Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/adware Problem


  • This topic is locked This topic is locked
22 replies to this topic

#1 Connor!

Connor!

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 05 April 2008 - 02:43 PM

I have had a Virus install Spyware and Adware on my computer. I got rid of a few things from Virgin PCGuard and Ashampoo Anti-Spyware but am still having problems like internet browser crashing, foreign pop-ups and the noise my computer makes has increased. Also I had an Msn virus, sending files to my contacts - I thinkI got rid of it now but I notice I have a process called 'msn.com' that wasn't there before.

Here are the Hi-Jack this logs

ridDeckard's System Scanner v20071014.68
Run by Admin on 2008-04-05 20:25:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
103: 2008-04-05 19:26:10 UTC - RP371 - Deckard's System Scanner Restore Point
102: 2008-04-05 18:05:36 UTC - RP370 - System Checkpoint
101: 2008-04-04 09:42:21 UTC - RP369 - System Checkpoint
100: 2008-04-02 20:49:26 UTC - RP368 - Installed Ad-Aware 2007
99: 2008-04-02 18:27:57 UTC - RP367 - System Checkpoint


-- First Restore Point --
1: 2008-03-24 16:24:08 UTC - RP269 - Installed LG PC Suite


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:30, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\msn.com
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - C:\WINDOWS\system32\nnnmmmJb.dll
O2 - BHO: (no name) - {0EAAD970-DFB9-4B87-B46E-3862513B769E} - C:\WINDOWS\system32\efcATKET.dll
O2 - BHO: {39054f8a-d05a-5f48-c7f4-9408a5ec44f1} - {1f44ce5a-8049-4f7c-84f5-a50da8f45093} - C:\WINDOWS\system32\bckukjfy.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\xfbmupac.dll
O2 - BHO: (no name) - {8eb8a2a0-f752-406f-8ae8-ec5c8c5d1085} - C:\WINDOWS\system32\upnwvrmk.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [BM0b85d6b2] Rundll32.exe "C:\WINDOWS\system32\obyayfrc.dll",s
O4 - HKLM\..\Run: [08b6e52e] rundll32.exe "C:\WINDOWS\system32\axgmubco.dll",b
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-682003330-1614895754-839522115-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jazmine1')
O4 - HKUS\S-1-5-21-682003330-1614895754-839522115-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Jazmine1')
O4 - HKUS\S-1-5-21-682003330-1614895754-839522115-1009\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" (User 'Jazmine1')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-682003330-1614895754-839522115-1009 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Jazmine1')
O4 - S-1-5-21-682003330-1614895754-839522115-1009 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Jazmine1')
O4 - S-1-5-21-682003330-1614895754-839522115-1009 User Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Jazmine1')
O4 - S-1-5-21-682003330-1614895754-839522115-1009 User Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Jazmine1')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.13.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://219.117.233.69/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177430414718
O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} (LHGLauncherXForm Control) - http://www.shockwave.com/content/reaxxion/...HLGLauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6202EBF6-5BF0-4C6B-A4CD-3C7F02B0F2DA}: NameServer = 192.168.11.1
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: nnnmmmJb - C:\WINDOWS\SYSTEM32\nnnmmmJb.dll
O20 - Winlogon Notify: wvUkHWPf - C:\WINDOWS\SYSTEM32\wvUkHWPf.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 14314 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 IntelS51 (Intel® 536EP Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem>
R3 ovt519 (EyeToy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>

S0 Partizan - c:\windows\system32\drivers\partizan.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\program files\ivt corporation\bluesoleil\device\win2k\btnetfilter.sys
S3 catchme - c:\docume~1\admin\locals~1\temp\catchme.sys (file missing)
S3 EC168BDA (EC168BDA service) - c:\windows\system32\drivers\ec168bda.sys <Not Verified; e3C, Inc.; e3C DTV Driver>
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 hap17v2k (Creative P17V HAL Driver) - c:\windows\system32\drivers\hap17v2k.sys <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
S3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-30 03:30:00 404 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-01-26 20:27:47 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-02 23:55:21 260 --a------ C:\WINDOWS\Tasks\War Rock.job


-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 20:29:10 0 d-------- C:\Program Files\Trend Micro
2008-04-05 20:25:15 85056 --a------ C:\WINDOWS\system32\axgmubco.dll
2008-04-05 20:22:14 89664 --a------ C:\WINDOWS\system32\bckukjfy.dll
2008-04-05 20:19:57 37376 --a------ C:\WINDOWS\system32\yayvULec.dll
2008-04-05 20:19:14 87104 --a------ C:\WINDOWS\system32\obyayfrc.dll
2008-04-05 20:16:15 53312 --a------ C:\WINDOWS\system32\xfbmupac.dll
2008-04-05 20:11:07 89664 --a------ C:\WINDOWS\system32\crogtobi.dll
2008-04-05 20:08:08 85056 -----n--- C:\WINDOWS\system32\dqsrvnkk.dll
2008-04-05 20:05:07 87104 --a------ C:\WINDOWS\system32\ldpekonr.dll
2008-04-05 20:02:28 53312 --a------ C:\WINDOWS\system32\ajifheoa.dll
2008-04-05 19:53:18 37376 --a------ C:\WINDOWS\system32\urqPiiFx.dll
2008-04-05 18:32:22 85056 -----n--- C:\WINDOWS\system32\ospnobcq.dll
2008-04-05 18:32:20 89664 --a------ C:\WINDOWS\system32\emhkkxvw.dll
2008-04-05 18:29:21 87104 --a------ C:\WINDOWS\system32\nsplgmup.dll
2008-04-05 18:26:30 53312 --a------ C:\WINDOWS\system32\pvamexjt.dll
2008-04-05 18:25:04 166296 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-05 17:19:02 89664 --a------ C:\WINDOWS\system32\fbhhnbbs.dll
2008-04-05 17:16:03 53312 --a------ C:\WINDOWS\system32\kafdgkai.dll
2008-04-05 17:13:43 87104 --a------ C:\WINDOWS\system32\hmyngget.dll
2008-04-05 17:11:15 37376 --a------ C:\WINDOWS\system32\tuvSlIaw.dll
2008-04-05 00:29:46 90176 --a------ C:\WINDOWS\system32\ecmyllbi.dll
2008-04-05 00:23:51 87104 --a------ C:\WINDOWS\system32\rijgjrnq.dll
2008-04-05 00:20:48 53312 --a------ C:\WINDOWS\system32\dlkkykms.dll
2008-04-05 00:20:19 36352 --a------ C:\WINDOWS\system32\vtUkkhHa.dll
2008-04-04 19:37:27 87104 --a------ C:\WINDOWS\system32\kkcyosao.dll
2008-04-04 19:36:52 53312 --a------ C:\WINDOWS\system32\nxoswsek.dll
2008-04-04 19:33:29 87104 --a------ C:\WINDOWS\system32\srsndjqm.dll
2008-04-04 11:44:29 90688 --a------ C:\WINDOWS\system32\kphnvqdr.dll
2008-04-04 11:41:29 88640 --a------ C:\WINDOWS\system32\owfamfrd.dll
2008-04-04 10:02:40 90688 --a------ C:\WINDOWS\system32\qwdswdcr.dll
2008-04-04 10:00:12 88640 --a------ C:\WINDOWS\system32\thqdptse.dll
2008-04-03 23:52:07 89152 --a------ C:\WINDOWS\system32\dosxrghm.dll
2008-04-03 23:46:35 88640 --a------ C:\WINDOWS\system32\nmaxvgqa.dll
2008-04-03 19:54:54 89152 --a------ C:\WINDOWS\system32\rhiijirn.dll
2008-04-03 19:49:00 88640 --a------ C:\WINDOWS\system32\ovvbupjx.dll
2008-04-03 19:48:10 0 d-------- C:\Program Files\Ashampoo
2008-04-03 19:34:37 89152 --a------ C:\WINDOWS\system32\baegtsah.dll
2008-04-03 19:30:59 88640 --a------ C:\WINDOWS\system32\krbukerm.dll
2008-04-03 19:09:34 89152 --a------ C:\WINDOWS\system32\okgedxqb.dll
2008-04-03 19:03:34 88640 --a------ C:\WINDOWS\system32\fberirxi.dll
2008-04-03 18:37:25 89152 --a------ C:\WINDOWS\system32\tjndmuvb.dll
2008-04-03 18:36:27 88640 --a------ C:\WINDOWS\system32\ckfubbhy.dll
2008-04-03 16:20:51 89152 --a------ C:\WINDOWS\system32\ykbgtlhg.dll
2008-04-03 16:19:55 88640 --a------ C:\WINDOWS\system32\tultcyva.dll
2008-04-03 16:12:52 89152 --a------ C:\WINDOWS\system32\kwuqtfuj.dll
2008-04-03 16:09:52 88640 --a------ C:\WINDOWS\system32\ghuflxya.dll
2008-04-03 15:41:31 89152 --a------ C:\WINDOWS\system32\sxgbomds.dll
2008-04-03 15:38:27 88640 --a------ C:\WINDOWS\system32\jxkgsyuc.dll
2008-04-03 13:03:13 35840 --a------ C:\WINDOWS\system32\wvUnKDSl.dll
2008-04-03 12:40:22 35840 --a------ C:\WINDOWS\system32\tuvTJDsQ.dll
2008-04-03 11:34:51 35840 --a------ C:\WINDOWS\system32\qoMfcArq.dll
2008-04-03 09:50:29 89152 --a------ C:\WINDOWS\system32\ltnsiadl.dll
2008-04-03 09:48:07 88640 --a------ C:\WINDOWS\system32\mtggvttu.dll
2008-04-03 09:46:12 35840 --a------ C:\WINDOWS\system32\urqRJDuR.dll
2008-04-02 21:49:38 0 d-------- C:\Program Files\Lavasoft
2008-04-02 21:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 21:14:28 91712 --a------ C:\WINDOWS\system32\xcfieyjw.dll
2008-04-02 21:08:28 88128 --a------ C:\WINDOWS\system32\ulfrsssu.dll
2008-04-02 21:06:17 35840 --a------ C:\WINDOWS\system32\ssqRKefE.dll
2008-04-02 20:47:24 91712 --a------ C:\WINDOWS\system32\ekghelmb.dll
2008-04-02 20:44:29 88128 --a------ C:\WINDOWS\system32\bcfphxpg.dll
2008-04-02 20:43:03 35840 --a------ C:\WINDOWS\system32\jkkJcASJ.dll
2008-04-02 19:59:35 35840 --a------ C:\WINDOWS\system32\iifcATkH.dll
2008-04-02 19:51:43 91712 --a------ C:\WINDOWS\system32\nvyxqwhv.dll
2008-04-02 19:46:58 35840 --a------ C:\WINDOWS\system32\mlJBUnNf.dll
2008-04-02 19:46:34 88128 --a------ C:\WINDOWS\system32\fmkynhxq.dll
2008-04-02 19:43:39 35840 --a------ C:\WINDOWS\system32\iifgEwuU.dll
2008-04-02 17:42:04 35840 --a------ C:\WINDOWS\system32\opnnoNFV.dll
2008-04-02 17:40:38 36352 --a------ C:\WINDOWS\system32\nnnkKBrO.dll
2008-04-02 17:32:23 35840 --a------ C:\WINDOWS\system32\geBtRjGx.dll
2008-04-02 17:19:31 36352 --a------ C:\WINDOWS\system32\hgGxVPFW.dll
2008-04-02 17:15:57 35840 --a------ C:\WINDOWS\system32\iifghGAr.dll
2008-04-02 17:06:28 35840 --a------ C:\WINDOWS\system32\byXQKaXR.dll
2008-04-02 16:46:52 35840 --a------ C:\WINDOWS\system32\byXOhGAQ.dll
2008-04-02 16:27:26 35840 --a------ C:\WINDOWS\system32\efcYQHWn.dll
2008-04-02 16:17:02 91712 --a------ C:\WINDOWS\system32\cinyifjk.dll
2008-04-02 16:11:10 88128 --a------ C:\WINDOWS\system32\ipdgepir.dll
2008-04-02 16:09:46 36352 --a------ C:\WINDOWS\system32\jkkJdDTK.dll
2008-04-02 16:09:12 36352 --a------ C:\WINDOWS\system32\opnnlkjg.dll
2008-04-01 19:43:25 88128 --a------ C:\WINDOWS\system32\vwqcikcw.dll
2008-04-01 19:37:20 90688 --a------ C:\WINDOWS\system32\ijklqckx.dll
2008-04-01 19:34:21 88128 --a------ C:\WINDOWS\system32\fgkfwjpf.dll
2008-04-01 19:18:12 36352 --a------ C:\WINDOWS\system32\pmnkIApn.dll
2008-04-01 18:24:04 90688 --a------ C:\WINDOWS\system32\qvmpnmao.dll
2008-04-01 18:20:28 88128 --a------ C:\WINDOWS\system32\urmyhehj.dll
2008-04-01 18:13:30 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-04-01 17:53:54 90688 --a------ C:\WINDOWS\system32\xhjotquo.dll
2008-04-01 17:49:50 88128 --a------ C:\WINDOWS\system32\batqkveb.dll
2008-04-01 17:42:52 36352 --a------ C:\WINDOWS\system32\byXPfeef.dll
2008-04-01 17:30:55 90688 --a------ C:\WINDOWS\system32\hqfnttph.dll
2008-04-01 17:27:55 88128 --a------ C:\WINDOWS\system32\csteujcd.dll
2008-04-01 16:47:20 90688 --a------ C:\WINDOWS\system32\mgqnasdo.dll
2008-04-01 16:45:34 88128 --a------ C:\WINDOWS\system32\sgosbotl.dll
2008-04-01 16:44:04 90688 --a------ C:\WINDOWS\system32\ouxtnjmj.dll
2008-04-01 16:21:16 88128 --a------ C:\WINDOWS\system32\udhgjqmy.dll
2008-03-31 22:57:19 91712 --a------ C:\WINDOWS\system32\upnwvrmk.dll
2008-03-31 21:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 21:21:25 91712 --a------ C:\WINDOWS\system32\wvmtphgp.dll
2008-03-31 21:08:15 91712 --a------ C:\WINDOWS\system32\pbvebvro.dll
2008-03-31 16:27:22 90688 --a------ C:\WINDOWS\system32\jfdcfflc.dll
2008-03-31 11:45:10 90688 --a------ C:\WINDOWS\system32\jkijesrj.dll
2008-03-31 11:27:44 35840 --a------ C:\WINDOWS\system32\fcccabYS.dll
2008-03-31 11:19:58 90688 --a------ C:\WINDOWS\system32\stjcikie.dll
2008-03-31 10:02:19 90688 --a------ C:\WINDOWS\system32\hwncfcuu.dll
2008-03-30 21:50:02 0 d-------- C:\Program Files\Easy SpyRemover
2008-03-30 21:41:57 0 d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-03-30 21:10:48 90176 --a------ C:\WINDOWS\system32\vyjntjsb.dll
2008-03-30 20:37:43 90176 --a------ C:\WINDOWS\system32\yvquggkm.dll
2008-03-30 20:10:44 38400 --a------ C:\WINDOWS\system32\nnnmnmLE.dll
2008-03-30 19:55:52 38400 --a------ C:\WINDOWS\system32\yayyWqRh.dll
2008-03-30 19:37:20 38400 --a------ C:\WINDOWS\system32\byXPJYop.dll
2008-03-30 19:23:37 38400 --a------ C:\WINDOWS\system32\mlJDTnnM.dll
2008-03-30 19:16:42 90176 --a------ C:\WINDOWS\system32\lelyqpox.dll
2008-03-30 18:38:04 38400 --a------ C:\WINDOWS\system32\mlJCTJBS.dll
2008-03-30 18:19:05 38400 --a------ C:\WINDOWS\system32\byXRighi.dll
2008-03-30 18:02:41 38400 --a------ C:\WINDOWS\system32\pmnkIXNe.dll
2008-03-30 11:26:47 90176 --a------ C:\WINDOWS\system32\mywawlbd.dll
2008-03-30 11:26:00 36352 --a------ C:\WINDOWS\system32\fccbBTkL.dll
2008-03-30 10:11:28 90176 --a------ C:\WINDOWS\system32\bphubomd.dll
2008-03-30 10:10:04 36352 --a------ C:\WINDOWS\system32\awtutroP.dll
2008-03-29 23:54:32 0 d-------- C:\Program Files\ManyCam 2.2
2008-03-29 22:46:54 90176 --a------ C:\WINDOWS\system32\wyigbpwu.dll
2008-03-29 21:03:55 36352 --a------ C:\WINDOWS\system32\geBuUmLd.dll
2008-03-29 20:24:11 38912 --a------ C:\WINDOWS\system32\fccyvSKe.dll
2008-03-29 18:58:44 90176 --a------ C:\WINDOWS\system32\bavrbeua.dll
2008-03-29 18:44:23 90176 --a------ C:\WINDOWS\system32\fvlukvyf.dll
2008-03-29 18:25:41 90176 --a------ C:\WINDOWS\system32\mllhdnwb.dll
2008-03-29 17:52:43 90176 --a------ C:\WINDOWS\system32\aituqwpl.dll
2008-03-29 17:49:46 85568 --a------ C:\WINDOWS\system32\pvhjkamw.dll
2008-03-29 15:28:59 38912 --a------ C:\WINDOWS\system32\nnnliIXq.dll
2008-03-29 13:58:31 90176 --a------ C:\WINDOWS\system32\xtitjuti.dll
2008-03-29 09:57:48 90176 --a------ C:\WINDOWS\system32\mdoirlkb.dll
2008-03-29 09:53:11 38912 --a------ C:\WINDOWS\system32\khfGApol.dll
2008-03-28 20:29:44 39936 --a------ C:\WINDOWS\system32\iifcYOgg.dll
2008-03-28 20:29:34 39936 --a------ C:\WINDOWS\system32\qoMdBULc.dll
2008-03-28 19:18:43 90688 --a------ C:\WINDOWS\system32\ffluqchp.dll
2008-03-28 19:16:48 90688 --a------ C:\WINDOWS\system32\anxblxgi.dll
2008-03-28 19:16:43 87616 --a------ C:\WINDOWS\system32\fntvenmj.dll
2008-03-28 19:15:42 243321 --ahs---- C:\WINDOWS\system32\DKkjmnnn.ini2
2008-03-28 19:15:37 268288 --a------ C:\WINDOWS\system32\nnnmjkKD.dll
2008-03-28 19:13:37 86080 --a------ C:\WINDOWS\system32\yoocjsqo.dll
2008-03-28 19:11:33 87616 --a------ C:\WINDOWS\system32\paaemqvp.dll
2008-03-28 19:04:56 87616 --a------ C:\WINDOWS\system32\hqqfmtxq.dll
2008-03-27 20:41:33 92224 --a------ C:\WINDOWS\system32\deeytvte.dll
2008-03-27 20:39:24 93248 --a------ C:\WINDOWS\system32\yumqyili.dll
2008-03-27 20:38:32 233517 --ahs---- C:\WINDOWS\system32\TEKTAcfe.ini2
2008-03-27 20:38:29 273920 --a------ C:\WINDOWS\system32\efcATKET.dll
2008-03-27 20:33:50 39936 --a------ C:\WINDOWS\system32\nnnmmmJb.dll
2008-03-27 20:33:22 39936 --a------ C:\WINDOWS\system32\wvUkHWPf.dll
2008-03-27 17:41:56 38400 -r-hs---- C:\WINDOWS\msn.com
2008-03-24 19:07:10 0 d-------- C:\WINDOWS\ERUNT
2008-03-24 18:18:18 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-03-24 18:17:29 0 d-------- C:\Program Files\Greatis
2008-03-24 17:39:12 0 d-------- C:\Documents and Settings\Martin\Application Data\Webcammax
2008-03-24 17:25:37 6656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-03-24 17:23:57 12421 --ahs---- C:\WINDOWS\system32\sstwa.ini2
2008-03-24 17:16:37 58368 --a------ C:\hlkhyer.exe
2008-03-24 17:16:34 59904 --a------ C:\ovvbu.exe
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Webcammax
2008-03-24 17:03:33 0 d-------- C:\Program Files\WebcamMax
2008-03-15 23:17:22 0 d-------- C:\Fraps


