Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Logfile; Problems with redirections to Google Ads 2 & WellAction


  • This topic is locked This topic is locked
31 replies to this topic

#1 Evertonized

Evertonized

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 22 March 2010 - 09:35 AM

Hi,

I keep getting redirected from Google to a place called Google Ads 2 & also redirecting to a site called WellAction. Also this affects all my computers, is this because we are on a wireless network? Will I have to sort out each one individually or could I do it all in one go?

Thanks x

--

InfeLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:33, on 22/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: apps.facebook.com
O15 - Trusted Zone: *.teenarea.co.uk
O15 - Trusted Zone: *.teenhits.co.uk
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c9c51c41c5ad80) (gupdate1c9c51c41c5ad80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 11153 bytes

Edited by boopme, 22 March 2010 - 10:19 AM.
Moved to Virus,Trojans,Spyware and Malware removal Logs~~boopme


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:13 AM

Posted 25 March 2010 - 09:27 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Evertonized

Evertonized
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 26 March 2010 - 06:37 PM

Hi, Yep I'm still here, thanks for your assistance smile.gif

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:13 AM

Posted 26 March 2010 - 06:46 PM

Okay, we have to do one PC at a time just to keep it less confusing.

Redirections are usually going to be down to a rootkit so we should scan for that, and then please do a DDS log - like HijackThis but more detailed.
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 Evertonized

Evertonized
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 27 March 2010 - 04:07 PM

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by ElxAdmin at 21:04:51.82 on 27/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1155 [GMT 0:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Documents and Settings\ElxAdmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\steam.exe
C:\Documents and Settings\ElxAdmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe -k getPlusHelper
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\ElxAdmin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Google Update] "c:\documents and settings\elxadmin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: facebook.com\apps
Trusted Zone: teenarea.co.uk
Trusted Zone: teenhits.co.uk
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\elxadmin\applic~1\mozilla\firefox\profiles\99zkxbg1.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\elxadmin\application data\mozilla\firefox\profiles\99zkxbg1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\elxadmin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\windows\microsoft.net\framework\v4.0.20506\wpf\NPWPF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v4.0.20506\wpf\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-5 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-12-27 30280]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-28 13696]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-12-27 6348496]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s --> c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-23 942416]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-12-27 52832]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2010-3-23 352256]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2010-3-23 33792]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s --> c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s [?]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-12-27 24368]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\microsoft.net\framework\v4.0.20506\mscorsvw.exe [2009-5-6 104272]

=============== Created Last 30 ================

2010-03-25 22:09:14 0 d-----w- C:\Games
2010-03-25 18:24:18 0 d-----w- c:\docume~1\elxadmin\applic~1\Ubisoft
2010-03-25 18:05:38 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-25 18:05:38 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-23 17:29:26 0 d-----w- c:\windows\usb-audio.deBehringer2902
2010-03-23 17:27:35 352256 ----a-w- c:\windows\system32\drivers\BUSB2902.sys
2010-03-23 17:27:35 33792 ----a-w- c:\windows\system32\drivers\busbwdm.sys
2010-03-23 17:06:39 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-23 17:06:39 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-16 23:10:57 0 d-----w- c:\program files\common files\DirectX
2010-03-16 22:49:47 0 d-----w- c:\program files\Codemasters
2010-03-15 22:10:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 10:17:09 0 d-----w- C:\TempDump
2010-03-06 23:43:07 0 d-----w- c:\windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP
2010-03-02 16:24:10 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-03-24 16:39:44 22876 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-24 12:53:04 53160 ----a-w- c:\windows\system32\PxSecure.dll
2010-03-24 12:52:15 52832 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-03-24 12:52:15 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-03-24 12:52:14 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-03-21 11:31:04 27944 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 00:07:45 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2010-01-06 16:12:30 52812 ----a-w- c:\windows\fonts\Helvetica.ttf
2008-09-17 00:08:51 65686 -c--a-w- c:\program files\Photoshop CS4 Read Me.pdf
2008-09-11 16:49:27 108336 -c--a-w- c:\program files\Photoshop CS4 — Lisez-moi.pdf
2008-09-11 16:47:51 103148 -c--a-w- c:\program files\Léame de Photoshop CS4.pdf
2007-11-16 12:47:07 266 ---h--w- c:\program files\desktop.ini
2007-11-16 12:47:07 11079 -c-h--w- c:\program files\folder.htt
2007-07-20 01:19:00 855886 -c--a-w- c:\program files\AUG2007_d3dx10_35_x64.cab
2007-07-20 01:19:00 800467 -c--a-w- c:\program files\AUG2007_d3dx10_35_x86.cab
2007-07-20 01:19:00 1803760 -c--a-w- c:\program files\AUG2007_d3dx9_35_x64.cab
2007-07-20 01:18:58 201696 -c--a-w- c:\program files\AUG2007_XACT_x64.cab
2007-07-20 01:18:56 44684 -c--a-w- c:\program files\dxdllreg_x86.cab
2007-07-20 01:18:56 1711752 -c--a-w- c:\program files\AUG2007_d3dx9_35_x86.cab
2007-07-20 01:18:56 156612 -c--a-w- c:\program files\AUG2007_XACT_x86.cab

