Hydra: 2.6.7470, 2008-02-25
* F-Secure Pegasus: 1.20.0, 2008-01-20
* F-Secure AVP: 7.0.171, 2008-02-25

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

And HJT:


Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11140 bytes


as far as i can tell everything is running fine, apart from the search engine in the firefox toolbar - whereas it used to run to google, it says "connecting to xx.com" which varies nearly everytime i look, but is definately not a legit search engine.

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 March 2008 - 03:17 PM

Apologies for the late reply,my email notifications seem to be messed up.

apart from the search engine in the firefox toolbar - whereas it used to run to google, it says "connecting to xx.com" which varies nearly everytime i look, but is definately not a legit search engine.

1) Open a new Firefox window.
2) Type in the address bar about:config and press enter.
3) At the top in the Filter: address bar type in keyword.URL and press enter.
4) There should be only one entry showing now, just right click it, and press Reset
It should reset to the value:
http://www.google.com/search?ie=UTF-8&...p;gfns=1&q=

Let me know how it goes please.
Posted Image
Posted Image

#7 loveredfc

loveredfc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 03 March 2008 - 04:29 PM

it says http://www.google.com/search?ie=UTF-8&...p;gfns=1&q=
and it won't let me reset, the option is 'blacked out'.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 March 2008 - 04:55 PM

First backup your bookmarks in Firefox.
How to Back-Up Bookmarks in Firefox:
http://www.nirmaltv.com/2007/07/25/how-to-...rks-in-firefox/

Now create a new profile within Firefox by following these instructions:
http://www.mozilla.org/support/firefox/profile#new

Now import your bookmarks following the info in the link at the top.


If the above did'nt help,make sure you first have your bookmarks backed up.
Now download Firefox 2:
http://www.mozilla.com/en-US/firefox/

Disconnect from the internet,remove/uninstall Firefox via Start/Control Panel/Programs and Features/Uninstall or change a program.
Restart your pc.
Now install Firefox 2 you just downloaded.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users