-- Find3M Report ---------------------------------------------------------------

2008-04-05 20:19:00 24244 --a------ C:\Documents and Settings\Admin\Application Data\.googlewebacchosts
2008-04-04 01:20:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-04-04 00:41:08 0 d-------- C:\Program Files\Xfire
2008-04-03 19:39:41 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files
2008-04-01 20:41:09 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-03-24 18:41:02 0 d-------- C:\Program Files\DVBT
2008-03-21 23:24:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 21:41:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-01 10:41:42 0 d-------- C:\Program Files\iTunes
2008-03-01 10:40:21 0 d-------- C:\Program Files\iPod
2008-03-01 10:36:21 0 d-------- C:\Program Files\QuickTime
2008-02-25 22:12:07 0 d-------- C:\Program Files\Toribash-3.1
2008-02-25 22:10:55 0 d-------- C:\Program Files\Bonjour
2008-02-25 20:43:12 0 d-------- C:\Program Files\Last.fm
2008-02-12 14:10:44 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-12 14:08:29 0 d-------- C:\Documents and Settings\Admin\Application Data\iolo
2008-02-11 02:11:58 0 d-------- C:\Program Files\Rockstar Games
2008-02-11 01:25:42 0 d-------- C:\Program Files\GTATools
2008-02-11 01:08:59 0 d-------- C:\Program Files\Junction25
2008-01-27 23:56:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-14 13:52:00 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-13 15:50:46 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-06 21:28:52 11975913 --a------ C:\Program1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}]
27/03/2008 20:33 39936 --a------ C:\WINDOWS\system32\nnnmmmJb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EAAD970-DFB9-4B87-B46E-3862513B769E}]
27/03/2008 20:38 273920 --a------ C:\WINDOWS\system32\efcATKET.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f44ce5a-8049-4f7c-84f5-a50da8f45093}]
05/04/2008 20:22 89664 --a------ C:\WINDOWS\system32\bckukjfy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
05/04/2008 20:16 53312 --a------ C:\WINDOWS\system32\xfbmupac.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8eb8a2a0-f752-406f-8ae8-ec5c8c5d1085}]
31/03/2008 22:57 91712 --a------ C:\WINDOWS\system32\upnwvrmk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [11/08/2006 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11/08/2006 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 16:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/08/2007 16:04]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 15:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 15:10]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 19:49]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"Windows live Messenger"="msn.com" [27/03/2008 17:41 C:\WINDOWS\msn.com]
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [14/08/2007 09:29]
"BM0b85d6b2"="C:\WINDOWS\system32\obyayfrc.dll" [05/04/2008 20:19]
"08b6e52e"="C:\WINDOWS\system32\axgmubco.dll" [05/04/2008 20:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/05/2007 19:01]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"WindowBlinds"="C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" []
"Simplify Media"="C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" []
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [25/02/2008 20:43:01]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [13/01/2008 17:11:39]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [14/03/2008 00:06:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [09/07/2007 23:24:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\nnnmmmJb.dll [27/03/2008 20:33 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmmJb]
nnnmmmJb.dll 27/03/2008 20:33 39936 C:\WINDOWS\system32\nnnmmmJb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkHWPf]
wvUkHWPf.dll 27/03/2008 20:33 39936 C:\WINDOWS\system32\wvUkHWPf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcATKET.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-04-05 20:31:48 ------------
Posted Image
Thanks Shaba! :)

BC AdBot (Login to Remove)

 


m

#2 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 05 April 2008 - 05:15 PM

Is it really bad or something? Nobody seems to be replying, Just viewing.
Posted Image
Thanks Shaba! :)

#3 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 06 April 2008 - 07:21 AM

I did another scan with Ashampoo Anti-Spyware, and it found 50 items. When I quarentined, it removed only 48 and a window appeared saying 'Your system will shut down in 1 minute' I entered 'shutdown -a' to Command prompt to stop it. Here is the new HJT logs after some items were removed. Please have a look at them.