============= FINISH: 21:05:20.78 ===============


#6 Evertonized

Evertonized
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 28 March 2010 - 06:21 AM

Hi,

I've tried scanning GMER, it takes about 3 hours and then once it's finished the whole computer just freezes. I can click copy but then can't open a notepad etc to copy it into

Is this normal? Is there a way past it?

Thanks

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:13 AM

Posted 28 March 2010 - 06:57 AM

Gmer might be struggling with the infection. Don't worry. smile.gif

Let's run Combofix to hook out the redirector

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#8 Evertonized

Evertonized
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 28 March 2010 - 03:27 PM

Hi,

Thanks for your assistance, here's the log

Combo Fix Log
ComboFix 10-03-28.01 - ElxAdmin 28/03/2010 21:06:19.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2047.1347 [GMT 1:00]
Running from: c:\documents and settings\ElxAdmin\Desktop\comfix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\windows\system32\_004630_.tmp.dll
c:\windows\system32\_004631_.tmp.dll
c:\windows\system32\_004632_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004638_.tmp.dll
c:\windows\system32\_004639_.tmp.dll
c:\windows\system32\_004640_.tmp.dll
c:\windows\system32\_004641_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_004643_.tmp.dll
c:\windows\system32\_004644_.tmp.dll
c:\windows\system32\_004645_.tmp.dll
c:\windows\system32\_004646_.tmp.dll
c:\windows\system32\_004647_.tmp.dll
c:\windows\system32\_004649_.tmp.dll
c:\windows\system32\_004650_.tmp.dll
c:\windows\system32\_004652_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004654_.tmp.dll
c:\windows\system32\_004656_.tmp.dll
c:\windows\system32\_004659_.tmp.dll
c:\windows\system32\_004660_.tmp.dll
c:\windows\system32\_004662_.tmp.dll
c:\windows\system32\_004663_.tmp.dll
c:\windows\system32\_004664_.tmp.dll
c:\windows\system32\_004665_.tmp.dll
c:\windows\system32\_004666_.tmp.dll
c:\windows\system32\_004667_.tmp.dll
c:\windows\system32\_004669_.tmp.dll
c:\windows\system32\_004670_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004672_.tmp.dll
c:\windows\system32\_004673_.tmp.dll
c:\windows\system32\_004674_.tmp.dll
c:\windows\system32\_004675_.tmp.dll
c:\windows\system32\_004676_.tmp.dll
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004682_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004685_.tmp.dll
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004694_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004702_.tmp.dll
c:\windows\system32\_004703_.tmp.dll
c:\windows\system32\_004705_.tmp.dll
c:\windows\system32\_004708_.tmp.dll
c:\windows\system32\_004710_.tmp.dll
c:\windows\system32\_004711_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004716_.tmp.dll
c:\windows\system32\_004717_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004725_.tmp.dll
c:\windows\system32\_004727_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\Data
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 07:52 . 2010-03-28 12:30 53160 ----a-w- c:\windows\system32\PxSecure.dll
2010-03-25 22:09 . 2010-03-25 22:09 -------- d-----w- C:\Games
2010-03-25 18:24 . 2010-03-25 18:24 -------- d-----w- c:\documents and settings\ElxAdmin\Application Data\Ubisoft
2010-03-25 18:05 . 2010-03-25 18:05 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-25 18:05 . 2010-03-25 18:05 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-25 17:38 . 2010-03-25 17:38 -------- d-----w- c:\program files\Ubisoft
2010-03-24 16:49 . 2010-03-24 16:49 0 ----a-w- c:\windows\nsreg.dat
2010-03-24 16:49 . 2010-03-24 16:49 -------- d-----w- c:\documents and settings\ElxAdmin\Local Settings\Application Data\Mozilla
2010-03-23 17:29 . 2010-03-23 17:29 -------- d-----w- c:\windows\usb-audio.deBehringer2902
