Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop infected with win32 brontok virus


  • This topic is locked This topic is locked
32 replies to this topic

#1 gonch19

gonch19

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 05 May 2009 - 10:01 PM

Dear Sirs/Madams,

I wondered if anyone can help me. Yesterday I was browsing the internet and seemingly picked up a virus. It restarted my computer, changed my settings and blocked me from using the internet. Now it seems to keep unblocking my firewall, I cannot access certain files/documents or for example get onto msconfig (it closes down before getting a chance to load) and cannot access some websites. The message I keep getting from Windows is as follows:

Do you want to block this suspicious software: Name: Win32.Brontok Risk Level: High Description: This worm spreads via the Internet as an attachment to infected messages. It sends itself to email addresses harvested from the victim machine. The only available option is to 'enable protection' - keep blocking or unblock options are unavailable.

I also keep getting random MSDOS messages. E.g. - 'C:\WINDOWS\Sysvxd.exe - The NTVDM CPU has encountered an illegal instruction. CS:06ca IP:06e4 OP:63 6f 72 61 74 Choose 'Close' to terminate the application.' Close/Ignore.

I browsed one or two websites to find a cure, but did not know how to execute. I disabled System Restore just before starting the process on one advice website, but abandoned as the instructions were not clear and as yet have kept System Restore disabled. I was referred to this forum by a friend. Please help, it is ruining my computer and I cannot seem to get rid!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jon at 1:47:25.40 on 06/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.239 [GMT 1:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Jon\Application Data\Google\sxkzw965566.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
"C:\WINDOWS\system32\drivers\svchost.exe"
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bt.yahoo.com/
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mDefault_Search_URL = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
mSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Motive SmartBridge] c:\progra~1\bthome~1\help\smartb~1\BTHelpNotifier.exe
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -onlytray
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [WMAAD] c:\program files\sony\walkman launcher\WMAAD.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [realteks] "c:\documents and settings\jon\application data\google\sxkzw965566.exe" 2
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\jon\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt home hub\help\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\program files\titan poker\casino.exe
IE: {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - c:\program files\bet365mpp\MPPoker.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144313713062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\s99dmi69.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-3-4 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-3-4 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-3-4 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-3-4 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-3-4 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-3-4 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-3-4 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-3-4 4960]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-6-21 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2007-6-21 67760]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-9-4 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-11-2 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-11-2 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-11-2 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-11-2 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-11-2 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-11-2 90800]

=============== Created Last 30 ================

2009-05-05 10:05 54,388 a------- c:\windows\Sysvxd.exe
2009-05-05 05:41 41,644 a------- c:\windows\system32\drivers\svchost.exe
2009-04-25 17:25 <DIR> --d----- c:\program files\Veetle
2009-04-17 22:06 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 22:06 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-06 15:00 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 09:14 668,160 a------- c:\windows\system32\wininet.dll
2009-02-20 09:14 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 11:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 11:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 11:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 11:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-06 11:29 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 10:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 10:49 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2008-03-09 21:35 37,152 a------- c:\docume~1\jon\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 1:48:13.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 12 May 2009 - 01:57 PM

Hi gonch19,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Please download http://OTListIt2 by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Type or copy and paste in the Custom Scans/Fixes section: drivers32
  • Click Run Scan button.
  • Two reports will open, copy and paste the first log to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

[*]Tell me about the current condition of your computer.
[/list]

#3 gonch19

gonch19
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 12 May 2009 - 07:05 PM

Hi Farbar,

Thanks very much for agreeing to help me. Here is the Otlistit.exe c & p you requested.

Please let me know how to proceed following this.

The current condition of my computer is as before - erratic. Actually since this happened I have not shut it down (over a week now) simply leaving it on standby for fear of the problem becoming worse. As far as I can tell (I have not used it much) it is still not normal. The firewall keeps switching off automatically and internet browsing is still erratic. I still get the same popups from the first post.


