Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus found Trojan Horse Generic13.LNA


  • This topic is locked This topic is locked
10 replies to this topic

#1 Geoff1

Geoff1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 04 April 2009 - 12:56 PM

Hiya

I have done a search with AVG and found three of these virus's linked to a divx video software bundle. AVG is unable to move to virus vault as it states file is too large. Also i have found a file on my system with screen shots of somebody elses pc desktop which is quite worrying. Also in my windows folder this programme is making numerous hidden files it is spunist.exe. This is the pathway to it C:\WINDOWS\$NtUninstallKB958687$. There are 180 folders a total of 1.1Gb quite a lot! I was wondering what it is?

I have AVG set to auto update but this is disabled and other spyware programmes are disabled when it comes to updating. My computer also is using a lot of memory and i can hear the hard drive running very fast even when it is supposedly sitting idle?

I appreciate any advice given


Geoff




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:43, on 04/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\Geoff\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\DOCUME~1\Geoff\LOCALS~1\Temp\E_S75.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Wanadoo Connection Kit.lnk = C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://knewloveonce.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 13768 bytes

BC AdBot (Login to Remove)

 


#2 Geoff1

Geoff1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 12 April 2009 - 04:19 PM

bump

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:17 AM

Posted 13 April 2009 - 12:31 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 Geoff1

Geoff1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 13 April 2009 - 01:13 PM

Hi thanks i have attached my DDS scan


DDS (Ver_09-03-16.01) - NTFSx86
Run by Geoff at 18:39:28.83 on 13/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.155 [GMT 1:00]

AV: ThreatFire *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Geoff\LOCALS~1\Temp\clclean.0001
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\Geoff\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.orange.co.uk/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mWindow Title = Microsoft Internet Explorer Provided by Wanadoo
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\windows\system32\WSBar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\docume~1\geoff\locals~1\temp\E_S75.tmp" /EF "HKCU"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\sitecom\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wanado~1.lnk - c:\wanadoo\wanadooconnectionkit\atdialler1.exe
IE: Search with Wanadoo - c:\windows\system32\WSBar.dll/VSearch.htm
IE: Send To &Bluetooth - c:\program files\sitecom\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\sitecom\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - hxxp://update.videoegg.com/wintel/VideoEggPublisher.exe
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://knewloveonce.spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-12 28544]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-2-11 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-2-11 39184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-7 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-7 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-29 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-29 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-30 17149]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-2-11 33040]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\geoff\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2009-4-4 70144]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;c:\windows\system32\drivers\usb8023.sys [2005-8-16 12800]

=============== Created Last 30 ================

2009-04-12 22:29 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-12 22:29 <DIR> --d----- c:\program files\Panda Security
2009-04-07 22:02 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-06 23:13 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-06 23:12 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-06 23:12 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-06 23:12 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-06 23:12 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-06 23:12 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-06 23:12 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-06 23:12 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-06 23:12 <DIR> --d----- C:\40d11696dde07e48fa
2009-04-06 23:11 <DIR> --d----- c:\windows\SxsCaPendDel
2009-04-05 23:26 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-05 15:01 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-05 15:01 208,744 a------- c:\windows\system32\muweb.dll
2009-04-05 15:01 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-05 09:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 09:56 <DIR> --d----- c:\program files\MSN Messenger
2009-04-05 09:40 <DIR> --d----- c:\documents and settings\geoff\Tracing
2009-04-05 09:32 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-04 16:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware(2)
2009-03-29 09:06 <DIR> --d----- C:\hjt1
2009-03-22 22:46 40,960 a------- c:\windows\_ds28.tmp

==================== Find3M ====================

2009-03-29 12:49 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-29 12:49 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-29 12:49 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-21 15:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 20:19 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 20:19 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 20:19 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 20:19 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 12:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-08 08:29 382 a------- c:\program files\Shortcut to Program Files.lnk
2008-10-05 22:16 18,816,895 a------- c:\program files\VSO.zip
2008-07-22 08:18 47,360 a------- c:\docume~1\geoff\applic~1\pcouffin.sys
2008-10-25 14:44 88 ---shr-- c:\windows\system32\1630B6646C.sys
2006-04-15 21:36 56 ---shr-- c:\windows\system32\761D06FF07.sys
2008-10-25 14:44 6,476 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-01 12:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080120080802\index.dat