2010-03-23 17:27 . 2008-07-30 17:20 352256 ----a-w- c:\windows\system32\drivers\BUSB2902.sys
2010-03-23 17:27 . 2008-07-30 17:20 33792 ----a-w- c:\windows\system32\drivers\busbwdm.sys
2010-03-23 17:06 . 2004-08-03 23:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-23 17:06 . 2004-08-03 23:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-16 23:10 . 2010-03-16 23:10 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-16 22:49 . 2010-03-16 22:49 -------- d-----w- c:\program files\Codemasters
2010-03-15 22:10 . 2010-03-15 22:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-15 10:17 . 2010-03-15 10:17 -------- d-----w- C:\TempDump
2010-03-06 23:43 . 2010-03-06 23:43 -------- d-----w- c:\windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP
2010-03-02 16:24 . 2010-03-02 16:24 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 13:10 . 2007-10-26 14:40 -------- d-----w- c:\documents and settings\ElxAdmin\Application Data\Skype
2010-03-28 12:54 . 2008-11-23 18:31 -------- d-----w- c:\documents and settings\ElxAdmin\Application Data\skypePM
2010-03-28 12:29 . 2009-12-27 20:37 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-03-28 12:29 . 2009-12-27 20:37 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-03-28 12:29 . 2009-12-27 20:37 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-03-28 12:29 . 2009-12-27 20:37 -------- d-----w- c:\program files\Prevx
2010-03-28 12:28 . 2010-01-13 19:42 926552 ----a-w- c:\documents and settings\All Users\Application Data\PrevxCSI\~PrevxCSIUpdate.exe
2010-03-28 12:28 . 2009-12-27 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-03-27 22:57 . 2009-10-29 00:49 -------- d-----w- c:\program files\Steam
2010-03-27 21:30 . 2009-08-09 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-27 20:59 . 2010-03-27 20:59 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-25 17:38 . 2007-05-04 08:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 21:44 . 2009-01-08 14:46 -------- d-----w- c:\program files\Google
2010-03-24 16:46 . 2009-04-28 20:33 -------- d-----w- c:\program files\Opera
2010-03-24 16:39 . 2010-01-05 14:41 22876 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-21 19:55 . 2010-03-21 19:55 439816 ----a-w- c:\documents and settings\ElxAdmin\Application Data\Real\Update\setup3.10\setup.exe
2010-03-21 11:31 . 2008-03-11 22:25 27944 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-20 21:41 . 2008-09-20 10:53 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-03-20 21:35 . 2007-10-10 11:26 -------- d-----w- c:\program files\Electronic Arts
2010-03-20 21:32 . 2009-06-01 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-15 22:12 . 2010-03-15 22:12 503808 ----a-w- c:\documents and settings\ElxAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20c7aa59-n\msvcp71.dll
2010-03-15 22:12 . 2010-03-15 22:12 499712 ----a-w- c:\documents and settings\ElxAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20c7aa59-n\jmc.dll
2010-03-15 22:12 . 2010-03-15 22:12 348160 ----a-w- c:\documents and settings\ElxAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20c7aa59-n\msvcr71.dll
2010-03-15 22:11 . 2010-03-15 22:11 61440 ----a-w- c:\documents and settings\ElxAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-64abe85e-n\decora-sse.dll
2010-03-15 22:11 . 2010-03-15 22:11 12800 ----a-w- c:\documents and settings\ElxAdmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-64abe85e-n\decora-d3d.dll
2010-03-15 22:11 . 2007-09-29 19:13 -------- d-----w- c:\program files\Common Files\Java
2010-03-12 00:22 . 2007-10-03 12:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-06 23:43 . 2009-09-02 22:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 18:28 . 2007-10-08 13:20 356344 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-28 00:07 . 2008-09-20 10:53 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2010-01-27 21:13 . 2010-01-27 21:13 -------- d-----w- c:\program files\TomTom International B.V