Deckard's System Scanner v20071014.68
Run by on 2008-04-06 13:08:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as .exe) ----------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:48, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\.exe
C:\WINDOWS\system32\verclsid.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - C:\WINDOWS\system32\nnnmmmJb.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\jkbtcwhy.dll
O2 - BHO: (no name) - {49155060-6873-431C-BB73-61AC867A0010} - C:\WINDOWS\system32\efcATKET.dll (file missing)
O2 - BHO: (no name) - {8eb8a2a0-f752-406f-8ae8-ec5c8c5d1085} - C:\WINDOWS\system32\upnwvrmk.dll
O2 - BHO: (no name) - {AAD3161D-412E-4427-B2D5-40FF0F537368} - C:\WINDOWS\system32\yayaXOIB.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {680e6959-e683-e618-91d4-e95c8ef4d73d} - {d37d4fe8-c59e-4d19-816e-386e9596e086} - C:\WINDOWS\system32\bqyxwmwi.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [BM0b85d6b2] Rundll32.exe "C:\WINDOWS\system32\rbtfymxp.dll",s
O4 - HKLM\..\Run: [08b6e52e] rundll32.exe "C:\WINDOWS\system32\dhxspgsh.dll",b
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-682003330-1614895754-839522115-1005\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-682003330-1614895754-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-682003330-1614895754-839522115-1005\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe (User '?')
O4 - HKUS\S-1-5-21-682003330-1614895754-839522115-1005\..\Run: [Simplify Media] "C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" (User '?')
O4 - HKUS\S-1-5-21-682003330-1614895754-839522115-1005\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-682003330-1614895754-839522115-1005 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User '?')
O4 - S-1-5-21-682003330-1614895754-839522115-1005 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - S-1-5-21-682003330-1614895754-839522115-1005 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.13.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://219.117.233.69/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177430414718
O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} (LHGLauncherXForm Control) - http://www.shockwave.com/content/reaxxion/...HLGLauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6202EBF6-5BF0-4C6B-A4CD-3C7F02B0F2DA}: NameServer = 192.168.11.1
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: nnnmmmJb - C:\WINDOWS\SYSTEM32\nnnmmmJb.dll
O20 - Winlogon Notify: wvUkHWPf - C:\WINDOWS\SYSTEM32\wvUkHWPf.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 14103 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 13:05:03 89664 --a------ C:\WINDOWS\system32\bqyxwmwi.dll
2008-04-06 13:02:03 85056 --a------ C:\WINDOWS\system32\dhxspgsh.dll
2008-04-06 12:59:03 87104 --a------ C:\WINDOWS\system32\rbtfymxp.dll
2008-04-06 12:56:41 53312 --a------ C:\WINDOWS\system32\jkbtcwhy.dll
2008-04-06 12:56:02 236093 --ahs---- C:\WINDOWS\system32\BIOXayay.ini2
2008-04-06 12:55:59 268288 --a------ C:\WINDOWS\system32\yayaXOIB.dll
2008-04-06 12:01:52 85056 -----n--- C:\WINDOWS\system32\tsiopjhb.dll
2008-04-06 11:58:52 89664 --a------ C:\WINDOWS\system32\tkqhqtxx.dll
2008-04-06 11:55:53 53312 --a------ C:\WINDOWS\system32\mysahprr.dll
2008-04-06 11:54:51 87104 --a------ C:\WINDOWS\system32\rbuqyvvq.dll
2008-04-06 09:38:53 85056 -----n--- C:\WINDOWS\system32\lfhpcrth.dll
2008-04-06 09:35:53 89664 --a------ C:\WINDOWS\system32\gonqdcrx.dll
2008-04-06 09:32:53 53312 --a------ C:\WINDOWS\system32\fevylakd.dll
2008-04-06 09:30:26 87104 --a------ C:\WINDOWS\system32\dtrpgpdq.dll
2008-04-06 09:28:21 37376 --a------ C:\WINDOWS\system32\rqRljhff.dll
2008-04-06 09:28:08 53312 --a------ C:\WINDOWS\system32\yvayqqqv.dll
2008-04-06 01:27:17 89664 --a------ C:\WINDOWS\system32\ehyxltoi.dll
2008-04-06 01:21:17 53312 --a------ C:\WINDOWS\system32\ujynbbmv.dll
2008-04-06 01:18:18 87104 --a------ C:\WINDOWS\system32\reddrnon.dll
2008-04-06 00:37:22 37376 --a------ C:\WINDOWS\system32\khfCvUnm.dll
2008-04-06 00:29:25 37376 --a------ C:\WINDOWS\system32\tuvUKDWn.dll
2008-04-05 23:21:08 0 d-------- C:\Program Files\TightVNC
2008-04-05 20:29:10 0 d-------- C:\Program Files\Trend Micro
2008-04-05 20:22:14 89664 --a------ C:\WINDOWS\system32\bckukjfy.dll
2008-04-05 20:19:57 37376 --a------ C:\WINDOWS\system32\yayvULec.dll
2008-04-05 20:19:14 87104 --a------ C:\WINDOWS\system32\obyayfrc.dll
2008-04-05 20:16:15 53312 --a------ C:\WINDOWS\system32\xfbmupac.dll
2008-04-05 20:11:07 89664 --a------ C:\WINDOWS\system32\crogtobi.dll
2008-04-05 20:05:07 87104 --a------ C:\WINDOWS\system32\ldpekonr.dll
2008-04-05 20:02:28 53312 --a------ C:\WINDOWS\system32\ajifheoa.dll
2008-04-05 19:53:18 37376 --a------ C:\WINDOWS\system32\urqPiiFx.dll
2008-04-05 18:32:20 89664 --a------ C:\WINDOWS\system32\emhkkxvw.dll
2008-04-05 18:29:21 87104 --a------ C:\WINDOWS\system32\nsplgmup.dll
2008-04-05 18:26:30 53312 --a------ C:\WINDOWS\system32\pvamexjt.dll
2008-04-05 18:25:04 166296 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-05 17:19:02 89664 --a------ C:\WINDOWS\system32\fbhhnbbs.dll
2008-04-05 17:16:03 53312 --a------ C:\WINDOWS\system32\kafdgkai.dll
2008-04-05 17:13:43 87104 --a------ C:\WINDOWS\system32\hmyngget.dll
2008-04-05 17:11:15 37376 --a------ C:\WINDOWS\system32\tuvSlIaw.dll
2008-04-05 00:29:46 90176 --a------ C:\WINDOWS\system32\ecmyllbi.dll
2008-04-05 00:23:51 87104 --a------ C:\WINDOWS\system32\rijgjrnq.dll
2008-04-05 00:20:48 53312 --a------ C:\WINDOWS\system32\dlkkykms.dll
2008-04-05 00:20:19 36352 --a------ C:\WINDOWS\system32\vtUkkhHa.dll
2008-04-04 19:37:27 87104 --a------ C:\WINDOWS\system32\kkcyosao.dll
2008-04-04 19:36:52 53312 --a------ C:\WINDOWS\system32\nxoswsek.dll
2008-04-04 19:33:29 87104 --a------ C:\WINDOWS\system32\srsndjqm.dll
2008-04-04 11:44:29 90688 --a------ C:\WINDOWS\system32\kphnvqdr.dll
2008-04-04 11:41:29 88640 --a------ C:\WINDOWS\system32\owfamfrd.dll
2008-04-04 10:02:40 90688 --a------ C:\WINDOWS\system32\qwdswdcr.dll
2008-04-04 10:00:12 88640 --a------ C:\WINDOWS\system32\thqdptse.dll
2008-04-03 23:52:07 89152 --a------ C:\WINDOWS\system32\dosxrghm.dll
2008-04-03 23:46:35 88640 --a------ C:\WINDOWS\system32\nmaxvgqa.dll
2008-04-03 19:54:54 89152 --a------ C:\WINDOWS\system32\rhiijirn.dll
2008-04-03 19:49:00 88640 --a------ C:\WINDOWS\system32\ovvbupjx.dll
2008-04-03 19:48:10 0 d-------- C:\Program Files\Ashampoo
2008-04-03 19:34:37 89152 --a------ C:\WINDOWS\system32\baegtsah.dll
2008-04-03 19:30:59 88640 --a------ C:\WINDOWS\system32\krbukerm.dll
2008-04-03 19:09:34 89152 --a------ C:\WINDOWS\system32\okgedxqb.dll
2008-04-03 19:03:34 88640 --a------ C:\WINDOWS\system32\fberirxi.dll
2008-04-03 18:37:25 89152 --a------ C:\WINDOWS\system32\tjndmuvb.dll
2008-04-03 18:36:27 88640 --a------ C:\WINDOWS\system32\ckfubbhy.dll
2008-04-03 16:20:51 89152 --a------ C:\WINDOWS\system32\ykbgtlhg.dll
2008-04-03 16:19:55 88640 --a------ C:\WINDOWS\system32\tultcyva.dll
2008-04-03 16:12:52 89152 --a------ C:\WINDOWS\system32\kwuqtfuj.dll
2008-04-03 16:09:52 88640 --a------ C:\WINDOWS\system32\ghuflxya.dll
2008-04-03 15:41:31 89152 --a------ C:\WINDOWS\system32\sxgbomds.dll
2008-04-03 15:38:27 88640 --a------ C:\WINDOWS\system32\jxkgsyuc.dll
2008-04-03 13:03:13 35840 --a------ C:\WINDOWS\system32\wvUnKDSl.dll
2008-04-03 12:40:22 35840 --a------ C:\WINDOWS\system32\tuvTJDsQ.dll
2008-04-03 11:34:51 35840 --a------ C:\WINDOWS\system32\qoMfcArq.dll
2008-04-03 09:50:29 89152 --a------ C:\WINDOWS\system32\ltnsiadl.dll
2008-04-03 09:48:07 88640 --a------ C:\WINDOWS\system32\mtggvttu.dll
2008-04-03 09:46:12 35840 --a------ C:\WINDOWS\system32\urqRJDuR.dll
2008-04-02 21:49:38 0 d-------- C:\Program Files\Lavasoft
2008-04-02 21:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 21:14:28 91712 --a------ C:\WINDOWS\system32\xcfieyjw.dll
2008-04-02 21:08:28 88128 --a------ C:\WINDOWS\system32\ulfrsssu.dll
2008-04-02 21:06:17 35840 --a------ C:\WINDOWS\system32\ssqRKefE.dll
2008-04-02 20:47:24 91712 --a------ C:\WINDOWS\system32\ekghelmb.dll
2008-04-02 20:44:29 88128 --a------ C:\WINDOWS\system32\bcfphxpg.dll
2008-04-02 20:43:03 35840 --a------ C:\WINDOWS\system32\jkkJcASJ.dll
2008-04-02 19:59:35 35840 --a------ C:\WINDOWS\system32\iifcATkH.dll
2008-04-02 19:51:43 91712 --a------ C:\WINDOWS\system32\nvyxqwhv.dll
2008-04-02 19:46:58 35840 --a------ C:\WINDOWS\system32\mlJBUnNf.dll
2008-04-02 19:46:34 88128 --a------ C:\WINDOWS\system32\fmkynhxq.dll
2008-04-02 19:43:39 35840 --a------ C:\WINDOWS\system32\iifgEwuU.dll
2008-04-02 17:42:04 35840 --a------ C:\WINDOWS\system32\opnnoNFV.dll
2008-04-02 17:40:38 36352 --a------ C:\WINDOWS\system32\nnnkKBrO.dll
2008-04-02 17:32:23 35840 --a------ C:\WINDOWS\system32\geBtRjGx.dll
2008-04-02 17:19:31 36352 --a------ C:\WINDOWS\system32\hgGxVPFW.dll
2008-04-02 17:15:57 35840 --a------ C:\WINDOWS\system32\iifghGAr.dll
2008-04-02 17:06:28 35840 --a------ C:\WINDOWS\system32\byXQKaXR.dll
2008-04-02 16:46:52 35840 --a------ C:\WINDOWS\system32\byXOhGAQ.dll
2008-04-02 16:27:26 35840 --a------ C:\WINDOWS\system32\efcYQHWn.dll
2008-04-02 16:17:02 91712 --a------ C:\WINDOWS\system32\cinyifjk.dll
2008-04-02 16:11:10 88128 --a------ C:\WINDOWS\system32\ipdgepir.dll
2008-04-02 16:09:46 36352 --a------ C:\WINDOWS\system32\jkkJdDTK.dll
2008-04-02 16:09:12 36352 --a------ C:\WINDOWS\system32\opnnlkjg.dll
2008-04-01 19:43:25 88128 --a------ C:\WINDOWS\system32\vwqcikcw.dll
2008-04-01 19:37:20 90688 --a------ C:\WINDOWS\system32\ijklqckx.dll
2008-04-01 19:34:21 88128 --a------ C:\WINDOWS\system32\fgkfwjpf.dll
2008-04-01 19:18:12 36352 --a------ C:\WINDOWS\system32\pmnkIApn.dll
2008-04-01 18:24:04 90688 --a------ C:\WINDOWS\system32\qvmpnmao.dll
2008-04-01 18:20:28 88128 --a------ C:\WINDOWS\system32\urmyhehj.dll
2008-04-01 18:13:30 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-04-01 17:53:54 90688 --a------ C:\WINDOWS\system32\xhjotquo.dll
2008-04-01 17:49:50 88128 --a------ C:\WINDOWS\system32\batqkveb.dll
2008-04-01 17:42:52 36352 --a------ C:\WINDOWS\system32\byXPfeef.dll
2008-04-01 17:30:55 90688 --a------ C:\WINDOWS\system32\hqfnttph.dll
2008-04-01 17:27:55 88128 --a------ C:\WINDOWS\system32\csteujcd.dll
2008-04-01 16:47:20 90688 --a------ C:\WINDOWS\system32\mgqnasdo.dll
2008-04-01 16:45:34 88128 --a------ C:\WINDOWS\system32\sgosbotl.dll
2008-04-01 16:44:04 90688 --a------ C:\WINDOWS\system32\ouxtnjmj.dll
2008-04-01 16:21:16 88128 --a------ C:\WINDOWS\system32\udhgjqmy.dll
2008-03-31 22:57:19 91712 --a------ C:\WINDOWS\system32\upnwvrmk.dll
2008-03-31 21:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 21:21:25 91712 --a------ C:\WINDOWS\system32\wvmtphgp.dll
2008-03-31 21:08:15 91712 --a------ C:\WINDOWS\system32\pbvebvro.dll
2008-03-31 16:27:22 90688 --a------ C:\WINDOWS\system32\jfdcfflc.dll
2008-03-31 11:45:10 90688 --a------ C:\WINDOWS\system32\jkijesrj.dll
2008-03-31 11:27:44 35840 --a------ C:\WINDOWS\system32\fcccabYS.dll
2008-03-31 11:19:58 90688 --a------ C:\WINDOWS\system32\stjcikie.dll
2008-03-31 10:02:19 90688 --a------ C:\WINDOWS\system32\hwncfcuu.dll
2008-03-30 21:50:02 0 d-------- C:\Program Files\Easy SpyRemover
2008-03-30 21:41:57 0 d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-03-30 21:10:48 90176 --a------ C:\WINDOWS\system32\vyjntjsb.dll
2008-03-30 20:37:43 90176 --a------ C:\WINDOWS\system32\yvquggkm.dll
2008-03-30 20:10:44 38400 --a------ C:\WINDOWS\system32\nnnmnmLE.dll
2008-03-30 19:55:52 38400 --a------ C:\WINDOWS\system32\yayyWqRh.dll
2008-03-30 19:37:20 38400 --a------ C:\WINDOWS\system32\byXPJYop.dll
2008-03-30 19:23:37 38400 --a------ C:\WINDOWS\system32\mlJDTnnM.dll
2008-03-30 19:16:42 90176 --a------ C:\WINDOWS\system32\lelyqpox.dll
2008-03-30 18:38:04 38400 --a------ C:\WINDOWS\system32\mlJCTJBS.dll
2008-03-30 18:19:05 38400 --a------ C:\WINDOWS\system32\byXRighi.dll
2008-03-30 18:02:41 38400 --a------ C:\WINDOWS\system32\pmnkIXNe.dll
2008-03-30 11:26:47 90176 --a------ C:\WINDOWS\system32\mywawlbd.dll
2008-03-30 11:26:00 36352 --a------ C:\WINDOWS\system32\fccbBTkL.dll
2008-03-30 10:11:28 90176 --a------ C:\WINDOWS\system32\bphubomd.dll
2008-03-30 10:10:04 36352 --a------ C:\WINDOWS\system32\awtutroP.dll
2008-03-29 23:54:32 0 d-------- C:\Program Files\ManyCam 2.2
2008-03-29 22:46:54 90176 --a------ C:\WINDOWS\system32\wyigbpwu.dll
2008-03-29 21:03:55 36352 --a------ C:\WINDOWS\system32\geBuUmLd.dll
2008-03-29 20:24:11 38912 --a------ C:\WINDOWS\system32\fccyvSKe.dll
2008-03-29 18:58:44 90176 --a------ C:\WINDOWS\system32\bavrbeua.dll
2008-03-29 18:44:23 90176 --a------ C:\WINDOWS\system32\fvlukvyf.dll
2008-03-29 18:25:41 90176 --a------ C:\WINDOWS\system32\mllhdnwb.dll
2008-03-29 17:52:43 90176 --a------ C:\WINDOWS\system32\aituqwpl.dll
2008-03-29 17:49:46 85568 --a------ C:\WINDOWS\system32\pvhjkamw.dll
2008-03-29 15:28:59 38912 --a------ C:\WINDOWS\system32\nnnliIXq.dll
2008-03-29 13:58:31 90176 --a------ C:\WINDOWS\system32\xtitjuti.dll
2008-03-29 09:57:48 90176 --a------ C:\WINDOWS\system32\mdoirlkb.dll
2008-03-29 09:53:11 38912 --a------ C:\WINDOWS\system32\khfGApol.dll
2008-03-28 20:29:44 39936 --a------ C:\WINDOWS\system32\iifcYOgg.dll
2008-03-28 20:29:34 39936 --a------ C:\WINDOWS\system32\qoMdBULc.dll
2008-03-28 19:18:43 90688 --a------ C:\WINDOWS\system32\ffluqchp.dll
2008-03-28 19:16:48 90688 --a------ C:\WINDOWS\system32\anxblxgi.dll
2008-03-28 19:16:43 87616 --a------ C:\WINDOWS\system32\fntvenmj.dll
2008-03-28 19:15:42 243321 --ahs---- C:\WINDOWS\system32\DKkjmnnn.ini2
2008-03-28 19:15:37 268288 --a------ C:\WINDOWS\system32\nnnmjkKD.dll
2008-03-28 19:13:37 86080 --a------ C:\WINDOWS\system32\yoocjsqo.dll
2008-03-28 19:11:33 87616 --a------ C:\WINDOWS\system32\paaemqvp.dll
2008-03-28 19:04:56 87616 --a------ C:\WINDOWS\system32\hqqfmtxq.dll
2008-03-27 20:41:33 92224 --a------ C:\WINDOWS\system32\deeytvte.dll
2008-03-27 20:39:24 93248 --a------ C:\WINDOWS\system32\yumqyili.dll
2008-03-27 20:38:32 243217 --ahs---- C:\WINDOWS\system32\TEKTAcfe.ini2
2008-03-27 20:33:50 39936 --a------ C:\WINDOWS\system32\nnnmmmJb.dll
2008-03-27 20:33:22 39936 --a------ C:\WINDOWS\system32\wvUkHWPf.dll
2008-03-24 19:07:10 0 d-------- C:\WINDOWS\ERUNT
2008-03-24 18:18:18 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-03-24 18:17:29 0 d-------- C:\Program Files\Greatis
2008-03-24 17:39:12 0 d-------- C:\Documents and Settings\Martin\Application Data\Webcammax
2008-03-24 17:25:37 6656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-03-24 17:23:57 12421 --ahs---- C:\WINDOWS\system32\sstwa.ini2
2008-03-24 17:16:37 58368 --a------ C:\hlkhyer.exe
2008-03-24 17:16:34 59904 --a------ C:\ovvbu.exe
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Webcammax
2008-03-24 17:03:33 0 d-------- C:\Program Files\WebcamMax
2008-03-15 23:17:22 0 d-------- C:\Fraps


-- Find3M Report ---------------------------------------------------------------

2008-04-06 11:33:08 24424 --a------ C:\Documents and Settings\Admin\Application Data\.googlewebacchosts
2008-04-04 01:20:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-04-04 00:41:08 0 d-------- C:\Program Files\Xfire
2008-04-03 19:39:41 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files
2008-04-01 20:41:09 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-03-24 18:41:02 0 d-------- C:\Program Files\DVBT
2008-03-21 23:24:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 21:41:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-01 10:41:42 0 d-------- C:\Program Files\iTunes
2008-03-01 10:40:21 0 d-------- C:\Program Files\iPod
2008-03-01 10:36:21 0 d-------- C:\Program Files\QuickTime
2008-02-25 22:12:07 0 d-------- C:\Program Files\Toribash-3.1
2008-02-25 22:10:55 0 d-------- C:\Program Files\Bonjour
2008-02-25 20:43:12 0 d-------- C:\Program Files\Last.fm
2008-02-12 14:10:44 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-12 14:08:29 0 d-------- C:\Documents and Settings\Admin\Application Data\iolo
2008-02-11 02:11:58 0 d-------- C:\Program Files\Rockstar Games
2008-02-11 01:25:42 0 d-------- C:\Program Files\GTATools
2008-02-11 01:08:59 0 d-------- C:\Program Files\Junction25
2008-01-27 23:56:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-14 13:52:00 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-13 15:50:46 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-06 21:28:52 11975913 --a------ C:\Program1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}]
27/03/2008 20:33 39936 --a------ C:\WINDOWS\system32\nnnmmmJb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
06/04/2008 12:56 53312 --a------ C:\WINDOWS\system32\jkbtcwhy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49155060-6873-431C-BB73-61AC867A0010}]
C:\WINDOWS\system32\efcATKET.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8eb8a2a0-f752-406f-8ae8-ec5c8c5d1085}]
31/03/2008 22:57 91712 --a------ C:\WINDOWS\system32\upnwvrmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAD3161D-412E-4427-B2D5-40FF0F537368}]
06/04/2008 12:56 268288 --a------ C:\WINDOWS\system32\yayaXOIB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d37d4fe8-c59e-4d19-816e-386e9596e086}]
06/04/2008 13:05 89664 --a------ C:\WINDOWS\system32\bqyxwmwi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [11/08/2006 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11/08/2006 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 16:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/08/2007 16:04]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 15:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 15:10]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 19:49]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"Windows live Messenger"="msn.com" []
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [14/08/2007 09:29]
"BM0b85d6b2"="C:\WINDOWS\system32\rbtfymxp.dll" [06/04/2008 12:59]
"08b6e52e"="C:\WINDOWS\system32\dhxspgsh.dll" [06/04/2008 13:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/05/2007 19:01]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"WindowBlinds"="C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" []
"Simplify Media"="C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" []
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [25/02/2008 20:43:01]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [13/01/2008 17:11:39]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [14/03/2008 00:06:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [09/07/2007 23:24:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\nnnmmmJb.dll [27/03/2008 20:33 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmmJb]
nnnmmmJb.dll 27/03/2008 20:33 39936 C:\WINDOWS\system32\nnnmmmJb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkHWPf]
wvUkHWPf.dll 27/03/2008 20:33 39936 C:\WINDOWS\system32\wvUkHWPf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayaXOIB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-04-06 13:11:13 ------------

Thanks
Posted Image
Thanks Shaba! :)

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:49 PM

Posted 06 April 2008 - 07:24 AM

Hi Connor!

You have/had a messenger worm so I highly recommend that you don't use messenger until you're clean and and change messenger password from clean machine.

We start with this:

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 06 April 2008 - 08:24 AM

Ok, Done.