============= FINISH: 18:41:23.58 ===============

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:17 AM

Posted 13 April 2009 - 01:16 PM

Hang on. Our HJT team has been alerted.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:17 PM

Posted 13 April 2009 - 03:27 PM

Also in my windows folder this programme is making numerous hidden files it is spunist.exe. This is the pathway to it C:\WINDOWS\$NtUninstallKB958687$. There are 180 folders a total of 1.1Gb quite a lot! I was wondering what it is?

Hi

That folder holds backups made when update to Windows is installed.

Please post contents of attach.txt file too.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Geoff1

Geoff1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 14 April 2009 - 03:32 AM

Hi

Thanks, at least now i know what that is!


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 27/03/2006 18:41:41
System Uptime: 13/04/2009 17:04:43 (1 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 22.157 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP426: 12/01/2009 20:49:01 - Removed TES Construction Set
RP427: 14/01/2009 00:22:02 - Software Distribution Service 3.0
RP428: 16/01/2009 21:53:17 - System Checkpoint
RP429: 18/01/2009 00:25:36 - System Checkpoint
RP430: 19/01/2009 23:36:27 - System Checkpoint
RP431: 20/01/2009 23:42:33 - System Checkpoint
RP432: 22/01/2009 15:18:39 - System Checkpoint
RP433: 25/01/2009 03:14:39 - System Checkpoint
RP434: 26/01/2009 23:13:52 - System Checkpoint
RP435: 29/01/2009 17:37:22 - System Checkpoint
RP436: 01/02/2009 22:55:46 - System Checkpoint
RP437: 04/02/2009 14:25:55 - System Checkpoint
RP438: 06/02/2009 22:49:53 - System Checkpoint
RP439: 08/02/2009 00:47:38 - System Checkpoint
RP440: 11/02/2009 22:56:48 - Software Distribution Service 3.0
RP441: 12/02/2009 22:58:24 - System Checkpoint
RP442: 13/02/2009 23:07:30 - System Checkpoint
RP443: 15/02/2009 16:31:09 - System Checkpoint
RP444: 17/02/2009 22:07:48 - System Checkpoint
RP445: 18/02/2009 23:03:24 - System Checkpoint
RP446: 20/02/2009 00:20:56 - System Checkpoint
RP447: 21/02/2009 21:19:44 - System Checkpoint
RP448: 23/02/2009 18:01:57 - System Checkpoint
RP449: 24/02/2009 23:05:36 - System Checkpoint
RP450: 25/02/2009 03:00:16 - Software Distribution Service 3.0
RP451: 27/02/2009 12:01:10 - System Checkpoint
RP452: 28/02/2009 12:13:22 - System Checkpoint
RP453: 01/03/2009 17:33:55 - System Checkpoint
RP454: 02/03/2009 19:34:50 - System Checkpoint
RP455: 06/03/2009 23:10:36 - System Checkpoint
RP456: 09/03/2009 23:18:28 - System Checkpoint
RP457: 11/03/2009 17:02:27 - Software Distribution Service 3.0
RP458: 12/03/2009 22:24:15 - System Checkpoint
RP459: 13/03/2009 23:49:47 - System Checkpoint
RP460: 15/03/2009 00:13:19 - System Checkpoint
RP461: 16/03/2009 00:52:10 - System Checkpoint
RP462: 16/03/2009 03:00:16 - Software Distribution Service 3.0
RP463: 18/03/2009 21:40:47 - System Checkpoint
RP464: 19/03/2009 22:54:56 - System Checkpoint
RP465: 21/03/2009 13:37:50 - System Checkpoint
RP466: 21/03/2009 14:31:12 - Removed Java™ 6 Update 10
RP467: 21/03/2009 14:31:52 - Installed Java™ 6 Update 12
RP468: 24/03/2009 10:32:18 - System Checkpoint
RP469: 25/03/2009 22:07:16 - System Checkpoint
RP470: 26/03/2009 23:50:23 - System Checkpoint
RP471: 28/03/2009 18:52:43 - System Checkpoint
RP472: 29/03/2009 08:14:10 - Removed Championship Manager 2007
RP473: 29/03/2009 08:37:20 - Installed Windows Media Format Runtime
RP474: 29/03/2009 12:48:10 - Avg8 Update
RP475: 29/03/2009 12:50:03 - Avg8 Update
RP476: 30/03/2009 18:37:41 - System Checkpoint
RP477: 01/04/2009 18:36:17 - System Checkpoint
RP478: 02/04/2009 21:10:51 - System Checkpoint
RP479: 04/04/2009 13:47:06 - System Checkpoint
RP480: 05/04/2009 09:56:12 - Restore Operation
RP481: 05/04/2009 23:26:22 - Software Distribution Service 3.0
RP482: 06/04/2009 23:00:41 - Software Distribution Service 3.0
RP483: 07/04/2009 23:22:16 - Software Distribution Service 3.0
RP484: 09/04/2009 00:39:48 - System Checkpoint
RP485: 10/04/2009 08:44:08 - System Checkpoint
RP486: 11/04/2009 09:00:00 - System Checkpoint
RP487: 12/04/2009 18:32:27 - System Checkpoint