2010-01-27 21:13 . 2008-04-10 17:17 -------- d-----w- c:\program files\TomTom HOME 2
2010-01-27 21:10 . 2010-01-27 21:10 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-12-31 14:05 . 2009-12-31 14:05 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2008-09-17 00:08 . 2008-12-05 02:49 65686 -c--a-w- c:\program files\Photoshop CS4 Read Me.pdf
2008-09-11 16:49 . 2008-12-05 02:49 108336 -c--a-w- c:\program files\Photoshop CS4 — Lisez-moi.pdf
2008-09-11 16:47 . 2008-12-05 02:49 103148 -c--a-w- c:\program files\Léame de Photoshop CS4.pdf
2007-11-16 12:47 . 2007-09-29 19:20 11079 -c-h--w- c:\program files\folder.htt
2007-07-20 01:19 . 2007-07-20 01:19 855886 -c--a-w- c:\program files\AUG2007_d3dx10_35_x64.cab
2007-07-20 01:19 . 2007-07-20 01:19 800467 -c--a-w- c:\program files\AUG2007_d3dx10_35_x86.cab
2007-07-20 01:19 . 2007-07-20 01:19 1803760 -c--a-w- c:\program files\AUG2007_d3dx9_35_x64.cab
2007-07-20 01:18 . 2007-07-20 01:18 201696 -c--a-w- c:\program files\AUG2007_XACT_x64.cab
2007-07-20 01:18 . 2007-07-20 01:18 44684 -c--a-w- c:\program files\dxdllreg_x86.cab
2007-07-20 01:18 . 2007-07-20 01:18 1711752 -c--a-w- c:\program files\AUG2007_d3dx9_35_x86.cab
2007-07-20 01:18 . 2007-07-20 01:18 156612 -c--a-w- c:\program files\AUG2007_XACT_x86.cab
2007-09-23 10:07 . 2007-09-23 10:03 24 --sh--w- c:\windows\S9A59EC5B.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Google Update"="c:\documents and settings\ElxAdmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-02 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-01-23 08:44 507224 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 12:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Calendar]
2008-01-27 20:42 2670080 ----a-w- c:\program files\Desksware\Desktop iCal\Calendar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 16:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
2003-07-22 11:04 476160 ----a-w- c:\program files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-12-14 17:57 458752 -c--a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-12-14 17:51 217088 -c--a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-12-14 17:19 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 14:19 92168 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-20 22:03 1217872 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-02 14:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-05-06 08:42 202088 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"AVGEMS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMReporter\\SAMReporter.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2010\\fm.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\railworks\\RailWorks.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"10243:UDP"= 10243:UDP:Windows Media Connect
"10280:TCP"= 10280:TCP:Windows Media Connect
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05/09/2009 19:26 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [27/12/2009 21:37 30280]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28/03/2009 14:54 13696]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [27/12/2009 21:37 6349008]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/01/2009 09:44 942416]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [27/12/2009 21:37 53088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [23/03/2010 18:27 352256]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [23/03/2010 18:27 33792]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [27/12/2009 21:37 24368]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [06/05/2009 10:08 104272]
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-23 08:44]