OTListIt logfile created on: 13/05/2009 00:51:09 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Jon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1021.98 Mb Total Physical Memory | 299.88 Mb Available Physical Memory | 29.34% Memory free
1.66 Gb Paging File | 0.85 Gb Available in Paging File | 51.42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 16.34 Gb Free Space | 17.54% Space Free | Partition Type: NTFS
Drive D: | 527.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF1.02
Drive E: | 7.57 Gb Total Space | 0.35 Gb Free Space | 4.63% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONATHAN
Current User Name: Jon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/12/21 05:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2005/11/28 11:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/10/26 16:56:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
PRC - [2007/03/04 17:49:24 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
PRC - [2007/12/22 12:19:08 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/01/18 00:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2005/11/28 11:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/20 11:22:14 | 00,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2006/05/30 10:48:00 | 00,049,152 | ---- | M] () -- C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
PRC - [2005/12/21 05:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2004/08/04 13:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/12/17 00:32:58 | 00,761,945 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/09 23:49:42 | 15,691,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/10/15 14:29:08 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006/01/05 14:02:24 | 00,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
PRC - [2005/08/03 14:26:14 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/12/17 00:21:00 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/11/03 00:41:04 | 00,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/11/30 12:25:22 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/08/03 14:26:02 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/05/12 10:31:38 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/09/15 11:53:34 | 00,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/03/11 15:03:16 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/10/06 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/12/05 12:37:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2005/11/28 11:41:50 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2006/02/06 18:52:10 | 00,462,935 | ---- | M] (Motive) -- C:\Program Files\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe
PRC - [2005/12/29 11:22:00 | 00,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\btbb_wcm\McciTrayApp.exe
PRC - [2003/12/09 12:03:08 | 00,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2005/11/17 23:44:38 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2005/12/13 09:49:08 | 00,217,088 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006/03/03 14:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2009/02/24 17:56:29 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
PRC - [2007/02/16 18:41:36 | 00,110,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
PRC - [2005/11/28 11:37:52 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/01/26 13:36:44 | 00,495,616 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/04/11 11:26:06 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2005/11/30 17:56:02 | 01,306,624 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2005/11/07 11:09:18 | 00,120,320 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2005/10/28 14:54:50 | 00,471,040 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2005/08/31 17:11:08 | 00,090,112 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2005/12/07 14:01:32 | 01,744,896 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/11/29 18:09:10 | 00,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/02/02 16:59:32 | 00,192,512 | ---- | M] () -- C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
PRC - [2005/12/06 20:08:04 | 00,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2005/08/12 14:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2006/12/20 12:34:02 | 00,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2004/08/04 13:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2004/08/04 13:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/04 13:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/04 13:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2009/01/23 22:21:27 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 13:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/04 13:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/04 13:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2009/05/05 05:40:50 | 00,041,644 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\system32\drivers\svchost.exe
PRC - [2007/02/16 18:55:48 | 01,392,640 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\WALKMAN Launcher\WMLNCH.exe
PRC - [2009/05/13 00:50:01 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/03/06 01:52:36 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/12/21 05:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/10/26 16:56:53 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
SRV - [2007/03/04 17:49:24 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
SRV - [2007/12/22 12:19:08 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/01/18 00:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2005/11/28 11:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2007/09/26 22:05:42 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2004/08/04 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/01/26 11:39:06 | 00,075,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe -- (ICScsiSV [On_Demand | Stopped])
SRV - [2007/01/26 11:38:48 | 00,067,760 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe -- (IcVzMonLauncher [On_Demand | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/01/26 11:38:48 | 00,043,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment [On_Demand | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2005/11/28 11:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2005/11/28 11:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/02/05 10:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2007/02/05 10:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2005/12/20 11:22:14 | 00,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/05/30 10:48:00 | 00,049,152 | ---- | M] () -- C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe -- (Wireless Adapter Configurator [Auto | Running])
SRV - [2003/05/19 16:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/09/15 23:24:21 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/11/15 17:00:22 | 01,122,656 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/12/21 05:51:46 | 01,419,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/10/26 16:56:46 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core [System | Running])
DRV - [2007/03/04 17:49:33 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
DRV - [2007/03/04 17:49:34 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
DRV - [2007/12/22 12:19:11 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean [System | Running])
DRV - [2007/03/04 17:49:35 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2005/10/10 23:31:42 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/11/28 22:20:20 | 01,353,820 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2005/12/10 00:48:40 | 04,123,136 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2006/03/24 17:53:07 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Running])
DRV - [2003/01/29 22:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2005/10/13 09:15:18 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2005/10/13 09:15:18 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2005/10/13 09:15:18 | 00,124,928 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2005/10/13 09:15:18 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/11/28 12:09:26 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/02/08 12:55:40 | 00,061,536 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sea1bus.sys -- (sea1bus [On_Demand | Stopped])
DRV - [2007/02/08 12:55:50 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys -- (sea1mdfl [On_Demand | Stopped])
DRV - [2007/02/08 12:55:52 | 00,097,088 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sea1mdm.sys -- (sea1mdm [On_Demand | Stopped])
DRV - [2007/02/08 12:56:00 | 00,088,624 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys -- (sea1mgmt [On_Demand | Stopped])
DRV - [2007/02/08 12:56:02 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sea1nd5.sys -- (sea1nd5 [On_Demand | Stopped])
DRV - [2007/02/08 12:56:06 | 00,086,432 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sea1obex.sys -- (sea1obex [On_Demand | Stopped])
DRV - [2007/02/08 12:56:20 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sea1unic.sys -- (sea1unic [On_Demand | Stopped])
DRV - [2006/09/30 00:35:27 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/12/17 00:15:06 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/11/30 18:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/09/09 14:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Running])
DRV - [2005/10/20 14:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running])
DRV - [2005/11/30 11:01:02 | 00,043,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2005/12/05 09:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
IE - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
IE - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\S-1-5-21-261337302-2791447278-1231208795-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\S-1-5-21-261337302-2791447278-1231208795-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/02/05 04:55:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/01/23 22:23:22 | 00,000,000 | ---D | M]