COMBOFIX LOG
ComboFix 08-04-04.1 - Admin 2008-04-06 13:30:55.1 - NTFSx86

Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM0b85d6b2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aituqwpl.dll
C:\WINDOWS\system32\awtutroP.dll
C:\WINDOWS\system32\baegtsah.dll
C:\WINDOWS\system32\batqkveb.dll
C:\WINDOWS\system32\bavrbeua.dll
C:\WINDOWS\system32\bcfphxpg.dll
C:\WINDOWS\system32\bckukjfy.dll
C:\WINDOWS\system32\bhjpoist.ini
C:\WINDOWS\system32\BIOXayay.ini
C:\WINDOWS\system32\BIOXayay.ini2
C:\WINDOWS\system32\bphubomd.dll
C:\WINDOWS\system32\bqyxwmwi.dll
C:\WINDOWS\system32\byXOhGAQ.dll
C:\WINDOWS\system32\byXPfeef.dll
C:\WINDOWS\system32\byXPJYop.dll
C:\WINDOWS\system32\byXQKaXR.dll
C:\WINDOWS\system32\byXRighi.dll
C:\WINDOWS\system32\cinyifjk.dll
C:\WINDOWS\system32\ckfubbhy.dll
C:\WINDOWS\system32\crogtobi.dll
C:\WINDOWS\system32\csteujcd.dll
C:\WINDOWS\system32\dhxspgsh.dll
C:\WINDOWS\system32\DKkjmnnn.ini
C:\WINDOWS\system32\DKkjmnnn.ini2
C:\WINDOWS\system32\dosxrghm.dll
C:\WINDOWS\system32\dtrpgpdq.dll
C:\WINDOWS\system32\ecmyllbi.dll
C:\WINDOWS\system32\efcYQHWn.dll
C:\WINDOWS\system32\ehyxltoi.dll
C:\WINDOWS\system32\ekghelmb.dll
C:\WINDOWS\system32\emhkkxvw.dll
C:\WINDOWS\system32\fberirxi.dll
C:\WINDOWS\system32\fbhhnbbs.dll
C:\WINDOWS\system32\fccbBTkL.dll
C:\WINDOWS\system32\fcccabYS.dll
C:\WINDOWS\system32\fccyvSKe.dll
C:\WINDOWS\system32\fgkfwjpf.dll
C:\WINDOWS\system32\fmkynhxq.dll
C:\WINDOWS\system32\fntvenmj.dll
C:\WINDOWS\system32\fvlukvyf.dll
C:\WINDOWS\system32\geBtRjGx.dll
C:\WINDOWS\system32\geBuUmLd.dll
C:\WINDOWS\system32\ghuflxya.dll
C:\WINDOWS\system32\gonqdcrx.dll
C:\WINDOWS\system32\hgGxVPFW.dll
C:\WINDOWS\system32\hmyngget.dll
C:\WINDOWS\system32\hqqfmtxq.dll
C:\WINDOWS\system32\hsgpsxhd.ini
C:\WINDOWS\system32\htrcphfl.ini
C:\WINDOWS\system32\iifcATkH.dll
C:\WINDOWS\system32\iifgEwuU.dll
C:\WINDOWS\system32\iifghGAr.dll
C:\WINDOWS\system32\ipdgepir.dll
C:\WINDOWS\system32\jkkJcASJ.dll
C:\WINDOWS\system32\jkkJdDTK.dll
C:\WINDOWS\system32\jxkgsyuc.dll
C:\WINDOWS\system32\kglliiob.ini
C:\WINDOWS\system32\khfCvUnm.dll
C:\WINDOWS\system32\khfGApol.dll
C:\WINDOWS\system32\kkcyosao.dll
C:\WINDOWS\system32\kknvrsqd.ini
C:\WINDOWS\system32\kphnvqdr.dll
C:\WINDOWS\system32\krbukerm.dll
C:\WINDOWS\system32\kwuqtfuj.dll
C:\WINDOWS\system32\ldpekonr.dll
C:\WINDOWS\system32\lelyqpox.dll
C:\WINDOWS\system32\lfhpcrth.dll
C:\WINDOWS\system32\ltnsiadl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdoirlkb.dll
C:\WINDOWS\system32\mlJBUnNf.dll
C:\WINDOWS\system32\mlJCTJBS.dll
C:\WINDOWS\system32\mlJDTnnM.dll
C:\WINDOWS\system32\mllhdnwb.dll
C:\WINDOWS\system32\mtggvttu.dll
C:\WINDOWS\system32\mywawlbd.dll
C:\WINDOWS\system32\nmaxvgqa.dll
C:\WINDOWS\system32\nnnkKBrO.dll
C:\WINDOWS\system32\nnnliIXq.dll
C:\WINDOWS\system32\nnnmnmLE.dll
C:\WINDOWS\system32\nsplgmup.dll
C:\WINDOWS\system32\nvyxqwhv.dll
C:\WINDOWS\system32\obyayfrc.dll
C:\WINDOWS\system32\ocbumgxa.ini
C:\WINDOWS\system32\okgedxqb.dll
C:\WINDOWS\system32\opnnlkjg.dll
C:\WINDOWS\system32\opnnoNFV.dll
C:\WINDOWS\system32\oqsjcooy.ini
C:\WINDOWS\system32\ovvbupjx.dll
C:\WINDOWS\system32\owfamfrd.dll
C:\WINDOWS\system32\paaemqvp.dll
C:\WINDOWS\system32\pmnkIApn.dll
C:\WINDOWS\system32\pmnkIXNe.dll
C:\WINDOWS\system32\pvhjkamw.dll
C:\WINDOWS\system32\qcbonpso.ini
C:\WINDOWS\system32\qoMfcArq.dll
C:\WINDOWS\system32\qwdswdcr.dll
C:\WINDOWS\system32\rbtfymxp.dll
C:\WINDOWS\system32\rbuqyvvq.dll
C:\WINDOWS\system32\reddrnon.dll
C:\WINDOWS\system32\rhiijirn.dll
C:\WINDOWS\system32\rijgjrnq.dll
C:\WINDOWS\system32\rqRljhff.dll
C:\WINDOWS\system32\sgosbotl.dll
C:\WINDOWS\system32\srsndjqm.dll
C:\WINDOWS\system32\ssqRKefE.dll
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sxgbomds.dll
C:\WINDOWS\system32\TEKTAcfe.ini
C:\WINDOWS\system32\TEKTAcfe.ini2
C:\WINDOWS\system32\thqdptse.dll
C:\WINDOWS\system32\tjndmuvb.dll
C:\WINDOWS\system32\tkqhqtxx.dll
C:\WINDOWS\system32\tsiopjhb.dll
C:\WINDOWS\system32\tultcyva.dll
C:\WINDOWS\system32\tuvSlIaw.dll
C:\WINDOWS\system32\tuvTJDsQ.dll
C:\WINDOWS\system32\tuvUKDWn.dll
C:\WINDOWS\system32\udhgjqmy.dll
C:\WINDOWS\system32\uhuqbrqk.ini
C:\WINDOWS\system32\ulfrsssu.dll
C:\WINDOWS\system32\urmyhehj.dll
C:\WINDOWS\system32\urqPiiFx.dll
C:\WINDOWS\system32\urqRJDuR.dll
C:\WINDOWS\system32\vtUkkhHa.dll
C:\WINDOWS\system32\vwqcikcw.dll
C:\WINDOWS\system32\vyjntjsb.dll
C:\WINDOWS\system32\wmakjhvp.ini
C:\WINDOWS\system32\wvUnKDSl.dll
C:\WINDOWS\system32\wyigbpwu.dll
C:\WINDOWS\system32\xcfieyjw.dll
C:\WINDOWS\system32\xtitjuti.dll
C:\WINDOWS\system32\yayaXOIB.dll
C:\WINDOWS\system32\yayvULec.dll
C:\WINDOWS\system32\yayyWqRh.dll
C:\WINDOWS\system32\ykbgtlhg.dll
C:\WINDOWS\system32\yoocjsqo.dll
C:\WINDOWS\system32\yvquggkm.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:54 . 2008-04-06 13:54 268,288 --a------ C:\WINDOWS\system32\nnnnnLBq.dll
2008-04-06 13:54 . 2008-04-06 13:54 345 --ahs---- C:\WINDOWS\system32\qBLnnnnn.ini2
2008-04-06 13:54 . 2008-04-06 13:59 345 --ahs---- C:\WINDOWS\system32\qBLnnnnn.ini
2008-04-06 12:56 . 2008-04-06 12:56 53,312 --a------ C:\WINDOWS\system32\jkbtcwhy.dll
2008-04-06 11:55 . 2008-04-06 11:55 53,312 --a------ C:\WINDOWS\system32\mysahprr.dll
2008-04-06 09:32 . 2008-04-06 09:32 53,312 --a------ C:\WINDOWS\system32\fevylakd.dll
2008-04-06 09:28 . 2008-04-06 09:28 53,312 --a------ C:\WINDOWS\system32\yvayqqqv.dll
2008-04-06 01:21 . 2008-04-06 01:21 53,312 --a------ C:\WINDOWS\system32\ujynbbmv.dll
2008-04-05 23:21 . 2008-04-05 23:21 <DIR> d-------- C:\Program Files\TightVNC
2008-04-05 20:29 . 2008-04-05 20:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 20:24 . 2008-04-05 20:24 <DIR> d-------- C:\Deckard
2008-04-05 20:16 . 2008-04-05 20:16 53,312 --a------ C:\WINDOWS\system32\xfbmupac.dll
2008-04-05 20:02 . 2008-04-05 20:02 53,312 --a------ C:\WINDOWS\system32\ajifheoa.dll
2008-04-05 18:26 . 2008-04-05 18:26 53,312 --a------ C:\WINDOWS\system32\pvamexjt.dll
2008-04-05 18:25 . 2008-04-05 18:26 166,296 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-05 17:22 . 2008-04-05 18:32 1,373,763 ---hs---- C:\WINDOWS\system32\vjfjmkwn.ini
2008-04-05 17:16 . 2008-04-05 17:16 53,312 --a------ C:\WINDOWS\system32\kafdgkai.dll
2008-04-05 00:20 . 2008-04-05 00:20 53,312 --a------ C:\WINDOWS\system32\dlkkykms.dll
2008-04-05 00:18 . 2008-04-05 00:19 1,410,077 ---hs---- C:\WINDOWS\system32\jhwyiwyi.ini
2008-04-04 19:36 . 2008-04-04 19:36 53,312 --a------ C:\WINDOWS\system32\nxoswsek.dll
2008-04-04 11:47 . 2008-04-05 00:18 1,351,592 ---hs---- C:\WINDOWS\system32\tydujkta.ini
2008-04-04 10:05 . 1980-04-04 11:39 696,812 ---hs---- C:\WINDOWS\system32\besgkglf.ini
2008-04-03 23:49 . 2008-04-04 09:57 4,794 ---hs---- C:\WINDOWS\system32\lhcxcldn.ini
2008-04-03 19:51 . 2008-04-03 23:43 2,686,069 ---hs---- C:\WINDOWS\system32\kpnmwoew.ini
2008-04-03 19:48 . 2008-04-03 19:48 <DIR> d-------- C:\Program Files\Ashampoo
2008-04-03 19:31 . 2008-04-03 19:46 2,687,087 ---hs---- C:\WINDOWS\system32\edlodjeh.ini
2008-04-03 19:06 . 1980-04-03 19:29 2,688,067 ---hs---- C:\WINDOWS\system32\pehhovvm.ini
2008-04-03 18:40 . 2008-04-03 19:01 2,687,947 ---hs---- C:\WINDOWS\system32\exjqkutr.ini
2008-04-03 16:26 . 2008-04-03 18:34 2,737,558 ---hs---- C:\WINDOWS\system32\blmymgrk.ini
2008-04-03 16:15 . 1980-04-03 16:18 2,674,653 ---hs---- C:\WINDOWS\system32\roioyfei.ini
2008-04-03 15:44 . 1980-04-03 16:07 2,676,198 ---hs---- C:\WINDOWS\system32\inuknmid.ini
2008-04-03 09:56 . 2008-04-03 15:36 2,668,762 ---hs---- C:\WINDOWS\system32\sglmcyng.ini
2008-04-02 21:49 . 2008-04-02 21:49 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 21:49 . 2008-04-02 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 21:48 . 2008-04-02 21:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 21:17 . 2008-04-03 09:45 3,286,289 ---hs---- C:\WINDOWS\system32\ohmwowjv.ini
2008-04-02 20:53 . 2008-04-02 21:05 2,586,649 ---hs---- C:\WINDOWS\system32\bsrrffmh.ini
2008-04-02 19:54 . 2008-04-02 20:43 3,203,987 ---hs---- C:\WINDOWS\system32\xcsmqjru.ini
2008-04-02 16:14 . 2008-04-02 19:43 2,552,756 ---hs---- C:\WINDOWS\system32\tagvpsyh.ini
2008-04-01 19:49 . 2008-04-02 16:08 2,552,636 ---hs---- C:\WINDOWS\system32\bpcuenum.ini
2008-04-01 19:41 . 2008-04-01 19:43 2,552,456 ---hs---- C:\WINDOWS\system32\hqomlfne.ini
2008-04-01 19:37 . 2008-04-01 19:37 90,688 --a------ C:\WINDOWS\system32\ijklqckx.dll
2008-04-01 18:24 . 2008-04-01 18:24 90,688 --a------ C:\WINDOWS\system32\qvmpnmao.dll
2008-04-01 18:21 . 2008-04-01 19:41 2,694,959 ---hs---- C:\WINDOWS\system32\fwbyxjis.ini
2008-04-01 18:13 . 2008-04-01 18:13 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-04-01 17:53 . 2008-04-01 17:53 90,688 --a------ C:\WINDOWS\system32\xhjotquo.dll
2008-04-01 17:51 . 2008-04-01 18:18 2,802,227 ---hs---- C:\WINDOWS\system32\iykhslrl.ini
2008-04-01 17:33 . 2008-04-01 17:48 1,506,741 ---hs---- C:\WINDOWS\system32\tevnmofh.ini
2008-04-01 17:30 . 2008-04-01 17:30 90,688 --a------ C:\WINDOWS\system32\hqfnttph.dll
2008-04-01 16:47 . 2008-04-01 16:47 90,688 --a------ C:\WINDOWS\system32\mgqnasdo.dll
2008-04-01 16:44 . 2008-04-01 16:44 90,688 --a------ C:\WINDOWS\system32\ouxtnjmj.dll
2008-04-01 16:21 . 2008-04-01 17:25 1,506,621 ---hs---- C:\WINDOWS\system32\ylmxphuy.ini
2008-03-31 22:57 . 2008-03-31 22:57 91,712 --a------ C:\WINDOWS\system32\upnwvrmk.dll
2008-03-31 22:55 . 2008-04-01 16:20 1,527,440 ---hs---- C:\WINDOWS\system32\vomgrkfm.ini
2008-03-31 21:56 . 2008-03-31 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 21:43 . 2008-03-31 21:41 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-31 21:21 . 2008-03-31 21:21 91,712 --a------ C:\WINDOWS\system32\wvmtphgp.dll
2008-03-31 21:20 . 2008-03-31 22:49 1,528,305 ---hs---- C:\WINDOWS\system32\faclroeu.ini
2008-03-31 21:08 . 2008-03-31 21:08 91,712 --a------ C:\WINDOWS\system32\pbvebvro.dll
2008-03-31 21:05 . 1980-03-31 21:19 1,528,125 ---hs---- C:\WINDOWS\system32\eqlhcrgv.ini
2008-03-31 16:29 . 2008-03-31 21:03 1,540,191 ---hs---- C:\WINDOWS\system32\ngnelxov.ini
2008-03-31 16:27 . 2008-03-31 16:27 90,688 --a------ C:\WINDOWS\system32\jfdcfflc.dll
2008-03-31 16:24 . 2008-03-31 16:25 1,599,267 ---hs---- C:\WINDOWS\system32\myqsfkvc.ini
2008-03-31 11:45 . 2008-03-31 11:45 90,688 --a------ C:\WINDOWS\system32\jkijesrj.dll
2008-03-31 11:22 . 2008-03-31 16:23 1,584,688 ---hs---- C:\WINDOWS\system32\oupojtyn.ini
2008-03-31 11:19 . 2008-03-31 11:19 90,688 --a------ C:\WINDOWS\system32\stjcikie.dll
2008-03-31 10:02 . 2008-03-31 10:02 90,688 --a------ C:\WINDOWS\system32\hwncfcuu.dll
2008-03-31 10:01 . 2008-03-31 10:17 1,583,218 ---hs---- C:\WINDOWS\system32\djsejowj.ini
2008-03-30 21:50 . 2008-03-31 19:50 <DIR> d-------- C:\Program Files\Easy SpyRemover
2008-03-30 21:41 . 2008-03-31 21:44 <DIR> d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-03-30 21:09 . 2008-03-31 09:59 1,584,717 ---hs---- C:\WINDOWS\system32\qyeyshjo.ini
2008-03-30 20:40 . 1980-03-30 21:08 1,584,597 ---hs---- C:\WINDOWS\system32\jmavfjol.ini
2008-03-30 19:13 . 2008-03-30 20:35 1,584,477 ---hs---- C:\WINDOWS\system32\qkiauxed.ini
2008-03-30 11:28 . 1980-03-30 19:11 1,584,357 ---hs---- C:\WINDOWS\system32\gelspdqw.ini
2008-03-30 10:14 . 2008-03-30 11:25 1,584,237 ---hs---- C:\WINDOWS\system32\taubyoru.ini
2008-03-29 23:54 . 2008-03-29 23:57 <DIR> d-------- C:\Program Files\ManyCam 2.2
2008-03-29 22:43 . 2008-03-30 10:09 1,584,117 ---hs---- C:\WINDOWS\system32\vtechybf.ini
2008-03-29 18:57 . 2008-03-29 22:41 1,583,997 ---hs---- C:\WINDOWS\system32\ldmidckt.ini
2008-03-29 18:46 . 2008-03-29 18:56 1,583,877 ---hs---- C:\WINDOWS\system32\gdexttbr.ini
2008-03-29 18:26 . 2008-03-29 18:43 1,583,697 ---hs---- C:\WINDOWS\system32\ekwlvjph.ini
2008-03-29 13:59 . 2008-03-29 17:50 1,581,993 ---hs---- C:\WINDOWS\system32\yvchxsxl.ini
2008-03-29 09:54 . 2008-03-29 13:58 1,584,494 ---hs---- C:\WINDOWS\system32\ldrhuqqa.ini
2008-03-28 20:29 . 2008-03-28 20:29 39,936 --a------ C:\WINDOWS\system32\qoMdBULc.dll
2008-03-28 20:29 . 2008-03-28 20:29 39,936 --a------ C:\WINDOWS\system32\iifcYOgg.dll
2008-03-28 19:21 . 2008-03-29 09:52 1,586,044 ---hs---- C:\WINDOWS\system32\kyxnvppb.ini
2008-03-28 19:18 . 2008-03-28 19:18 90,688 --a------ C:\WINDOWS\system32\ffluqchp.dll
2008-03-28 19:16 . 2008-03-28 19:16 90,688 --a------ C:\WINDOWS\system32\anxblxgi.dll
2008-03-28 19:15 . 2008-03-28 19:15 268,288 --a------ C:\WINDOWS\system32\nnnmjkKD.dll
2008-03-28 19:07 . 2008-03-28 19:10 1,583,409 ---hs---- C:\WINDOWS\system32\sbsgkvgn.ini
2008-03-27 20:44 . 2008-03-28 19:02 1,583,289 ---hs---- C:\WINDOWS\system32\yvdymcdq.ini
2008-03-27 20:41 . 2008-03-27 20:41 92,224 --a------ C:\WINDOWS\system32\deeytvte.dll
2008-03-27 20:39 . 2008-03-27 20:39 93,248 --a------ C:\WINDOWS\system32\yumqyili.dll
2008-03-27 20:33 . 2008-03-27 20:33 39,936 --a------ C:\WINDOWS\system32\wvUkHWPf.dll
2008-03-27 20:33 . 2008-03-27 20:33 39,936 --a------ C:\WINDOWS\system32\nnnmmmJb.dll
2008-03-24 19:07 . 2008-03-24 19:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-24 19:06 . 2008-03-24 19:37 <DIR> d-------- C:\SDFix
2008-03-24 18:23 . 2008-03-24 18:23 16,896 --a------ C:\WINDOWS\system32\BRAVIAX.EXE.del
2008-03-24 18:18 . 2008-03-24 19:44 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-03-24 18:18 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-03-24 18:17 . 2008-03-24 18:17 <DIR> d-------- C:\Program Files\Greatis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 00:20 --------- d-----w C:\Documents and Settings\Admin\Application Data\Xfire
2008-04-03 23:41 --------- d-----w C:\Program Files\Xfire
2008-04-03 18:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
2008-04-01 19:41 --------- d-----w C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-04-01 17:12 94,208 ----a-w C:\WINDOWS\Media\csrss.exe
2008-03-24 17:41 --------- d-----w C:\Program Files\DVBT
2008-03-24 05:23 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-03-21 22:39 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\uTorrent
2008-03-15 22:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-12 09:59 --------- d-----w C:\Documents and Settings\Martin\Application Data\Apple Computer
2008-03-12 09:20 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-03-02 10:20 --------- d-----w C:\Documents and Settings\Martin\Application Data\uTorrent
2008-03-01 21:55 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\Serif
2008-03-01 09:41 --------- d-----w C:\Program Files\iTunes
2008-03-01 09:40 --------- d-----w C:\Program Files\iPod
2008-03-01 09:36 --------- d-----w C:\Program Files\QuickTime
2008-02-25 21:12 --------- d-----w C:\Program Files\Toribash-3.1
2008-02-25 21:10 --------- d-----w C:\Program Files\Bonjour
2008-02-25 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2008-02-25 19:43 --------- d-----w C:\Program Files\Last.fm
2008-02-24 21:45 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\Xfire
2008-02-24 18:29 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\PC Suite
2008-02-24 01:59 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\Apple Computer
2008-02-23 20:00 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\Virgin Broadband
2008-02-12 13:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-02-12 13:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-02-12 13:10 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-02-12 13:08 --------- d-----w C:\Documents and Settings\Admin\Application Data\iolo
2008-02-11 01:11 --------- d-----w C:\Program Files\Rockstar Games
2008-02-11 00:25 --------- d-----w C:\Program Files\GTATools
2008-02-11 00:08 --------- d-----w C:\Program Files\Junction25
2008-02-09 21:30 --------- d-----w C:\Documents and Settings\Heather\Application Data\Apple Computer
2008-02-09 21:19 --------- d-----w C:\Documents and Settings\Heather\Application Data\PC Suite
2008-01-27 22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-27 17:52 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-12-06 00:48 5,545 ----a-w C:\Program Files\Readme.txt
2007-12-06 00:42 114,688 ----a-w C:\Program Files\SharePodLib.dll
2007-11-28 08:30 45,056 ----a-w C:\Program Files\SharePodUtility.exe
2007-10-16 15:30 13,364,296 ----a-w C:\Program Files\ManyCam 2.zip
2007-10-03 19:28 91,589 ----a-w C:\WINDOWS\Fonts\porkys.zip
2007-06-24 18:54 110,592 ----a-w C:\WINDOWS\Fonts\bring_tha_noize.exe
2007-06-24 18:51 15,709 ----a-w C:\WINDOWS\Fonts\bring_tha_noize.zip
2007-05-13 00:01 66,934 ----a-w C:\WINDOWS\Fonts\walt_disney.zip
2007-05-08 04:16 274,432 ----a-w C:\Program Files\Interop.WMPLib.dll
2007-05-06 17:41 90,112 ----a-w C:\Program Files\sharepod_input.dll
2007-05-01 03:44 131,072 ----a-w C:\Program Files\Interop.SHDocVw.dll
2007-04-18 00:09 104,960 ----a-w C:\Program Files\mp4v2.dll
2007-04-18 00:08 141,312 ----a-w C:\Program Files\in_mp3.dll
2007-12-17 17:43 88 --sh--r C:\WINDOWS\system32\27855CE3D7.sys
2007-12-17 17:43 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}]
2008-03-27 20:33 39936 --a------ C:\WINDOWS\system32\nnnmmmJb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-04-06 14:00 53312 --a------ C:\WINDOWS\system32\lbhkuisk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49155060-6873-431C-BB73-61AC867A0010}]
C:\WINDOWS\system32\efcATKET.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B4E13CB-A149-4F88-8121-81A84FF1B446}]
2008-04-06 13:54 268288 --a------ C:\WINDOWS\system32\nnnnnLBq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8eb8a2a0-f752-406f-8ae8-ec5c8c5d1085}]
2008-03-31 22:57 91712 --a------ C:\WINDOWS\system32\upnwvrmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f33c78de-b68e-4d9a-af94-1d7a729eca66}]
2008-04-06 14:03 89664 --a------ C:\WINDOWS\system32\uydchwra.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 19:01 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WindowBlinds"="C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" [ ]
"Simplify Media"="C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [ ]
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 15:09 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-11 16:04 1838592]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 15:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 15:10 13552]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 19:49 2061552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Windows live Messenger"="msn.com" []
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2007-08-14 09:29 2334040]
"BM0b85d6b2"="C:\WINDOWS\system32\ockeyvnk.dll" [2008-04-06 14:00 87104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 15:09 61168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\Jazmine1\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-25 20:43:01 106496]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-13 17:11:39 3450608]