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1711378455-2903282622-2712230534-1004Core.job
- c:\documents and settings\ElxAdmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 12:22]

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1711378455-2903282622-2712230534-1004UA.job
- c:\documents and settings\ElxAdmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: facebook.com\apps
Trusted Zone: teenarea.co.uk
Trusted Zone: teenhits.co.uk
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\documents and settings\ElxAdmin\Application Data\Mozilla\Firefox\Profiles\99zkxbg1.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\ElxAdmin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)
MSConfigStartUp-FaxCenterServer - c:\program files\\Lexmark Fax Solutions\fm3032.exe
MSConfigStartUp-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
MSConfigStartUp-lxdiamon - c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
MSConfigStartUp-lxdimon - c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
AddRemove-Adobe Photoshop 7.0 - c:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-Bus-Simulator 2008 Bonus-Pack 2 (inkl. BP1+Patch 1-3)_is1 - c:\program files\Bus-Simulator 2008\unins000.exe
AddRemove-SAM3 - c:\program files\SpacialAudio\SAMBC\uninstall.exe
AddRemove-sxejo - c:\documents and settings\elxadmin\local settings\application data\sxejo.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 21:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1711378455-2903282622-2712230534-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1711378455-2903282622-2712230534-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,d1,86,17,b2,32,5a,92,c9,34,d0,1a,f5,2b,52,76,f0,69,13,3d,cc,ae,1d,
80,6d,6d,22,ad,23,1b,83,30,ef,33,ef,78,11,82,a1,73,0f,ee,b9,91,ba,fd,f5,07,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1711378455-2903282622-2712230534-1004\Software\SecuROM\License information*]
"datasecu"=hex:49,ce,17,3a,6c,26,be,bc,94,e4,68,2e,8f,08,e7,9f,78,c1,71,75,c0,
32,10,53,aa,c8,bb,99,a8,25,ba,7d,7e,28,49,f4,42,b2,71,c1,34,a3,b4,7a,aa,23,\
"rkeysecu"=hex:ee,41,a7,87,20,57,9b,4a,3d,15,67,10,a5,e3,23,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2476)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\ElxAdmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-28 21:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-28 20:25
ComboFix2.txt 2009-01-21 18:42

Pre-Run: 177,210,421,248 bytes free
Post-Run: 178,665,480,192 bytes free

- - End Of File - - 86EFFF496A07E18BD4A89BEA39D919E7


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:13 AM

Posted 28 March 2010 - 03:45 PM

Okay, that's good. Has the redirection problem gone now?

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found there will be no option to export the text file as no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:13 AM

Posted 31 March 2010 - 05:18 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#11 Evertonized

Evertonized
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 01 April 2010 - 07:12 AM

Hi,

Sorry TalkTalk has been maintaining my internet in my area so I haven't been able to come online at all. I've tried the link you provided, but it keeps saying page not found. and there is no link the EXE file, what should I do?


Thanks Again



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:13 AM

Posted 01 April 2010 - 09:19 AM

ESET seems to be unreachable by quite a few people lately.

Can you run BitDefender instead?

Please run a BitDefender QuickScan
  • Click Start Scanner
  • Click Start Scan

    If you are running Firefox you should accept the installation of the Plug-in and restart Firefox
    If you are running Internet Explorer then allow the ActiveX control to install when prompted.


  • Click Start Scan
  • Check the I ACCEPT box on the EULA and click OK
When the scan has finished, it should take about a minute, click View Log and copy and paste the log into your next reply.
Posted Image
m0le is a proud member of UNITE

#13 Evertonized

Evertonized
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 01 April 2010 - 06:10 PM

Hi,

Scan's worked thanks, log below


QuickScan Beta 32-bit v0.9.9.15
-------------------------------

Scan date: Fri Apr 02 00:05:41 2010
Machine ID: 10A8B79D



No infection found.
---------------------



Processes
---------
<unsigned> ActiveArmor Firewall 236 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
<unsigned> Apache HTTP Server 1968 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
<unsigned> Apache HTTP Server 1752 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
<unsigned> BTNtService.exe 1516 C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
<unsigned> Firebird SQL Server 1736 C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
<unsigned> Firebird SQL Server 1780 C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
<unsigned> Last.fm 3152 C:\Program Files\Last.fm\LastFM.exe
<unsigned> Network Access Manager 1908 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
<unsigned> RocketDock.exe 3976 C:\Program Files\RocketDock\RocketDock.exe
<unsigned> winampa.exe 3904 C:\Program Files\Winamp\winampa.exe