[2009/01/23 22:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\mozilla\Extensions
[2009/01/23 22:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/07 05:39:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\mozilla\Firefox\Profiles\s99dmi69.default\extensions
[2009/01/24 13:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\mozilla\Firefox\Profiles\s99dmi69.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2006/09/16 15:39:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/23 22:23:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/23 22:21:10 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/01/23 22:21:10 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/23 22:22:36 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/23 22:22:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/23 22:22:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/23 22:22:36 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/23 22:22:37 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/23 22:22:37 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/23 22:22:37 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe (Motive)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray (Nokia)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe (Sony Corporation)
O4 - HKLM..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe (?????????? ??????????)
O4 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-261337302-2791447278-1231208795-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe ()
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe (Microgaming)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1144313713062 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/05 15:20:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/26 17:38:34 | 00,039,680 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2007/09/05 21:47:46 | 00,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF1.02 ]
O33 - MountPoints2\{de8cae16-db4c-11dc-bf72-00a0d13474fc}\Shell\AutoRun\command - "" = E:\x.com -- File not found
O33 - MountPoints2\{de8cae16-db4c-11dc-bf72-00a0d13474fc}\Shell\explore\Command - "" = E:\x.com -- File not found
O33 - MountPoints2\{de8cae16-db4c-11dc-bf72-00a0d13474fc}\Shell\open\Command - "" = E:\x.com -- File not found
O33 - MountPoints2\{ef0fecae-4900-11db-bd6a-00a0d13474fc}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
Drivers32: aux - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\system32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\system32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/05/13 00:50:00 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTListIt2.exe
[2009/05/11 22:38:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/05/06 01:47:07 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\dds.scr
[2009/05/05 10:05:41 | 00,055,156 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2009/05/05 09:49:37 | 00,038,912 | ---- | C] (SOFTWIN) -- C:\Documents and Settings\Jon\Desktop\AntiBrontokA-en.exe
[2009/05/05 05:49:42 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\FuycXHJdat.gif
[2009/05/05 05:49:42 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\FuycXHJdzn.gif
[2009/05/05 05:49:42 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\FuycXHJdby.gif
[2009/05/05 05:41:04 | 00,041,644 | ---- | C] (?????????? ??????????) -- C:\WINDOWS\System32\drivers\svchost.exe
[2009/05/05 05:40:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Application Data\Google
[2009/05/03 05:24:56 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Jon\My Documents\Real 2-6 Barca - 6 things we loved.doc
[2009/04/26 05:44:53 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\Good and Useful football websites.doc
[2009/04/25 17:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\Veetle
[2009/04/21 01:10:44 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\Train complaint 21.4.doc
[2009/04/17 22:11:39 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/17 22:11:39 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/17 22:11:39 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/17 22:11:39 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/17 22:11:38 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/17 22:11:37 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/17 22:11:37 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/17 22:11:34 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/17 22:11:33 | 00,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/17 22:11:29 | 02,142,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/17 22:11:26 | 02,186,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/17 22:11:20 | 02,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/17 22:11:17 | 02,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/04/17 22:06:49 | 01,193,414 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/17 22:06:42 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 01:23:58 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\links.doc