==== Installed Programs ======================

µTorrent
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Alexander
Andrea VoiceCenter
AOL You've Got Pictures Screensaver
ARTEuro
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG Free 8.0
AviSynth 2.5
bet365casino
Blowfish Advanced CS
Bluesoleil2.6.0.8 Release 070517
Camera RAW Plug-In for EPSON Creativity Suite
CamSeek 1.1.2
CamTrack
CardRd81
CCScore
Command & Conquer Generals
Conflict Global Storm
ConvertXtoDVD 3.0.0.1
Corel Paint Shop Pro X
Corel Photo Album 6
CR2
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Disc2Phone
DivX Codec
EPSON-Drucker-Software
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPSON Web-To-Page
ERUNT 1.1j
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Free Internet Eraser 2.30
Google Earth
GTA San Andreas
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 12
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
kgcbase
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Microsoft XML Parser
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
netbrdg
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
OfotoXMI
Otto
Panda ActiveScan
Panda ActiveScan 2.0
QuickTime
RealPlayer
Roxio Backup MyPC
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Runtime 8.0 Libraries
Scarface: The World is Yours
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SFR
SHASTA
Sitecom Bluetooth Software
skin0001
SKINXSDK
Sonic Activation Module
Sonic Encoders
Sony Ericsson PC Suite 1.20.173
SopCast 3.0.1
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SpeedTouch USB Software
Spybot - Search & Destroy
SpywareBlaster 4.1
staticcr
SUPERAntiSpyware Free Edition
System Requirements Lab
The Godfather™ The Game
ThreatFire
tooltips
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
VPRINTOL
Wanadoo Connection Kit v1.5
Wanadoo Europe Installer
Wanadoo UK
WebFldrs XP
Winamp (remove only)
WinAVI Video Converter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
YahELite 301
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

06/04/2009 22:30:25, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
06/04/2009 22:26:34, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
06/04/2009 22:26:34, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
08/04/2009 22:31:11, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
08/04/2009 22:31:17, error: Service Control Manager [7034] - The Bluetooth Support Service service terminated unexpectedly. It has done this 1 time(s).
08/04/2009 22:31:24, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
08/04/2009 22:31:29, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
08/04/2009 22:31:29, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
08/04/2009 22:31:29, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
08/04/2009 22:31:34, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
10/04/2009 06:30:35, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F33E2C1A1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
11/04/2009 09:05:42, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MYLAPTOP-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DB34E829-1F77-46. The master browser is stopping or an election is being forced.

==== End Of File ===========================

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:17 PM

Posted 14 April 2009 - 08:15 AM

Hi again,


I recommend you to uninstall P2P file sharing software installed there. Big part of infections are nowadays received from P2P networks.