C:\Documents and Settings\Martin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-25 20:43:01 106496]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-25 20:43:01 106496]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-13 17:11:39 3450608]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 00:06:18 2979664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38 1134592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\nnnmmmJb.dll [2008-03-27 20:33 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmmJb]
nnnmmmJb.dll 2008-03-27 20:33 39936 C:\WINDOWS\system32\nnnmmmJb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkHWPf]
wvUkHWPf.dll 2008-03-27 20:33 39936 C:\WINDOWS\system32\wvUkHWPf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.tscc"= tsccvid.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.lhacm"= lhacm.acm
"VIDC.XFR1"= xfcodec.dll
"VIDC.FPS1"= frapsvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\nnnnnLBq

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\WarRock\\WRLauncher.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TightVNC\\WinVNC.exe"=

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2007-08-14 09:28]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 11:06]
R3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2006-05-10 15:22]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 EC168BDA;EC168BDA service;C:\WINDOWS\system32\DRIVERS\EC168BDA.sys [2007-09-11 14:20]
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 13:00]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-03-24 19:44]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;C:\WINDOWS\system32\DRIVERS\SACMXP1.sys [2005-10-20 10:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 19:27:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-30 02:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.Martin+Runs ErrorSmart to optimize your registry.
"2008-01-02 22:55:21 C:\WINDOWS\Tasks\War Rock.job"
- C:\PROGRA~1\WarRock\WRLAUN~1.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 13:55:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nnnmmmJb.dll
-> C:\WINDOWS\system32\wvUkHWPf.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\WINDOWS\system32\sspinumd.dll
-> C:\WINDOWS\system32\ockeyvnk.dll
-> C:\WINDOWS\system32\nnnnnLBq.dll
-> C:\WINDOWS\system32\nnnmmmJb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-06 14:10:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 13:09:27
Pre-Run: 40,727,289,856 bytes free
Post-Run: 41,340,682,240 bytes free
.
2008-03-12 21:04:18 --- E O F ---

HJT Log

Deckard's System Scanner v20071014.68
Run by Admin on 2008-04-06 14:14:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:01, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - C:\WINDOWS\system32\nnnmmmJb.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\lbhkuisk.dll
O2 - BHO: (no name) - {49155060-6873-431C-BB73-61AC867A0010} - C:\WINDOWS\system32\efcATKET.dll (file missing)
O2 - BHO: (no name) - {6B4E13CB-A149-4F88-8121-81A84FF1B446} - C:\WINDOWS\system32\nnnnnLBq.dll
O2 - BHO: (no name) - {8eb8a2a0-f752-406f-8ae8-ec5c8c5d1085} - C:\WINDOWS\system32\upnwvrmk.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {66ace927-a7d1-49fa-a9d4-e86bed87c33f} - {f33c78de-b68e-4d9a-af94-1d7a729eca66} - C:\WINDOWS\system32\uydchwra.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [BM0b85d6b2] Rundll32.exe "C:\WINDOWS\system32\ockeyvnk.dll",s
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.13.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://219.117.233.69/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177430414718
O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} (LHGLauncherXForm Control) - http://www.shockwave.com/content/reaxxion/...HLGLauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6202EBF6-5BF0-4C6B-A4CD-3C7F02B0F2DA}: NameServer = 192.168.11.1
O20 - Winlogon Notify: nnnmmmJb - C:\WINDOWS\SYSTEM32\nnnmmmJb.dll
O20 - Winlogon Notify: wvUkHWPf - C:\WINDOWS\SYSTEM32\wvUkHWPf.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13579 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 14:10:19 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-06 14:07:03 85056 --a------ C:\WINDOWS\system32\sspinumd.dll
2008-04-06 14:03:53 89664 --a------ C:\WINDOWS\system32\uydchwra.dll
2008-04-06 14:00:57 53312 --a------ C:\WINDOWS\system32\lbhkuisk.dll
2008-04-06 14:00:46 87104 --a------ C:\WINDOWS\system32\ockeyvnk.dll
2008-04-06 13:54:49 238418 --ahs---- C:\WINDOWS\system32\qBLnnnnn.ini2
2008-04-06 13:54:44 268288 --a------ C:\WINDOWS\system32\nnnnnLBq.dll
2008-04-06 13:20:39 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-06 13:20:38 68096 --a------ C:\WINDOWS\zip.exe
2008-04-06 13:20:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-06 13:20:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-06 13:20:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-06 13:20:38 98816 --a------ C:\WINDOWS\sed.exe
2008-04-06 13:20:38 80412 --a------ C:\WINDOWS\grep.exe
2008-04-06 13:20:38 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-06 12:56:41 53312 --a------ C:\WINDOWS\system32\jkbtcwhy.dll
2008-04-06 11:55:53 53312 --a------ C:\WINDOWS\system32\mysahprr.dll
2008-04-06 09:32:53 53312 --a------ C:\WINDOWS\system32\fevylakd.dll
2008-04-06 09:28:08 53312 --a------ C:\WINDOWS\system32\yvayqqqv.dll
2008-04-06 01:21:17 53312 --a------ C:\WINDOWS\system32\ujynbbmv.dll
2008-04-05 23:21:08 0 d-------- C:\Program Files\TightVNC
2008-04-05 20:29:10 0 d-------- C:\Program Files\Trend Micro
2008-04-05 20:16:15 53312 --a------ C:\WINDOWS\system32\xfbmupac.dll
2008-04-05 20:02:28 53312 --a------ C:\WINDOWS\system32\ajifheoa.dll
2008-04-05 18:26:30 53312 --a------ C:\WINDOWS\system32\pvamexjt.dll
2008-04-05 18:25:04 166296 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-05 17:16:03 53312 --a------ C:\WINDOWS\system32\kafdgkai.dll
2008-04-05 00:20:48 53312 --a------ C:\WINDOWS\system32\dlkkykms.dll
2008-04-04 19:36:52 53312 --a------ C:\WINDOWS\system32\nxoswsek.dll
2008-04-03 19:48:10 0 d-------- C:\Program Files\Ashampoo
2008-04-02 21:49:38 0 d-------- C:\Program Files\Lavasoft
2008-04-02 21:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 19:37:20 90688 --a------ C:\WINDOWS\system32\ijklqckx.dll
2008-04-01 18:24:04 90688 --a------ C:\WINDOWS\system32\qvmpnmao.dll
2008-04-01 18:13:30 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-04-01 17:53:54 90688 --a------ C:\WINDOWS\system32\xhjotquo.dll
2008-04-01 17:30:55 90688 --a------ C:\WINDOWS\system32\hqfnttph.dll
2008-04-01 16:47:20 90688 --a------ C:\WINDOWS\system32\mgqnasdo.dll
2008-04-01 16:44:04 90688 --a------ C:\WINDOWS\system32\ouxtnjmj.dll
2008-03-31 22:57:19 91712 --a------ C:\WINDOWS\system32\upnwvrmk.dll
2008-03-31 21:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 21:21:25 91712 --a------ C:\WINDOWS\system32\wvmtphgp.dll
2008-03-31 21:08:15 91712 --a------ C:\WINDOWS\system32\pbvebvro.dll
2008-03-31 16:27:22 90688 --a------ C:\WINDOWS\system32\jfdcfflc.dll
2008-03-31 11:45:10 90688 --a------ C:\WINDOWS\system32\jkijesrj.dll
2008-03-31 11:19:58 90688 --a------ C:\WINDOWS\system32\stjcikie.dll
2008-03-31 10:02:19 90688 --a------ C:\WINDOWS\system32\hwncfcuu.dll
2008-03-30 21:50:02 0 d-------- C:\Program Files\Easy SpyRemover
2008-03-30 21:41:57 0 d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-03-29 23:54:32 0 d-------- C:\Program Files\ManyCam 2.2
2008-03-28 20:29:44 39936 --a------ C:\WINDOWS\system32\iifcYOgg.dll
2008-03-28 20:29:34 39936 --a------ C:\WINDOWS\system32\qoMdBULc.dll
2008-03-28 19:18:43 90688 --a------ C:\WINDOWS\system32\ffluqchp.dll
2008-03-28 19:16:48 90688 --a------ C:\WINDOWS\system32\anxblxgi.dll
2008-03-28 19:15:37 268288 --a------ C:\WINDOWS\system32\nnnmjkKD.dll
2008-03-27 20:41:33 92224 --a------ C:\WINDOWS\system32\deeytvte.dll
2008-03-27 20:39:24 93248 --a------ C:\WINDOWS\system32\yumqyili.dll
2008-03-27 20:33:50 39936 --a------ C:\WINDOWS\system32\nnnmmmJb.dll
2008-03-27 20:33:22 39936 --a------ C:\WINDOWS\system32\wvUkHWPf.dll
2008-03-24 19:07:10 0 d-------- C:\WINDOWS\ERUNT
2008-03-24 18:18:18 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-03-24 18:17:29 0 d-------- C:\Program Files\Greatis
2008-03-24 17:39:12 0 d-------- C:\Documents and Settings\Martin\Application Data\Webcammax
2008-03-24 17:25:37 6656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-03-24 17:16:37 58368 --a------ C:\hlkhyer.exe
2008-03-24 17:16:34 59904 --a------ C:\ovvbu.exe
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Webcammax
2008-03-24 17:03:33 0 d-------- C:\Program Files\WebcamMax
2008-03-15 23:17:22 0 d-------- C:\Fraps