<verified> Ad-Aware Service Application 1108 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
<verified> Ad-Aware Tray Application 2656 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
<verified> Apple Mobile Device Service 1496 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> Bonjour 1548 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> Firefox 1388 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Google Update 4088 C:\Documents and Settings\ElxAdmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
<verified> iTunes 3252 C:\Program Files\iPod\bin\iPodService.exe
<verified> iTunes 3936 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U18 1840 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Microsoft® Windows® Operating System 552 C:\Program Files\Windows Media Player\WMPNetwk.exe
<verified> Microsoft® Windows® Operating System 3720 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2192 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 4004 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 640 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 3884 C:\WINDOWS\system32\rundll32.exe
<verified> Microsoft® Windows® Operating System 3912 C:\WINDOWS\system32\RUNDLL32.EXE
<verified> Microsoft® Windows® Operating System 628 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 480 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1268 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1572 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1820 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 364 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 860 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 928 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1976 C:\WINDOWS\system32\wbem\unsecapp.exe
<verified> Microsoft® Windows® Operating System 2080 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 580 C:\WINDOWS\system32\winlogon.exe
<verified> NVIDIA Driver Helper Service, Version 1 1928 C:\WINDOWS\system32\nvsvc32.exe
<verified> Prevx 3.0 3408 C:\Program Files\Prevx\prevx.exe
<verified> Prevx 3.0 1648 C:\Program Files\Prevx\prevx.exe
<verified> RealPlayer (32-bit) 3944 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Realtek HD Audio Sound Effect Manager 3808 C:\WINDOWS\RTHDCPL.EXE
<verified> TomTom HOME 3984 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
<verified> TomTom HOME 408 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
<verified> Winamp 2768 C:\Program Files\Winamp\winamp.exe
<verified> Windows Live Communications Platform 2352 C:\Program Files\Windows Live\Contacts\wlcomm.exe
<verified> Windows Live Messenger 3112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe


Network activity
----------------
Process firefox.exe (1388) connected on port 80 (HTTP) - 65.55.40.151
Process firefox.exe (1388) connected on port 443 (HTTP over SSL) - 74.125.113.97
Process firefox.exe (1388) connected on port 80 (HTTP) - 72.247.238.201
Process firefox.exe (1388) connected on port 80 (HTTP) - 72.247.238.176
Process firefox.exe (1388) connected on port 80 (HTTP) - 64.12.97.12
Process firefox.exe (1388) connected on port 80 (HTTP) - 65.55.40.151
Process firefox.exe (1388) connected on port 443 (HTTP over SSL) - 74.125.113.97
Process firefox.exe (1388) connected on port 80 (HTTP) - 65.55.15.242
Process firefox.exe (1388) connected on port 80 (HTTP) - 72.247.238.201
Process firefox.exe (1388) connected on port 80 (HTTP) - 173.194.8.28
Process firefox.exe (1388) connected on port 80 (HTTP) - 65.55.15.242
Process firefox.exe (1388) connected on port 80 (HTTP) - 207.46.120.46
Process firefox.exe (1388) connected on port 80 (HTTP) - 65.55.149.123
Process firefox.exe (1388) connected on port 80 (HTTP) - 65.55.15.244
Process firefox.exe (1388) connected on port 80 (HTTP) - 199.7.71.190
Process firefox.exe (1388) connected on port 80 (HTTP) - 199.7.48.190
Process firefox.exe (1388) connected on port 80 (HTTP) - 65.55.40.151
Process firefox.exe (1388) connected on port 80 (HTTP) - 83.138.179.75
Process firefox.exe (1388) connected on port 80 (HTTP) - 74.125.67.113
Process msnmsgr.exe (3112) connected on port 80 (HTTP) - by2msg4020215.phx.gbl

Process svchost.exe (860) listens on ports: 135 (RPC)
Process svchost.exe (1060) listens on ports: 2869 (SSDP event notification, UPNP)
Process apache.exe (1752) listens on ports: 3476
Process fbserver.exe (1780) listens on ports: 3050 (Interbase DB)


Autoruns and critical files
---------------------------
<unsigned> QuickTime C:\Program Files\QuickTime\qttask.exe
<unsigned> RocketDock.exe C:\Program Files\RocketDock\RocketDock.exe
<unsigned> winampa.exe C:\Program Files\Winamp\winampa.exe