[2007/06/21 21:50:09 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/11/15 22:01:35 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/15 21:36:58 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/16 13:26:47 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/04/06 10:56:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/06 10:44:14 | 00,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/04/06 10:31:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/06 09:43:57 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/04/06 09:43:57 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/04/06 09:43:57 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/04/06 09:43:57 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/04/06 09:41:09 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/04/06 09:31:35 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/06 09:10:11 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/04/06 09:10:11 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/04/06 09:10:11 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/04/06 09:10:11 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/04/06 09:10:11 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/04/06 09:10:11 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/06 09:08:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/04/06 09:00:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/04/06 09:00:51 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/04/06 09:00:51 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/04/06 08:52:23 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/04/06 08:52:23 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/04/05 15:24:26 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/05 14:05:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/04/05 14:05:56 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/05 14:05:34 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/04/05 14:05:32 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/11/29 04:33:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/05/13 00:50:01 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTListIt2.exe
[2009/05/11 05:02:53 | 00,055,156 | ---- | M] () -- C:\WINDOWS\Sysvxd.exe
[2009/05/07 05:25:32 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\FuycXHJdat.gif
[2009/05/07 05:25:32 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\FuycXHJdzn.gif
[2009/05/07 05:25:32 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\FuycXHJdby.gif
[2009/05/06 01:47:08 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\dds.scr
[2009/05/06 01:44:43 | 00,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/06 01:44:43 | 00,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/06 01:44:43 | 00,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/05 16:33:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/05 16:33:05 | 01,472,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 16:33:05 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Jon\Local Settings\desktop.ini
[2009/05/05 16:32:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/05 16:32:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/05 16:32:45 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/05 16:28:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/05 16:28:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/05 09:49:38 | 00,038,912 | ---- | M] (SOFTWIN) -- C:\Documents and Settings\Jon\Desktop\AntiBrontokA-en.exe
[2009/05/05 06:41:21 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/05 05:43:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/05 05:43:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/05 05:40:50 | 00,041,644 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\System32\drivers\svchost.exe
[2009/05/04 05:35:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/04 05:35:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/04 04:56:24 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Microsoft Word.lnk
[2009/05/03 05:32:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/03 05:32:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/03 05:24:57 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Jon\My Documents\Real 2-6 Barca - 6 things we loved.doc
[2009/04/29 03:17:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/29 03:17:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/28 01:42:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/28 01:42:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/27 02:32:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/27 02:32:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/27 02:02:00 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Good and Useful football websites.doc
[2009/04/26 05:58:25 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/26 05:58:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/04/25 05:12:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/25 05:12:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/24 17:37:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/24 17:37:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/23 02:17:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/23 02:17:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/22 02:43:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/22 02:43:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/21 01:46:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/21 01:46:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/21 01:10:45 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Train complaint 21.4.doc
[2009/04/20 01:25:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/20 01:25:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/19 06:47:10 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/19 06:47:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/16 02:14:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/16 02:14:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/04/15 01:28:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/04/15 01:28:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/04/15 01:23:58 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\links.doc
[2009/04/13 04:56:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/04/13 04:56:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
< End of report >