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read the requirements and privacy statement then click on the Accept button.
  • The program will launch and start to download the latest definition files.
  • You will be prompted to install an application from Kaspersky. Click Run
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • Click on Save Report As....
  • Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Save this report to a convenient place.
  • Copy and paste that information into your topic. Post also a fresh dds.txt log. How's the system running?
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Geoff1

Geoff1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 17 April 2009 - 02:34 PM

Hi

I am finding my system is running at particualrly high speeds when should be sitting idle. I have clocked cpu usage at 70%-90% at times and when computer is doing nothing. I also have screen shots of someone elses desktop in a file i found, something which is worrying! I am quite worried system is infected with a trojan or keylogger.

KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, April 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, April 17, 2009 18:11:44
Records in database: 2055331
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 128345
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:37:34


File name / Threat name / Threats count
C:\Documents and Settings\Geoff\Desktop\New Folder\bfacs257inst.zip Infected: not-a-virus:AdWare.Win32.Dm.xo 1

The selected area was scanned.






DDS (Ver_09-03-16.01) - NTFSx86
Run by Geoff at 20:29:54.01 on 17/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.488 [GMT 1:00]

AV: ThreatFire *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Wanadoo\WanadooConnectionKit\atdialler1.exe
C:\DOCUME~1\Geoff\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Geoff\Local Settings\temp\jkos-Geoff\binaries\ScanningProcess.exe
C:\Documents and Settings\Geoff\Local Settings\temp\jkos-Geoff\binaries\ScanningProcess.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Geoff\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.orange.co.uk/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mWindow Title = Microsoft Internet Explorer Provided by Wanadoo
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\windows\system32\WSBar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\docume~1\geoff\locals~1\temp\E_S75.tmp" /EF "HKCU"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\sitecom\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wanado~1.lnk - c:\wanadoo\wanadooconnectionkit\atdialler1.exe
IE: Search with Wanadoo - c:\windows\system32\WSBar.dll/VSearch.htm
IE: Send To &Bluetooth - c:\program files\sitecom\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\sitecom\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesuk.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - hxxp://update.videoegg.com/wintel/VideoEggPublisher.exe
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://knewloveonce.spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-12 28544]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-2-11 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-2-11 39184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-7 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-7 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-29 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-29 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-30 17149]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-2-11 33040]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\geoff\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2009-4-4 70144]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;c:\windows\system32\drivers\usb8023.sys [2005-8-16 12800]

=============== Created Last 30 ================

2009-04-15 18:18 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-14 23:12 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-14 23:12 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-14 23:12 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-14 23:12 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-14 23:12 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 23:12 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-14 23:12 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 23:12 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-14 23:12 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 23:12 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-14 21:03 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 21:03 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 21:03 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-12 22:29 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-12 22:29 <DIR> --d----- c:\program files\Panda Security
2009-04-07 22:02 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-06 23:13 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-06 23:12 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-06 23:12 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-06 23:12 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-06 23:12 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-06 23:12 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-06 23:12 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-06 23:12 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-06 23:12 <DIR> --d----- C:\40d11696dde07e48fa
2009-04-06 23:11 <DIR> --d----- c:\windows\SxsCaPendDel
2009-04-05 23:26 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-05 15:01 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-05 15:01 208,744 a------- c:\windows\system32\muweb.dll
2009-04-05 15:01 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-05 09:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 09:56 <DIR> --d----- c:\program files\MSN Messenger
2009-04-05 09:40 <DIR> --d----- c:\documents and settings\geoff\Tracing
2009-04-05 09:32 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-04 16:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware(2)
2009-03-29 09:06 <DIR> --d----- C:\hjt1
2009-03-22 22:46 40,960 a------- c:\windows\_ds28.tmp
2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-15 18:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-29 12:49 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-29 12:49 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-29 12:49 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 20:19 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 20:19 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 20:19 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 20:19 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 05:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 11:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 11:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 06:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 12:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 12:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 12:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 11:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 20:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-10-08 08:29 382 a------- c:\program files\Shortcut to Program Files.lnk
2008-10-05 22:16 18,816,895 a------- c:\program files\VSO.zip
2008-07-22 08:18 47,360 a------- c:\docume~1\geoff\applic~1\pcouffin.sys
2008-10-25 14:44 88 ---shr-- c:\windows\system32\1630B6646C.sys
2006-04-15 21:36 56 ---shr-- c:\windows\system32\761D06FF07.sys
2008-10-25 14:44 6,476 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-01 12:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080120080802\index.dat