-- Find3M Report ---------------------------------------------------------------

2008-04-06 14:11:02 24505 --a------ C:\Documents and Settings\Admin\Application Data\.googlewebacchosts
2008-04-04 01:20:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-04-04 00:41:08 0 d-------- C:\Program Files\Xfire
2008-04-03 19:39:41 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files
2008-04-01 20:41:09 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-03-24 18:41:02 0 d-------- C:\Program Files\DVBT
2008-03-21 23:24:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 21:41:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-01 10:41:42 0 d-------- C:\Program Files\iTunes
2008-03-01 10:40:21 0 d-------- C:\Program Files\iPod
2008-03-01 10:36:21 0 d-------- C:\Program Files\QuickTime
2008-02-25 22:12:07 0 d-------- C:\Program Files\Toribash-3.1
2008-02-25 22:10:55 0 d-------- C:\Program Files\Bonjour
2008-02-25 20:43:12 0 d-------- C:\Program Files\Last.fm
2008-02-12 14:10:44 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-12 14:08:29 0 d-------- C:\Documents and Settings\Admin\Application Data\iolo
2008-02-11 02:11:58 0 d-------- C:\Program Files\Rockstar Games
2008-02-11 01:25:42 0 d-------- C:\Program Files\GTATools
2008-02-11 01:08:59 0 d-------- C:\Program Files\Junction25
2008-01-27 23:56:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-14 13:52:00 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-13 15:50:46 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-06 21:28:52 11975913 --a------ C:\Program1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}]
27/03/2008 20:33 39936 --a------ C:\WINDOWS\system32\nnnmmmJb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
06/04/2008 14:00 53312 --a------ C:\WINDOWS\system32\lbhkuisk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49155060-6873-431C-BB73-61AC867A0010}]
C:\WINDOWS\system32\efcATKET.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B4E13CB-A149-4F88-8121-81A84FF1B446}]
06/04/2008 13:54 268288 --a------ C:\WINDOWS\system32\nnnnnLBq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8eb8a2a0-f752-406f-8ae8-ec5c8c5d1085}]
31/03/2008 22:57 91712 --a------ C:\WINDOWS\system32\upnwvrmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f33c78de-b68e-4d9a-af94-1d7a729eca66}]
06/04/2008 14:03 89664 --a------ C:\WINDOWS\system32\uydchwra.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [11/08/2006 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11/08/2006 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 16:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/08/2007 16:04]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 15:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 15:10]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 19:49]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"Windows live Messenger"="msn.com" []
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [14/08/2007 09:29]
"BM0b85d6b2"="C:\WINDOWS\system32\ockeyvnk.dll" [06/04/2008 14:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/05/2007 19:01]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"WindowBlinds"="C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" []
"Simplify Media"="C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" []
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [25/02/2008 20:43:01]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [13/01/2008 17:11:39]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [14/03/2008 00:06:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [09/07/2007 23:24:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{08A8068E-53D1-42B2-B197-6D568843721F}"= C:\WINDOWS\system32\nnnmmmJb.dll [27/03/2008 20:33 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmmJb]
nnnmmmJb.dll 27/03/2008 20:33 39936 C:\WINDOWS\system32\nnnmmmJb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkHWPf]
wvUkHWPf.dll 27/03/2008 20:33 39936 C:\WINDOWS\system32\wvUkHWPf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnnLBq

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-04-06 14:17:00 ------------


Thanks
Posted Image
Thanks Shaba! :)

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:49 PM

Posted 06 April 2008 - 08:35 AM

Hi

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\sspinumd.dll
C:\WINDOWS\system32\uydchwra.dll
C:\WINDOWS\system32\lbhkuisk.dll
C:\WINDOWS\system32\ockeyvnk.dll
C:\WINDOWS\system32\qBLnnnnn.ini2
C:\WINDOWS\system32\nnnnnLBq.dll
C:\WINDOWS\system32\qBLnnnnn.ini2
C:\WINDOWS\system32\qBLnnnnn.ini
C:\WINDOWS\system32\jkbtcwhy.dll
C:\WINDOWS\system32\mysahprr.dll
C:\WINDOWS\system32\fevylakd.dll
C:\WINDOWS\system32\yvayqqqv.dll
C:\WINDOWS\system32\ujynbbmv.dll
C:\WINDOWS\system32\xfbmupac.dll
C:\WINDOWS\system32\ajifheoa.dll
C:\WINDOWS\system32\pvamexjt.dll
C:\WINDOWS\system32\vjfjmkwn.ini
C:\WINDOWS\system32\kafdgkai.dll
C:\WINDOWS\system32\dlkkykms.dll
C:\WINDOWS\system32\jhwyiwyi.ini
C:\WINDOWS\system32\nxoswsek.dll
C:\WINDOWS\system32\tydujkta.ini
C:\WINDOWS\system32\besgkglf.ini
C:\WINDOWS\system32\lhcxcldn.ini
C:\WINDOWS\system32\kpnmwoew.ini
C:\WINDOWS\system32\edlodjeh.ini
C:\WINDOWS\system32\pehhovvm.ini
C:\WINDOWS\system32\exjqkutr.ini
C:\WINDOWS\system32\blmymgrk.ini
C:\WINDOWS\system32\roioyfei.ini
C:\WINDOWS\system32\inuknmid.ini
C:\WINDOWS\system32\sglmcyng.ini
C:\WINDOWS\system32\ohmwowjv.ini
C:\WINDOWS\system32\bsrrffmh.ini
C:\WINDOWS\system32\xcsmqjru.ini
C:\WINDOWS\system32\tagvpsyh.ini
C:\WINDOWS\system32\bpcuenum.ini
C:\WINDOWS\system32\hqomlfne.ini
C:\WINDOWS\system32\ijklqckx.dll
C:\WINDOWS\system32\qvmpnmao.dll
C:\WINDOWS\system32\fwbyxjis.ini
C:\WINDOWS\system32\xhjotquo.dll
C:\WINDOWS\system32\iykhslrl.ini
C:\WINDOWS\system32\tevnmofh.ini
C:\WINDOWS\system32\hqfnttph.dll
C:\WINDOWS\system32\mgqnasdo.dll
C:\WINDOWS\system32\ouxtnjmj.dll
C:\WINDOWS\system32\ylmxphuy.ini
C:\WINDOWS\system32\upnwvrmk.dll
C:\WINDOWS\system32\vomgrkfm.ini
C:\WINDOWS\system32\wvmtphgp.dll
C:\WINDOWS\system32\faclroeu.ini
C:\WINDOWS\system32\pbvebvro.dll
C:\WINDOWS\system32\eqlhcrgv.ini
C:\WINDOWS\system32\ngnelxov.ini
C:\WINDOWS\system32\jfdcfflc.dll
C:\WINDOWS\system32\myqsfkvc.ini
C:\WINDOWS\system32\jkijesrj.dll
C:\WINDOWS\system32\oupojtyn.ini
C:\WINDOWS\system32\stjcikie.dll
C:\WINDOWS\system32\hwncfcuu.dll
C:\WINDOWS\system32\djsejowj.ini
C:\WINDOWS\system32\qyeyshjo.ini
C:\WINDOWS\system32\jmavfjol.ini
C:\WINDOWS\system32\qkiauxed.ini
C:\WINDOWS\system32\gelspdqw.ini
C:\WINDOWS\system32\taubyoru.ini
C:\WINDOWS\system32\vtechybf.ini
C:\WINDOWS\system32\ldmidckt.ini
C:\WINDOWS\system32\gdexttbr.ini
C:\WINDOWS\system32\ekwlvjph.ini
C:\WINDOWS\system32\yvchxsxl.ini
C:\WINDOWS\system32\ldrhuqqa.ini
C:\WINDOWS\system32\qoMdBULc.dll
C:\WINDOWS\system32\iifcYOgg.dll
C:\WINDOWS\system32\kyxnvppb.ini
C:\WINDOWS\system32\ffluqchp.dll
C:\WINDOWS\system32\anxblxgi.dll
C:\WINDOWS\system32\nnnmjkKD.dll
C:\WINDOWS\system32\sbsgkvgn.ini
C:\WINDOWS\system32\yvdymcdq.ini
C:\WINDOWS\system32\deeytvte.dll
C:\WINDOWS\system32\yumqyili.dll
C:\WINDOWS\system32\wvUkHWPf.dll
C:\WINDOWS\system32\nnnmmmJb.dll
C:\WINDOWS\system32\BRAVIAX.EXE.del
C:\WINDOWS\Media\csrss.exe

Folder::
C:\Program Files\Easy SpyRemover

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49155060-6873-431C-BB73-61AC867A0010}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B4E13CB-A149-4F88-8121-81A84FF1B446}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8eb8a2a0-f752-406f-8ae8-ec5c8c5d1085}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f33c78de-b68e-4d9a-af94-1d7a729eca66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows live Messenger"=-
"BM0b85d6b2"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{08A8068E-53D1-42B2-B197-6D568843721F}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmmJb]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUkHWPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#7 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 06 April 2008 - 09:17 AM