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 12 May 2009 - 07:16 PM

Hi again,

Please make sure:

1. You change the ComboFix name before saving it, otherwise the malware doesn't allow it to run.
2. Make sure you let ComboFix download and install Recovery Console.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


#5 gonch19

gonch19
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 12 May 2009 - 08:13 PM

Hi farbar, and thanks again. Here is the Combofix log:

ComboFix 09-05-12.04 - Jon 13/05/2009 1:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.278 [GMT 1:00]
Running from: c:\documents and settings\Jon\Desktop\jefferson.exe
AV: AVG 7.5.557 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jon\Application Data\Google\Shell32.dll
c:\documents and settings\Jon\Application Data\Google\sxkzw965566.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\svchost.exe
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-11 21:38 . 2009-05-11 21:38 -------- d-----w c:\windows\system32\LogFiles
2009-04-25 16:25 . 2009-04-25 16:25 -------- d-----w c:\program files\Veetle
2009-04-17 21:06 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 00:36 . 2006-09-20 01:38 -------- d-----w c:\program files\Soulseek
2009-03-06 14:00 . 2006-04-05 13:05 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:14 . 2006-04-05 13:05 668160 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2006-04-05 13:05 81920 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 1306624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Motive SmartBridge"="c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 462935]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"WMAAD"="c:\program files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 495616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-03 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-26 219136]

c:\documents and settings\Jon\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-15 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]
BT Broadband Desktop Help.lnk - c:\program files\BT Home Hub\Help\bin\matcli.exe [2006-9-16 217088]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\William Hill Poker\\UA.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Jon\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [21/06/2007 21:52 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [21/06/2007 21:52 67760]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [04/09/2007 21:17 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [02/11/2007 20:01 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [02/11/2007 20:01 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [02/11/2007 20:02 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [02/11/2007 20:02 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [02/11/2007 20:02 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [02/11/2007 20:02 90800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de8cae16-db4c-11dc-bf72-00a0d13474fc}]
\Shell\AutoRun\command - E:\x.com
\Shell\explore\Command - E:\x.com
\Shell\open\Command - E:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef0fecae-4900-11db-bd6a-00a0d13474fc}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-realteks - c:\documents and settings\Jon\Application Data\Google\sxkzw965566.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
IE: {{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - c:\program files\bet365MPP\MPPoker.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\s99dmi69.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 01:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2400)
c:\progra~1\BTHOME~1\Help\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
c:\program files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\BT Home Hub\Help\bin\mpbtn.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe
.
**************************************************************************
.
Completion time: 2009-05-13 2:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-13 01:03

Pre-Run: 17,463,681,024 bytes free
Post-Run: 18,129,551,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

207 --- E O F --- 2009-05-05 05:41

And the Hijack This logs you requested. I re-ran DDS to do this, which I hope was correct.











DDS (Ver_09-03-16.01) - NTFSx86
Run by Jon at 2:09:17.82 on 13/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.300 [GMT 1:00]

AV: AVG 7.5.557 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Motive SmartBridge] c:\progra~1\bthome~1\help\smartb~1\BTHelpNotifier.exe
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -onlytray
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [WMAAD] c:\program files\sony\walkman launcher\WMAAD.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\jon\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt home hub\help\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\program files\titan poker\casino.exe
IE: {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - c:\program files\bet365mpp\MPPoker.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144313713062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\s99dmi69.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-3-4 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-3-4 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-3-4 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-3-4 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-3-4 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-3-4 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-3-4 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-3-4 4960]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-6-21 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2007-6-21 67760]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-9-4 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-11-2 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-11-2 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-11-2 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-11-2 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-11-2 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-11-2 90800]

=============== Created Last 30 ================

2009-05-13 01:49 <DIR> a-dshr-- C:\cmdcons
2009-05-13 01:44 161,792 a------- c:\windows\SWREG.exe
2009-05-13 01:44 98,816 a------- c:\windows\sed.exe
2009-05-11 22:38 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-25 17:25 <DIR> --d----- c:\program files\Veetle
2009-04-17 22:06 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 22:06 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-06 15:00 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 09:14 668,160 a------- c:\windows\system32\wininet.dll
2009-02-20 09:14 81,920 a------- c:\windows\system32\ieencode.dll
2008-03-09 21:35 37,152 a------- c:\docume~1\jon\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 2:09:26.98 ===============

Attached Files



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 13 May 2009 - 08:43 AM

Well sone gonch19. :thumbup2:

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Removal Instructions
  • I see on your log that PartyPoker is installed on your computer:

    This program is known to be related to adware/spyware. More information here: http://www.bleepingcomputer.com/uninstall/...PartyPoker.html
    http://www.spywaredata.com/spyware/threat_...OKER/result.php
    http://research.sunbelt-software.com/threa...;threatid=44086
    To uninstall it:
    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Programs and Features" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    PartyPoker

    Also remove the folder in bold: C:\Program Files\PartyGaming

  • Go to start > Run copy/paste the following line in the run box and click OK.

    cmd /c reg delete "HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{de8cae16-db4c-11dc-bf72-00a0d13474fc}" /f

    A window flashes, this is normal.

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



#7 gonch19

gonch19
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 14 May 2009 - 10:15 PM

Hi farbar,

Really appreciate your help so far :-)

Below is the log you requested. Do you believe the brontok has been removed or are there further steps to take?