============= FINISH: 20:31:37.37 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 27/03/2006 18:41:41
System Uptime: 17/04/2009 16:59:06 (4 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 22.688 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP428: 16/01/2009 21:53:17 - System Checkpoint
RP429: 18/01/2009 00:25:36 - System Checkpoint
RP430: 19/01/2009 23:36:27 - System Checkpoint
RP431: 20/01/2009 23:42:33 - System Checkpoint
RP432: 22/01/2009 15:18:39 - System Checkpoint
RP433: 25/01/2009 03:14:39 - System Checkpoint
RP434: 26/01/2009 23:13:52 - System Checkpoint
RP435: 29/01/2009 17:37:22 - System Checkpoint
RP436: 01/02/2009 22:55:46 - System Checkpoint
RP437: 04/02/2009 14:25:55 - System Checkpoint
RP438: 06/02/2009 22:49:53 - System Checkpoint
RP439: 08/02/2009 00:47:38 - System Checkpoint
RP440: 11/02/2009 22:56:48 - Software Distribution Service 3.0
RP441: 12/02/2009 22:58:24 - System Checkpoint
RP442: 13/02/2009 23:07:30 - System Checkpoint
RP443: 15/02/2009 16:31:09 - System Checkpoint
RP444: 17/02/2009 22:07:48 - System Checkpoint
RP445: 18/02/2009 23:03:24 - System Checkpoint
RP446: 20/02/2009 00:20:56 - System Checkpoint
RP447: 21/02/2009 21:19:44 - System Checkpoint
RP448: 23/02/2009 18:01:57 - System Checkpoint
RP449: 24/02/2009 23:05:36 - System Checkpoint
RP450: 25/02/2009 03:00:16 - Software Distribution Service 3.0
RP451: 27/02/2009 12:01:10 - System Checkpoint
RP452: 28/02/2009 12:13:22 - System Checkpoint
RP453: 01/03/2009 17:33:55 - System Checkpoint
RP454: 02/03/2009 19:34:50 - System Checkpoint
RP455: 06/03/2009 23:10:36 - System Checkpoint
RP456: 09/03/2009 23:18:28 - System Checkpoint
RP457: 11/03/2009 17:02:27 - Software Distribution Service 3.0
RP458: 12/03/2009 22:24:15 - System Checkpoint
RP459: 13/03/2009 23:49:47 - System Checkpoint
RP460: 15/03/2009 00:13:19 - System Checkpoint
RP461: 16/03/2009 00:52:10 - System Checkpoint
RP462: 16/03/2009 03:00:16 - Software Distribution Service 3.0
RP463: 18/03/2009 21:40:47 - System Checkpoint
RP464: 19/03/2009 22:54:56 - System Checkpoint
RP465: 21/03/2009 13:37:50 - System Checkpoint
RP466: 21/03/2009 14:31:12 - Removed Java™ 6 Update 10
RP467: 21/03/2009 14:31:52 - Installed Java™ 6 Update 12
RP468: 24/03/2009 10:32:18 - System Checkpoint
RP469: 25/03/2009 22:07:16 - System Checkpoint
RP470: 26/03/2009 23:50:23 - System Checkpoint
RP471: 28/03/2009 18:52:43 - System Checkpoint
RP472: 29/03/2009 08:14:10 - Removed Championship Manager 2007
RP473: 29/03/2009 08:37:20 - Installed Windows Media Format Runtime
RP474: 29/03/2009 12:48:10 - Avg8 Update
RP475: 29/03/2009 12:50:03 - Avg8 Update
RP476: 30/03/2009 18:37:41 - System Checkpoint
RP477: 01/04/2009 18:36:17 - System Checkpoint
RP478: 02/04/2009 21:10:51 - System Checkpoint
RP479: 04/04/2009 13:47:06 - System Checkpoint
RP480: 05/04/2009 09:56:12 - Restore Operation
RP481: 05/04/2009 23:26:22 - Software Distribution Service 3.0
RP482: 06/04/2009 23:00:41 - Software Distribution Service 3.0
RP483: 07/04/2009 23:22:16 - Software Distribution Service 3.0
RP484: 09/04/2009 00:39:48 - System Checkpoint
RP485: 10/04/2009 08:44:08 - System Checkpoint
RP486: 11/04/2009 09:00:00 - System Checkpoint
RP487: 12/04/2009 18:32:27 - System Checkpoint
RP488: 14/04/2009 09:18:33 - System Checkpoint
RP489: 14/04/2009 21:08:03 - Installed Java™ 6 Update 13
RP490: 15/04/2009 03:00:19 - Software Distribution Service 3.0
RP491: 15/04/2009 17:53:59 - Removed J2SE Runtime Environment 5.0 Update 10
RP492: 15/04/2009 17:55:27 - Removed J2SE Runtime Environment 5.0 Update 6
RP493: 15/04/2009 17:56:25 - Removed J2SE Runtime Environment 5.0 Update 9
RP494: 15/04/2009 17:57:47 - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP495: 15/04/2009 18:01:41 - Removed Java™ 6 Update 12
RP496: 15/04/2009 18:02:47 - Removed Java™ 6 Update 3
RP497: 15/04/2009 18:03:37 - Removed Java™ 6 Update 5
RP498: 15/04/2009 18:04:25 - Removed Java™ 6 Update 7
RP499: 15/04/2009 18:05:09 - Removed Java™ SE Runtime Environment 6 Update 1
RP500: 15/04/2009 18:17:39 - Installed Java™ 6 Update 13