Hi, Took longer this time but hopefully it was worth it.#

ComboFix Log

ComboFix 08-04-04.1 - Admin 2008-04-06 14:33:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1048 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Media\csrss.exe
C:\WINDOWS\system32\ajifheoa.dll
C:\WINDOWS\system32\anxblxgi.dll
C:\WINDOWS\system32\besgkglf.ini
C:\WINDOWS\system32\blmymgrk.ini
C:\WINDOWS\system32\bpcuenum.ini
C:\WINDOWS\system32\BRAVIAX.EXE.del
C:\WINDOWS\system32\bsrrffmh.ini
C:\WINDOWS\system32\deeytvte.dll
C:\WINDOWS\system32\djsejowj.ini
C:\WINDOWS\system32\dlkkykms.dll
C:\WINDOWS\system32\edlodjeh.ini
C:\WINDOWS\system32\ekwlvjph.ini
C:\WINDOWS\system32\eqlhcrgv.ini
C:\WINDOWS\system32\exjqkutr.ini
C:\WINDOWS\system32\faclroeu.ini
C:\WINDOWS\system32\fevylakd.dll
C:\WINDOWS\system32\ffluqchp.dll
C:\WINDOWS\system32\fwbyxjis.ini
C:\WINDOWS\system32\gdexttbr.ini
C:\WINDOWS\system32\gelspdqw.ini
C:\WINDOWS\system32\hqfnttph.dll
C:\WINDOWS\system32\hqomlfne.ini
C:\WINDOWS\system32\hwncfcuu.dll
C:\WINDOWS\system32\iifcYOgg.dll
C:\WINDOWS\system32\ijklqckx.dll
C:\WINDOWS\system32\inuknmid.ini
C:\WINDOWS\system32\iykhslrl.ini
C:\WINDOWS\system32\jfdcfflc.dll
C:\WINDOWS\system32\jhwyiwyi.ini
C:\WINDOWS\system32\jkbtcwhy.dll
C:\WINDOWS\system32\jkijesrj.dll
C:\WINDOWS\system32\jmavfjol.ini
C:\WINDOWS\system32\kafdgkai.dll
C:\WINDOWS\system32\kpnmwoew.ini
C:\WINDOWS\system32\kyxnvppb.ini
C:\WINDOWS\system32\lbhkuisk.dll
C:\WINDOWS\system32\ldmidckt.ini
C:\WINDOWS\system32\ldrhuqqa.ini
C:\WINDOWS\system32\lhcxcldn.ini
C:\WINDOWS\system32\mgqnasdo.dll
C:\WINDOWS\system32\myqsfkvc.ini
C:\WINDOWS\system32\mysahprr.dll
C:\WINDOWS\system32\ngnelxov.ini
C:\WINDOWS\system32\nnnmjkKD.dll
C:\WINDOWS\system32\nnnmmmJb.dll
C:\WINDOWS\system32\nnnnnLBq.dll
C:\WINDOWS\system32\nxoswsek.dll
C:\WINDOWS\system32\ockeyvnk.dll
C:\WINDOWS\system32\ohmwowjv.ini
C:\WINDOWS\system32\oupojtyn.ini
C:\WINDOWS\system32\ouxtnjmj.dll
C:\WINDOWS\system32\pbvebvro.dll
C:\WINDOWS\system32\pehhovvm.ini
C:\WINDOWS\system32\pvamexjt.dll
C:\WINDOWS\system32\qBLnnnnn.ini
C:\WINDOWS\system32\qBLnnnnn.ini2
C:\WINDOWS\system32\qkiauxed.ini
C:\WINDOWS\system32\qoMdBULc.dll
C:\WINDOWS\system32\qvmpnmao.dll
C:\WINDOWS\system32\qyeyshjo.ini
C:\WINDOWS\system32\roioyfei.ini
C:\WINDOWS\system32\sbsgkvgn.ini
C:\WINDOWS\system32\sglmcyng.ini
C:\WINDOWS\system32\sspinumd.dll
C:\WINDOWS\system32\stjcikie.dll
C:\WINDOWS\system32\tagvpsyh.ini
C:\WINDOWS\system32\taubyoru.ini
C:\WINDOWS\system32\tevnmofh.ini
C:\WINDOWS\system32\tydujkta.ini
C:\WINDOWS\system32\ujynbbmv.dll
C:\WINDOWS\system32\upnwvrmk.dll
C:\WINDOWS\system32\uydchwra.dll
C:\WINDOWS\system32\vjfjmkwn.ini
C:\WINDOWS\system32\vomgrkfm.ini
C:\WINDOWS\system32\vtechybf.ini
C:\WINDOWS\system32\wvmtphgp.dll
C:\WINDOWS\system32\wvUkHWPf.dll
C:\WINDOWS\system32\xcsmqjru.ini
C:\WINDOWS\system32\xfbmupac.dll
C:\WINDOWS\system32\xhjotquo.dll
C:\WINDOWS\system32\ylmxphuy.ini
C:\WINDOWS\system32\yumqyili.dll
C:\WINDOWS\system32\yvayqqqv.dll
C:\WINDOWS\system32\yvchxsxl.ini
C:\WINDOWS\system32\yvdymcdq.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\Program Files\Easy SpyRemover
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@2o7[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@about[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adlegend[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[5].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[6].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[7].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[8].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adrevolver[9].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adtech[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adtech[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@adultfriendfinder[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@advertising[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@advertising[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@ask[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[10].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[11].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[5].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[6].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[7].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[8].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atdmt[9].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@atwola[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@azjmp[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@bigfoot[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@bluestreak[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@bluestreak[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@bravenet[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@burstnet[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@casalemedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@casalemedia[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@channel4[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@chart[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@clicksor[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@cnet[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@com[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@devx[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[10].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[11].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[5].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[6].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[7].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[8].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@doubleclick[9].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@filefront[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@fortunecity[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@ft[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@gamespot[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@go[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@guardian.co[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@hitbox[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@hitbox[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@hotlog[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@imdb[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@imrworldwide[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@internet[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@libero[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@liveperson[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@lycos.co[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@lycos[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@mediaplex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@mediaplex[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@nytimes[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@overture[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@paycounter[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@pocitadlo[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@questionmarket[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@questionmarket[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@rambler[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@real[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@real[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@revenue[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@sageanalyst[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[10].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[5].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[6].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[7].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[8].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@serving-sys[9].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@sexlist[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@sextracker[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@specificclick[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@spylog[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@statcounter[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@statcounter[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@statcounter[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[10].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[11].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[3].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[4].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[5].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[6].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[7].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[8].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tradedoubler[9].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@trafficmp[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tribalfusion[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@tribalfusion[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@ugo[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@unicast[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@versiontracker[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@webpower[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@webstat[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@winsite[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@xiti[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@xxxcounter[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@yadro[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@yandex[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@yourmedia[1].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\admin@zedo[2].txt
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_16-33-00\RegBackup.reg
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_18-31-19\FileBackup.bak
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_18-31-19\ISUSPM.exe
C:\Program Files\Easy SpyRemover\Backup\Backup_03-31-2008_18-31-19\RegBackup.reg
C:\Program Files\Easy SpyRemover\Easy SpyRemover.log
C:\Program Files\Easy SpyRemover\settings.ini
C:\WINDOWS\Media\csrss.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000048_.tmp.dll
C:\WINDOWS\system32\ajifheoa.dll
C:\WINDOWS\system32\anxblxgi.dll
C:\WINDOWS\system32\besgkglf.ini
C:\WINDOWS\system32\blmymgrk.ini
C:\WINDOWS\system32\bpcuenum.ini
C:\WINDOWS\system32\BRAVIAX.EXE.del
C:\WINDOWS\system32\bsrrffmh.ini
C:\WINDOWS\system32\deeytvte.dll
C:\WINDOWS\system32\djsejowj.ini
C:\WINDOWS\system32\dlkkykms.dll
C:\WINDOWS\system32\dmunipss.ini
C:\WINDOWS\system32\edlodjeh.ini
C:\WINDOWS\system32\ekwlvjph.ini
C:\WINDOWS\system32\eqlhcrgv.ini
C:\WINDOWS\system32\exjqkutr.ini
C:\WINDOWS\system32\faclroeu.ini
C:\WINDOWS\system32\fevylakd.dll
C:\WINDOWS\system32\ffluqchp.dll
C:\WINDOWS\system32\fwbyxjis.ini
C:\WINDOWS\system32\gdexttbr.ini
C:\WINDOWS\system32\gelspdqw.ini
C:\WINDOWS\system32\hqfnttph.dll
C:\WINDOWS\system32\hqomlfne.ini
C:\WINDOWS\system32\hwncfcuu.dll
C:\WINDOWS\system32\iifcYOgg.dll
C:\WINDOWS\system32\ijklqckx.dll
C:\WINDOWS\system32\inuknmid.ini
C:\WINDOWS\system32\iykhslrl.ini
C:\WINDOWS\system32\jfdcfflc.dll
C:\WINDOWS\system32\jhwyiwyi.ini
C:\WINDOWS\system32\jkbtcwhy.dll
C:\WINDOWS\system32\jkijesrj.dll
C:\WINDOWS\system32\jmavfjol.ini
C:\WINDOWS\system32\kafdgkai.dll
C:\WINDOWS\system32\kpnmwoew.ini
C:\WINDOWS\system32\kyxnvppb.ini
C:\WINDOWS\system32\lbhkuisk.dll
C:\WINDOWS\system32\ldmidckt.ini
C:\WINDOWS\system32\ldrhuqqa.ini
C:\WINDOWS\system32\lhcxcldn.ini
C:\WINDOWS\system32\mgqnasdo.dll
C:\WINDOWS\system32\myqsfkvc.ini
C:\WINDOWS\system32\mysahprr.dll
C:\WINDOWS\system32\ngnelxov.ini
C:\WINDOWS\system32\nnnmjkKD.dll
C:\WINDOWS\system32\nnnmmmJb.dll
C:\WINDOWS\system32\nnnnnLBq.dll
C:\WINDOWS\system32\nxoswsek.dll
C:\WINDOWS\system32\ockeyvnk.dll
C:\WINDOWS\system32\ohmwowjv.ini
C:\WINDOWS\system32\oupojtyn.ini
C:\WINDOWS\system32\ouxtnjmj.dll
C:\WINDOWS\system32\pbvebvro.dll
C:\WINDOWS\system32\pehhovvm.ini
C:\WINDOWS\system32\pvamexjt.dll
C:\WINDOWS\system32\qBLnnnnn.ini
C:\WINDOWS\system32\qBLnnnnn.ini2
C:\WINDOWS\system32\qkiauxed.ini
C:\WINDOWS\system32\qoMdBULc.dll
C:\WINDOWS\system32\qvmpnmao.dll
C:\WINDOWS\system32\qyeyshjo.ini
C:\WINDOWS\system32\roioyfei.ini
C:\WINDOWS\system32\sbsgkvgn.ini
C:\WINDOWS\system32\sglmcyng.ini
C:\WINDOWS\system32\sspinumd.dll
C:\WINDOWS\system32\stjcikie.dll
C:\WINDOWS\system32\tagvpsyh.ini
C:\WINDOWS\system32\taubyoru.ini
C:\WINDOWS\system32\tevnmofh.ini
C:\WINDOWS\system32\tydujkta.ini
C:\WINDOWS\system32\ujynbbmv.dll
C:\WINDOWS\system32\upnwvrmk.dll
C:\WINDOWS\system32\uydchwra.dll
C:\WINDOWS\system32\vjfjmkwn.ini
C:\WINDOWS\system32\vomgrkfm.ini
C:\WINDOWS\system32\vtechybf.ini
C:\WINDOWS\system32\wvmtphgp.dll
C:\WINDOWS\system32\wvUkHWPf.dll
C:\WINDOWS\system32\xcsmqjru.ini
C:\WINDOWS\system32\xfbmupac.dll
C:\WINDOWS\system32\xhjotquo.dll
C:\WINDOWS\system32\ylmxphuy.ini
C:\WINDOWS\system32\yumqyili.dll
C:\WINDOWS\system32\yvayqqqv.dll
C:\WINDOWS\system32\yvchxsxl.ini
C:\WINDOWS\system32\yvdymcdq.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-05 23:21 . 2008-04-05 23:21 <DIR> d-------- C:\Program Files\TightVNC
2008-04-05 20:29 . 2008-04-05 20:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 20:24 . 2008-04-05 20:24 <DIR> d-------- C:\Deckard
2008-04-05 18:25 . 2008-04-05 18:26 166,296 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-03 19:48 . 2008-04-03 19:48 <DIR> d-------- C:\Program Files\Ashampoo
2008-04-02 21:49 . 2008-04-02 21:49 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 21:49 . 2008-04-02 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 21:48 . 2008-04-02 21:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 18:13 . 2008-04-01 18:13 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-03-31 21:56 . 2008-03-31 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 21:43 . 2008-03-31 21:41 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-30 21:41 . 2008-03-31 21:44 <DIR> d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-03-29 23:54 . 2008-03-29 23:57 <DIR> d-------- C:\Program Files\ManyCam 2.2
2008-03-24 19:07 . 2008-03-24 19:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-24 19:06 . 2008-03-24 19:37 <DIR> d-------- C:\SDFix
2008-03-24 18:18 . 2008-03-24 19:44 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-03-24 18:18 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-03-24 18:17 . 2008-03-24 18:17 <DIR> d-------- C:\Program Files\Greatis
2008-03-24 17:39 . 2008-03-24 17:39 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Webcammax
2008-03-24 17:25 . 2008-03-24 18:49 6,656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-03-24 17:16 . 2008-03-24 17:16 59,904 --a------ C:\ovvbu.exe
2008-03-24 17:16 . 2008-03-24 17:16 58,368 --a------ C:\hlkhyer.exe
2008-03-24 17:05 . 2008-03-24 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-03-24 17:05 . 2008-03-24 17:05 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Webcammax
2008-03-24 17:03 . 2008-03-24 18:21 <DIR> d-------- C:\Program Files\WebcamMax
2008-03-15 23:17 . 2008-03-15 23:39 <DIR> d-------- C:\Fraps
2008-03-14 00:06 . 2008-03-14 00:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 17:17 . 2004-08-04 01:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-13 17:17 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-13 17:17 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-13 17:17 . 2001-08-17 23:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 00:20 --------- d-----w C:\Documents and Settings\Admin\Application Data\Xfire
2008-04-03 23:41 --------- d-----w C:\Program Files\Xfire
2008-04-03 18:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
2008-04-01 19:41 --------- d-----w C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-03-24 17:41 --------- d-----w C:\Program Files\DVBT
2008-03-24 05:23 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-03-21 22:39 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\uTorrent
2008-03-15 22:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-12 09:59 --------- d-----w C:\Documents and Settings\Martin\Application Data\Apple Computer
2008-03-12 09:20 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-03-02 10:20 --------- d-----w C:\Documents and Settings\Martin\Application Data\uTorrent
2008-03-01 21:55 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\Serif
2008-03-01 09:41 --------- d-----w C:\Program Files\iTunes
2008-03-01 09:40 --------- d-----w C:\Program Files\iPod
2008-03-01 09:36 --------- d-----w C:\Program Files\QuickTime
2008-02-25 21:12 --------- d-----w C:\Program Files\Toribash-3.1
2008-02-25 21:10 --------- d-----w C:\Program Files\Bonjour
2008-02-25 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2008-02-25 19:43 --------- d-----w C:\Program Files\Last.fm
2008-02-24 21:45 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\Xfire
2008-02-24 18:29 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\PC Suite
2008-02-24 01:59 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\Apple Computer
2008-02-23 20:00 --------- d-----w C:\Documents and Settings\Jazmine1\Application Data\Virgin Broadband
2008-02-12 13:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-02-12 13:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-02-12 13:08 --------- d-----w C:\Documents and Settings\Admin\Application Data\iolo
2008-02-11 01:11 --------- d-----w C:\Program Files\Rockstar Games
2008-02-11 00:25 --------- d-----w C:\Program Files\GTATools
2008-02-11 00:08 --------- d-----w C:\Program Files\Junction25
2008-02-09 21:30 --------- d-----w C:\Documents and Settings\Heather\Application Data\Apple Computer
2008-02-09 21:19 --------- d-----w C:\Documents and Settings\Heather\Application Data\PC Suite
2007-12-06 00:48 5,545 ----a-w C:\Program Files\Readme.txt
2007-12-06 00:42 114,688 ----a-w C:\Program Files\SharePodLib.dll
2007-11-28 08:30 45,056 ----a-w C:\Program Files\SharePodUtility.exe
2007-10-16 15:30 13,364,296 ----a-w C:\Program Files\ManyCam 2.zip
2007-10-03 19:28 91,589 ----a-w C:\WINDOWS\Fonts\porkys.zip
2007-06-24 18:54 110,592 ----a-w C:\WINDOWS\Fonts\bring_tha_noize.exe
2007-06-24 18:51 15,709 ----a-w C:\WINDOWS\Fonts\bring_tha_noize.zip
2007-05-13 00:01 66,934 ----a-w C:\WINDOWS\Fonts\walt_disney.zip
2007-05-08 04:16 274,432 ----a-w C:\Program Files\Interop.WMPLib.dll
2007-05-06 17:41 90,112 ----a-w C:\Program Files\sharepod_input.dll
2007-05-01 03:44 131,072 ----a-w C:\Program Files\Interop.SHDocVw.dll
2007-04-18 00:09 104,960 ----a-w C:\Program Files\mp4v2.dll
2007-04-18 00:08 141,312 ----a-w C:\Program Files\in_mp3.dll
2007-12-17 17:43 88 --sh--r C:\WINDOWS\system32\27855CE3D7.sys
2007-12-17 17:43 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 19:01 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WindowBlinds"="C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" [ ]
"Simplify Media"="C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" [ ]
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-11 16:04 1838592]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 15:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 15:10 13552]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 19:49 2061552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2007-08-14 09:29 2334040]
"08b6e52e"="C:\WINDOWS\system32\sspinumd.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\Jazmine1\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-25 20:43:01 106496]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-13 17:11:39 3450608]

C:\Documents and Settings\Martin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-25 20:43:01 106496]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-25 20:43:01 106496]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-13 17:11:39 3450608]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-03-14 00:06:18 2979664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 23:24:38 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.tscc"= tsccvid.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.lhacm"= lhacm.acm
"VIDC.XFR1"= xfcodec.dll
"VIDC.FPS1"= frapsvid.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\WarRock\\WRLauncher.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TightVNC\\WinVNC.exe"=

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2007-08-14 09:28]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 11:06]
R3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2006-05-10 15:22]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 EC168BDA;EC168BDA service;C:\WINDOWS\system32\DRIVERS\EC168BDA.sys [2007-09-11 14:20]
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 13:00]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-03-24 19:44]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;C:\WINDOWS\system32\DRIVERS\SACMXP1.sys [2005-10-20 10:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 19:27:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-30 02:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.Martin+Runs ErrorSmart to optimize your registry.
"2008-01-02 22:55:21 C:\WINDOWS\Tasks\War Rock.job"
- C:\PROGRA~1\WarRock\WRLAUN~1.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 15:01:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-06 15:11:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 14:11:22
ComboFix2.txt 2008-04-06 13:10:15
Pre-Run: 41,544,425,472 bytes free
Post-Run: 41,378,832,384 bytes free
.
2008-03-12 21:04:18 --- E O F ---

HJT Log

Deckard's System Scanner v20071014.68
Run by Admin on 2008-04-06 15:15:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:39, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [08b6e52e] rundll32.exe "C:\WINDOWS\system32\sspinumd.dll",b
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.13.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://219.117.233.69/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177430414718
O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} (LHGLauncherXForm Control) - http://www.shockwave.com/content/reaxxion/...HLGLauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6202EBF6-5BF0-4C6B-A4CD-3C7F02B0F2DA}: NameServer = 192.168.11.1
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12546 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 15:11:45 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-06 13:20:39 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-06 13:20:38 68096 --a------ C:\WINDOWS\zip.exe
2008-04-06 13:20:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-06 13:20:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-06 13:20:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-06 13:20:38 98816 --a------ C:\WINDOWS\sed.exe
2008-04-06 13:20:38 80412 --a------ C:\WINDOWS\grep.exe
2008-04-06 13:20:38 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-05 23:21:08 0 d-------- C:\Program Files\TightVNC
2008-04-05 20:29:10 0 d-------- C:\Program Files\Trend Micro
2008-04-05 18:25:04 166296 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-03 19:48:10 0 d-------- C:\Program Files\Ashampoo
2008-04-02 21:49:38 0 d-------- C:\Program Files\Lavasoft
2008-04-02 21:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 18:13:30 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-03-31 21:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-30 21:41:57 0 d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-03-29 23:54:32 0 d-------- C:\Program Files\ManyCam 2.2
2008-03-24 19:07:10 0 d-------- C:\WINDOWS\ERUNT
2008-03-24 18:18:18 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-03-24 18:17:29 0 d-------- C:\Program Files\Greatis
2008-03-24 17:39:12 0 d-------- C:\Documents and Settings\Martin\Application Data\Webcammax
2008-03-24 17:25:37 6656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-03-24 17:16:37 58368 --a------ C:\hlkhyer.exe
2008-03-24 17:16:34 59904 --a------ C:\ovvbu.exe
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Webcammax
2008-03-24 17:03:33 0 d-------- C:\Program Files\WebcamMax
2008-03-15 23:17:22 0 d-------- C:\Fraps