Thanks again.

Malwarebytes' Anti-Malware 1.36
Database version: 2132
Windows 5.1.2600 Service Pack 2

15/05/2009 04:08:24
mbam-log-2009-05-15 (04-08-24).txt

Scan type: Quick Scan
Objects scanned: 86498
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 gonch19

gonch19
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 14 May 2009 - 10:33 PM

One further thing - after that MBAM log restarted my computer, my AVG anti-virus scanner (which starts automatically on computer start-up) recorded the following viruses and actions:

C:\WINDOWS\system32\kernel32.dll - Status: changed
C:\WINDOWS\system32\shell32.dll - Status: changed
C:\WINDOWS\system32\ntoskrnl.exe - Status: changed
C:\WINDOWS\system32\drivers\etc\hosts - Status: changed

My virus protection is still listed as 'off' after disabling it previously during this process.

Please advise. Thanks.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 15 May 2009 - 04:41 AM

Hi gonch19,


AVG 7 is outdated. You need protection from an updated Antivirus.

Visit http://free.avg.com/download?prd=afe to download AVG 8 setup file to your desktop. Don't install it yet.
  • Go to Add/Remove programs and uninstall AVG 7.5
  • Reboot.
  • Double click the downloaded setup file to Install AVG 8 then update it.
  • On the left side click Computer scanner and select Scan whole computer.
  • When the scan finished under Result Overview tap at the end of scan result click Export overview to file
  • Select File Type: All files Name:scan.txt and save it on your desktop.
  • Under Warnings tap press Remove all unhealed infections. Then close the application.
  • Copy/paste the content of scan.txt located on your desktop to your reply.


#10 gonch19

gonch19
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 15 May 2009 - 10:52 AM

Hi farbar,

Thanks again.

I followed your instructions and here is the c&p of the scan:

"Scan ""Scan whole computer"" was finished."
"Infections";"2";"2";"0"
"Spyware";"12";"12";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"15 May 2009, 15:09:55"
"Scan finished:";"15 May 2009, 16:17:26 (1 hour(s) 7 minute(s) 30 second(s))"
"Total object scanned:";"499850"
"User who launched the scan:";"Jon"

"Infections"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{518908C5-9867-4856-B1E5-1214822480A6}\RP1\A0000011.exe";"Trojan horse FakeAlert.KG";"Moved to Virus Vault"
"C:\System Volume Information\_restore{518908C5-9867-4856-B1E5-1214822480A6}\RP1\A0000016.exe";"Trojan horse Downloader.Zlob.ALJA";"Moved to Virus Vault"

"Spyware"
"File";"Infection";"Result"
"C:\Documents and Settings\Jon\Desktop\Registration Documents\aresregular208_installer.exe";"Potentially harmful program HackTool.GVQ";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Desktop\Registration Documents\aresregular208_installer.exe:\$JF\TcpIpPatcherDll.dll";"Potentially harmful program HackTool.GVQ";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Desktop\Registration Documents\SetupPoker.exe";"Adware Generic.PLJ";"Moved to Virus Vault"
"C:\Program Files\Ares\TcpIpPatcherDll.dll";"Potentially harmful program HackTool.GVQ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{518908C5-9867-4856-B1E5-1214822480A6}\RP4\A0000460.exe";"Potentially harmful program HackTool.GVQ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{518908C5-9867-4856-B1E5-1214822480A6}\RP4\A0000460.exe:\$JF\TcpIpPatcherDll.dll";"Potentially harmful program HackTool.GVQ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{518908C5-9867-4856-B1E5-1214822480A6}\RP4\A0000461.exe";"Adware Generic.PLJ";"Moved to Virus Vault"
"C:\System Volume Information\_restore{518908C5-9867-4856-B1E5-1214822480A6}\RP4\A0000462.dll";"Potentially harmful program HackTool.GVQ";"Moved to Virus Vault"
"C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe";"Potentially harmful program Dialer.CCA.dropper";"Moved to Virus Vault"
"C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe:\_Setup.cab:\webcontrol\btwebcontrol.dll";"Potentially harmful program Dialer.CCA";"Moved to Virus Vault"
"C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe:\webcontrol\btwebcontrol.dll";"Potentially harmful program Dialer.CCA";"Moved to Virus Vault"
"C:\WINDOWS\Titan Poker setup.exe";"Adware Generic.PLJ";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.9fa007aa";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@adbrite[2].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@advertising[1].txt";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@euroclick[1].txt";"Found Tracking cookie.Euroclick";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@euroclick[1].txt:\euroclick.com.11d3633a";"Found Tracking cookie.Euroclick";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@euroclick[1].txt:\euroclick.com.87cecae8";"Found Tracking cookie.Euroclick";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@euroclick[1].txt:\euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@searchportal.information[1].txt";"Found Tracking cookie.Information";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@searchportal.information[1].txt:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@searchportal.information[1].txt:\searchportal.information.com.44e78b2";"Found Tracking cookie.Information";"Moved to Virus Vault"
"C:\Documents and Settings\Jon\Cookies\jon@searchportal.information[1].txt:\searchportal.information.com.90670b1c";"Found Tracking cookie.Information";"Moved to Virus Vault"