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Alexander
Andrea VoiceCenter
AOL You've Got Pictures Screensaver
ARTEuro
ATI Control Panel
ATI Display Driver
AVG Free 8.0
AviSynth 2.5
Blowfish Advanced CS
Bluesoleil2.6.0.8 Release 070517
Camera RAW Plug-In for EPSON Creativity Suite
CamSeek 1.1.2
CamTrack
CardRd81
CCScore
Command & Conquer Generals
Conflict Global Storm
ConvertXtoDVD 3.0.0.1
Corel Paint Shop Pro X
Corel Photo Album 6
CR2
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Disc2Phone
EPSON-Drucker-Software
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPSON Web-To-Page
ERUNT 1.1j
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Free Internet Eraser 2.30
Google Earth
GTA San Andreas
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Java™ 6 Update 13
kgcbase
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Microsoft XML Parser
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
netbrdg
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
OfotoXMI
Otto
Panda ActiveScan
Panda ActiveScan 2.0
QuickTime
RealPlayer
Roxio Backup MyPC
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Runtime 8.0 Libraries
Scarface: The World is Yours
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SFR
SHASTA
Sitecom Bluetooth Software
skin0001
SKINXSDK
Sonic Activation Module
Sonic Encoders
Sony Ericsson PC Suite 1.20.173
SopCast 3.0.1
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SpeedTouch USB Software
Spybot - Search & Destroy
SpywareBlaster 4.1
staticcr
SUPERAntiSpyware Free Edition
System Requirements Lab
The Godfather™ The Game
ThreatFire
tooltips
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
VPRINTOL
Wanadoo Connection Kit v1.5
Wanadoo Europe Installer
Wanadoo UK
WebFldrs XP
Winamp (remove only)
WinAVI Video Converter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
YahELite 301
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

12/04/2009 13:30:08, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/04/2009 09:05:42, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MYLAPTOP-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DB34E829-1F77-46. The master browser is stopping or an election is being forced.
10/04/2009 06:30:35, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F33E2C1A1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
14/04/2009 21:07:40, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:17 PM

Posted 17 April 2009 - 03:38 PM

Hi again,

You didn't uninstall old Adobe Reader and get the latest one yet. Please follow instructions in my previous post to install fresh, non-vulnerable version.


Delete C:\Documents and Settings\Geoff\Desktop\New Folder\bfacs257inst.zip file.

You said in topic opener that AVG detected something malicious in divx software. Could you post exact locations for these files?

I have clocked cpu usage at 70%-90% at times and when computer is doing nothing.

Could you see from task manager which processes (system idle excluded) take most CPU time?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:17 PM

Posted 28 April 2009 - 10:57 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users