-- Find3M Report ---------------------------------------------------------------

2008-04-06 14:51:23 24453 --a------ C:\Documents and Settings\Admin\Application Data\.googlewebacchosts
2008-04-04 01:20:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-04-04 00:41:08 0 d-------- C:\Program Files\Xfire
2008-04-03 19:39:41 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files
2008-04-01 20:41:09 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-03-24 18:41:02 0 d-------- C:\Program Files\DVBT
2008-03-21 23:24:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 21:41:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-01 10:41:42 0 d-------- C:\Program Files\iTunes
2008-03-01 10:40:21 0 d-------- C:\Program Files\iPod
2008-03-01 10:36:21 0 d-------- C:\Program Files\QuickTime
2008-02-25 22:12:07 0 d-------- C:\Program Files\Toribash-3.1
2008-02-25 22:10:55 0 d-------- C:\Program Files\Bonjour
2008-02-25 20:43:12 0 d-------- C:\Program Files\Last.fm
2008-02-12 14:10:44 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-12 14:08:29 0 d-------- C:\Documents and Settings\Admin\Application Data\iolo
2008-02-11 02:11:58 0 d-------- C:\Program Files\Rockstar Games
2008-02-11 01:25:42 0 d-------- C:\Program Files\GTATools
2008-02-11 01:08:59 0 d-------- C:\Program Files\Junction25
2008-01-27 23:56:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-14 13:52:00 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-13 15:50:46 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-06 21:28:52 11975913 --a------ C:\Program1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [11/08/2006 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11/08/2006 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 16:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/08/2007 16:04]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 15:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 15:10]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 19:49]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [14/08/2007 09:29]
"08b6e52e"="C:\WINDOWS\system32\sspinumd.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/05/2007 19:01]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"WindowBlinds"="C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" []
"Simplify Media"="C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" []
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [25/02/2008 20:43:01]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [13/01/2008 17:11:39]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [14/03/2008 00:06:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [09/07/2007 23:24:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-04-06 15:16:37 ------------

Thanks again, Please look.
Posted Image
Thanks Shaba! :)

#8 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:49 PM

Posted 06 April 2008 - 09:25 AM

Hi

Much better :thumbsup:

Delete these:

C:\ovvbu.exe
C:\hlkhyer.exe

Empty Recycle Bin.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix). Don't use it yet.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________
  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
______________________________

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Please post:
  • SDFix report
  • SUPERAntiSpyware log
  • A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#9 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 06 April 2008 - 11:36 AM

Thanks, I only know of one other problem. When I start up my computer, I get RUNDLL Error Loading C:\WINDOWS\system32\sspinumd.dll The specified module could not be found.

SDFix Report

SDFix: Version 1.167
Run by Admin on 06/04/2008 at 16:56

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\univrs32.dat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 17:14:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"="C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe:*:Enabled:Google Desktop"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\WarRock\\WRLauncher.exe"="C:\\Program Files\\WarRock\\WRLauncher.exe:*:Enabled:War Rock"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TightVNC\\WinVNC.exe"="C:\\Program Files\\TightVNC\\WinVNC.exe:*:Enabled:TightVNC Win32 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 17 Dec 2007 88 ..SHR --- "C:\WINDOWS\system32\27855CE3D7.sys"
Mon 17 Dec 2007 2,672 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 6 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 25 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT5C.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT2.tmp"
Sun 30 Mar 2008 19,456 ...H. --- "C:\Documents and Settings\Heather\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 30 Mar 2008 19,968 ...H. --- "C:\Documents and Settings\Heather\Application Data\Microsoft\Word\~WRL3437.tmp"
Thu 28 Oct 2004 4,348 A..H. --- "C:\Documents and Settings\Martin\Desktop\Backup\jaz's\My Music\License Backup\drmv1key.bak"
Tue 4 Apr 2006 401 A..H. --- "C:\Documents and Settings\Martin\Desktop\Backup\jaz's\My Music\License Backup\drmv1lic.bak"
Thu 28 Oct 2004 400 A.SH. --- "C:\Documents and Settings\Martin\Desktop\Backup\jaz's\My Music\License Backup\drmv2key.bak"
Thu 28 Oct 2004 4,348 A..H. --- "C:\Documents and Settings\Martin\Desktop\Backup\Martin\mydocs\My Music\License Backup\drmv1key.bak"
Thu 21 Jul 2005 20 A..H. --- "C:\Documents and Settings\Martin\Desktop\Backup\Martin\mydocs\My Music\License Backup\drmv1lic.bak"
Thu 28 Oct 2004 400 A.SH. --- "C:\Documents and Settings\Martin\Desktop\Backup\Martin\mydocs\My Music\License Backup\drmv2key.bak"

Finished!

SAS Log

Where can I find this? It removed Trojan.Media-Codec and several Cookies

HJT Log

Deckard's System Scanner v20071014.68
Run by Admin on 2008-04-06 17:34:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:10, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [08b6e52e] rundll32.exe "C:\WINDOWS\system32\sspinumd.dll",b
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.13.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://219.117.233.69/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177430414718
O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} (LHGLauncherXForm Control) - http://www.shockwave.com/content/reaxxion/...HLGLauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6202EBF6-5BF0-4C6B-A4CD-3C7F02B0F2DA}: NameServer = 192.168.11.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13029 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 15:34:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-06 15:33:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 15:33:46 0 d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-04-06 15:11:45 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-06 13:20:39 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-06 13:20:38 68096 --a------ C:\WINDOWS\zip.exe
2008-04-06 13:20:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-06 13:20:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-06 13:20:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-06 13:20:38 98816 --a------ C:\WINDOWS\sed.exe
2008-04-06 13:20:38 80412 --a------ C:\WINDOWS\grep.exe
2008-04-06 13:20:38 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-05 23:21:08 0 d-------- C:\Program Files\TightVNC
2008-04-05 20:29:10 0 d-------- C:\Program Files\Trend Micro
2008-04-05 18:25:04 166296 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-03 19:48:10 0 d-------- C:\Program Files\Ashampoo
2008-04-02 21:49:38 0 d-------- C:\Program Files\Lavasoft
2008-04-02 21:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 18:13:30 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-03-31 21:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-30 21:41:57 0 d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-03-29 23:54:32 0 d-------- C:\Program Files\ManyCam 2.2
2008-03-24 19:07:10 0 d-------- C:\WINDOWS\ERUNT
2008-03-24 18:18:18 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-03-24 18:17:29 0 d-------- C:\Program Files\Greatis
2008-03-24 17:39:12 0 d-------- C:\Documents and Settings\Martin\Application Data\Webcammax
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Webcammax
2008-03-24 17:03:33 0 d-------- C:\Program Files\WebcamMax
2008-03-15 23:17:22 0 d-------- C:\Fraps


-- Find3M Report ---------------------------------------------------------------

2008-04-06 16:46:44 24550 --a------ C:\Documents and Settings\Admin\Application Data\.googlewebacchosts
2008-04-04 01:20:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-04-04 00:41:08 0 d-------- C:\Program Files\Xfire
2008-04-03 19:39:41 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files
2008-04-01 20:41:09 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-03-24 18:41:02 0 d-------- C:\Program Files\DVBT
2008-03-21 23:24:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 21:41:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-01 10:41:42 0 d-------- C:\Program Files\iTunes
2008-03-01 10:40:21 0 d-------- C:\Program Files\iPod
2008-03-01 10:36:21 0 d-------- C:\Program Files\QuickTime
2008-02-25 22:12:07 0 d-------- C:\Program Files\Toribash-3.1
2008-02-25 22:10:55 0 d-------- C:\Program Files\Bonjour
2008-02-25 20:43:12 0 d-------- C:\Program Files\Last.fm
2008-02-12 14:10:44 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-12 14:08:29 0 d-------- C:\Documents and Settings\Admin\Application Data\iolo
2008-02-11 02:11:58 0 d-------- C:\Program Files\Rockstar Games
2008-02-11 01:25:42 0 d-------- C:\Program Files\GTATools
2008-02-11 01:08:59 0 d-------- C:\Program Files\Junction25
2008-01-27 23:56:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-14 13:52:00 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-13 15:50:46 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-06 21:28:52 11975913 --a------ C:\Program1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [11/08/2006 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11/08/2006 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 16:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/08/2007 16:04]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 15:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 15:10]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 19:49]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [14/08/2007 09:29]
"08b6e52e"="C:\WINDOWS\system32\sspinumd.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/05/2007 19:01]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"WindowBlinds"="C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" []
"Simplify Media"="C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" []
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [25/02/2008 20:43:01]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [13/01/2008 17:11:39]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [14/03/2008 00:06:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [09/07/2007 23:24:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-04-06 17:36:27 ------------


Thanks once again, Connor.
Posted Image
Thanks Shaba! :)

#10 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:49 PM

Posted 06 April 2008 - 11:43 AM

Hi

As said before:

To retrieve the removal information after reboot, launch SUPERAntispyware again.

* Click Preferences, then click the Statistics/Logs tab.
* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
* If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
* Please copy and paste the Scan Log results in your next reply.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#11 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 06 April 2008 - 11:54 AM

Mostly just Cookies, so mostly useless I think but there's one main threat by the looks of it.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/06/2008 at 04:19 PM

Application Version : 4.0.1154

Core Rules Database Version : 3432
Trace Rules Database Version: 1424

Scan type : Complete Scan
Total Scan Time : 00:41:55

Memory items scanned : 556
Memory threats detected : 0
Registry items scanned : 5726
Registry threats detected : 0
File items scanned : 26436
File threats detected : 337

Spoiler


Trojan.Media-Codec
C:\Documents and Settings\Admin\Favorites\Online Security Test.url

Thanks, The cookies for other users don't use this Pc anymore - And if you've guessed already my account name is Admin. Hidden the Cookies as I didnt see them being much use to you

Thanks again, Connor.
Posted Image
Thanks Shaba! :)

#12 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:49 PM

Posted 06 April 2008 - 12:02 PM

Hi

Open HijackThis, click do a system scan only and checkmark this:

O4 - HKLM\..\Run: [08b6e52e] rundll32.exe "C:\WINDOWS\system32\sspinumd.dll",b

Close all windows including browser and press fix checked.

Reboot.

Post back a fresh HijackThis log and tell me if you still have any problems?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#13 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 06 April 2008 - 12:25 PM

RUNDLL Problem Fixed! No Sign of Pop-Ups :thumbsup:

Hopefully last HJT Log

Deckard's System Scanner v20071014.68
Run by Admin on 2008-04-06 18:21:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:06, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [Simplify Media] "C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.13.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://219.117.233.69/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177430414718
O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} (CamfrogWEB Basic Control) - http://activex.camfrogweb.com/basic/cfweb_..._instmodule.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} (LHGLauncherXForm Control) - http://www.shockwave.com/content/reaxxion/...HLGLauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6202EBF6-5BF0-4C6B-A4CD-3C7F02B0F2DA}: NameServer = 192.168.11.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13039 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 15:34:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-06 15:33:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 15:33:46 0 d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-04-06 15:11:45 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-06 13:20:39 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-06 13:20:38 68096 --a------ C:\WINDOWS\zip.exe
2008-04-06 13:20:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-06 13:20:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-06 13:20:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-06 13:20:38 98816 --a------ C:\WINDOWS\sed.exe
2008-04-06 13:20:38 80412 --a------ C:\WINDOWS\grep.exe
2008-04-06 13:20:38 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-05 23:21:08 0 d-------- C:\Program Files\TightVNC
2008-04-05 20:29:10 0 d-------- C:\Program Files\Trend Micro
2008-04-05 18:25:04 166296 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-03 19:48:10 0 d-------- C:\Program Files\Ashampoo
2008-04-02 21:49:38 0 d-------- C:\Program Files\Lavasoft
2008-04-02 21:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 18:13:30 0 d-------- C:\Documents and Settings\Admin\Application Data\Webroot
2008-03-31 21:56:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-30 21:41:57 0 d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-03-29 23:54:32 0 d-------- C:\Program Files\ManyCam 2.2
2008-03-24 19:07:10 0 d-------- C:\WINDOWS\ERUNT
2008-03-24 18:18:18 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-03-24 18:17:29 0 d-------- C:\Program Files\Greatis
2008-03-24 17:39:12 0 d-------- C:\Documents and Settings\Martin\Application Data\Webcammax
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-03-24 17:05:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Webcammax
2008-03-24 17:03:33 0 d-------- C:\Program Files\WebcamMax
2008-03-15 23:17:22 0 d-------- C:\Fraps


-- Find3M Report ---------------------------------------------------------------

2008-04-06 18:10:47 24629 --a------ C:\Documents and Settings\Admin\Application Data\.googlewebacchosts
2008-04-04 01:20:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-04-04 00:41:08 0 d-------- C:\Program Files\Xfire
2008-04-03 19:39:41 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-04-02 21:48:47 0 d-------- C:\Program Files\Common Files
2008-04-01 20:41:09 0 d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-03-24 18:41:02 0 d-------- C:\Program Files\DVBT
2008-03-21 23:24:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-09 21:41:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-01 10:41:42 0 d-------- C:\Program Files\iTunes
2008-03-01 10:40:21 0 d-------- C:\Program Files\iPod
2008-03-01 10:36:21 0 d-------- C:\Program Files\QuickTime
2008-02-25 22:12:07 0 d-------- C:\Program Files\Toribash-3.1
2008-02-25 22:10:55 0 d-------- C:\Program Files\Bonjour
2008-02-25 20:43:12 0 d-------- C:\Program Files\Last.fm
2008-02-12 14:10:44 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-12 14:08:29 0 d-------- C:\Documents and Settings\Admin\Application Data\iolo
2008-02-11 02:11:58 0 d-------- C:\Program Files\Rockstar Games
2008-02-11 01:25:42 0 d-------- C:\Program Files\GTATools
2008-02-11 01:08:59 0 d-------- C:\Program Files\Junction25
2008-01-27 23:56:55 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-14 13:52:00 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2008-01-13 15:50:46 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-06 21:28:52 11975913 --a------ C:\Program1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [11/08/2006 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11/08/2006 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 16:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 20:51]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 15:14]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/08/2007 16:04]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [05/09/2007 15:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [05/09/2007 15:10]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [07/08/2007 19:49]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"AntiSpyWare2Guard"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [14/08/2007 09:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/05/2007 19:01]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 14:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"WindowBlinds"="C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" []
"Simplify Media"="C:\Documents and Settings\Admin\Local Settings\Application Data\Simplify Media\SimplifyMedia.exe" []
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [25/02/2008 20:43:01]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [13/01/2008 17:11:39]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [14/03/2008 00:06:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [09/07/2007 23:24:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-04-06 18:23:41 ------------

Thanks :blink:
Posted Image
Thanks Shaba! :)

#14 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:49 PM

Posted 06 April 2008 - 12:29 PM

Hi

That looks good :thumbsup:

Any problems left?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#15 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:06:49 AM

Posted 06 April 2008 - 12:31 PM

None that I can see :thumbsup:

Thanks for all your time and effor :) I really do appreciate it!

:blink: SHABA! SHABA! SHABA! :wacko:
Posted Image
Thanks Shaba! :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users