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 15 May 2009 - 12:09 PM

Well done. :thumbup2:
  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
    -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
    -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

  • Please copy and paste a fresh Hijackthis log to your reply and tell me how is your computer running.


#12 gonch19

gonch19
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 16 May 2009 - 12:09 PM

Hi farbar,

Once again thanks for all your help. I installed Java as you requested. Here are the new logs you asked for:

Please let me know how to your thoughts on how to go forward.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Jon at 18:02:53.45 on 16/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.174 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Jon\Desktop\Anti-Virus Shizzle\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Motive SmartBridge] c:\progra~1\bthome~1\help\smartb~1\BTHelpNotifier.exe
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -onlytray
mRun: [WMAAD] c:\program files\sony\walkman launcher\WMAAD.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jon\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt home hub\help\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\program files\titan poker\casino.exe
IE: {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - c:\program files\bet365mpp\MPPoker.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144313713062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\s99dmi69.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-15 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-15 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-15 298776]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-6-21 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2007-6-21 67760]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-9-4 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-11-2 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-11-2 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-11-2 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-11-2 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-11-2 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-11-2 90800]

=============== Created Last 30 ================

2009-05-16 17:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-16 17:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-15 15:15 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-15 15:03 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-15 15:03 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-15 15:03 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-15 15:03 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-15 15:03 <DIR> --d----- c:\program files\AVG
2009-05-15 15:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-15 03:58 <DIR> --d----- c:\docume~1\jon\applic~1\Malwarebytes
2009-05-15 03:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-15 03:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 03:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-15 03:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-13 01:49 <DIR> a-dshr-- C:\cmdcons
2009-05-13 01:44 161,792 a------- c:\windows\SWREG.exe
2009-05-13 01:44 98,816 a------- c:\windows\sed.exe
2009-05-11 22:38 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-25 17:25 <DIR> --d----- c:\program files\Veetle
2009-04-17 22:06 1,193,414 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 22:06 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-06 15:00 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 09:14 668,160 a------- c:\windows\system32\wininet.dll
2009-02-20 09:14 81,920 a------- c:\windows\system32\ieencode.dll
2008-03-09 21:35 37,152 a------- c:\docume~1\jon\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 18:03:42.42 ===============

Attached Files



#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 16 May 2009 - 02:16 PM

Good, how is your computer running?

#14 gonch19

gonch19
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 16 May 2009 - 09:33 PM

Hi farbar,

Thanks very much.

It seems to be running a bit better now yes. I am not getting those popups about the virus now. Do you believe the virus has been deleted properly?

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 17 May 2009 - 05:30 AM

Everything looks good.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    Combo-Fix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

  • Please run OTListIt2.
  • Click Clean Up button.
  • Accept any prompts.
  • This will remove any tools we used, including OTListIt2, and will require a reboot.


Optional Recommendations:
  • Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:
    Sunbelt-Kerio
    Online Armor Free edition

  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has released Service Pack 3 which has more features and is more secure than Service Pack 2.

    Also I recommend updating to Internet explorer 7 as it has more functionality and is much safer.

    You can update by going to start > All Programs > Windows update > click on Custom button.

    Note: Download Service Pack 3 but before installing it disable your antivirus real-time protection.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • Install Javacools© SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link.

  • The rule of thumb: One AntiVirus with real-time protection, one firewall (other than Windows firewall) and one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with Windows.

Please let me know Combofix uninstalled properly.

Happy Surfing!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users