<verified> Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> Google Update C:\Documents and Settings\ElxAdmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\bthprops.cpl
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
<verified> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
<verified> NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
<verified> nwiz.exe C:\WINDOWS\system32\nwiz.exe
<verified> RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
<verified> TomTom HOME C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<unsigned> Epson Easy Photo Print (TBL) c:\program files\epson software\easy photo print\eptbl.dll
<unsigned> EPSON Web-To-Page c:\program files\epson\epson web-to-page\epson web-to-page.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> Bebo Uploader C:\WINDOWS\Downloaded Program Files\BeboUploader.ocx
<verified> BitDefender QuickScan C:\Documents and Settings\ElxAdmin\Application Data\Mozilla\Firefox\Profiles\99zkxbg1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\ElxAdmin\Application Data\Mozilla\Firefox\Profiles\99zkxbg1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified> DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-gb.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified> sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
<verified> Skype add-on for IE c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
referenced in: HLKM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0\"Path"

File not found: C:\Program Files\Yahoo!\Common\npyaxmpb.dll
referenced in: HLKM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\"Path"

File not found: C:\WINDOWS\System32\Machnm32.sys
referenced in: HKLM\System\ControlSet001\services\Machnm32\"ImagePath"

File not found: C:\WINDOWS\System32\appmgmts.dll
referenced in: HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\comfix\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: D:\INSTALL\GMSIPCI.SYS
referenced in: HKLM\System\ControlSet001\services\GMSIPCI\"ImagePath"


Scan
----
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: 1cf03c69b49acb70c722df92755c0c8c C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
<unsigned> MD5: 25458754a29fd491c9a07ec5de714a72 C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<unsigned> MD5: ea3329e06d7c794b788ceada90ab7000 c:\program files\epson software\easy photo print\eptbl.dll
<unsigned> MD5: 01319cf4030b3740ba8261e7024acad1 c:\program files\epson\epson web-to-page\epson web-to-page.dll
<unsigned> MD5: ebaebb3ee3fedf85e5974040dbfba609 C:\Program Files\Firebird\Firebird_1_5\bin\fbclient.dll
<unsigned> MD5: 3374fdddaa9d2a449dd19c0587d9d5e5 C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
<unsigned> MD5: 267ef211ed4c53464cb547b09a45ef50 C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
<unsigned> MD5: cb21d826d9c39aed19dd431c1880f5de C:\Program Files\Firebird\Firebird_1_5\bin\msvcp60.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 55f24e6ec983fcc7510293b05a27ceec C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
<unsigned> MD5: 78a033933af2cac043a445ff1db876b8 C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: 91b74b8174178d36e72602b1c61eb8e8 C:\Program Files\Last.fm\breakpad.dll
<unsigned> MD5: e9ebf34d2c77df6db0bdcd6c1cd3c054 C:\Program Files\Last.fm\ext_messengernotify.dll
<unsigned> MD5: b1ff0b10c53c244a6e02c4a5a1b09ea9 C:\Program Files\Last.fm\ext_skypenotify.dll
<unsigned> MD5: a4c3b8774098ce432eedd70d9b4a4c62 C:\Program Files\Last.fm\imageformats\qgif4.dll
<unsigned> MD5: 304d8a289d246822dce4ce15da2f6f4c C:\Program Files\Last.fm\imageformats\qjpeg4.dll
<unsigned> MD5: efce9d5f818531680289356155e97ab2 C:\Program Files\Last.fm\imageformats\qmng4.dll
<unsigned> MD5: 353837c897350fb7ae3fbe18c9a5cad6 C:\Program Files\Last.fm\LastFM.exe
<unsigned> MD5: 885e73784fe7509f72d605b62a0d8394 C:\Program Files\Last.fm\LastFmFingerprint1.dll
<unsigned> MD5: 4a5a49949b2a4b9154d9c31f5e1c1b9d C:\Program Files\Last.fm\LastFmTools1.dll
<unsigned> MD5: 9b24ef636d2dea8f55dbd443251bdecf C:\Program Files\Last.fm\libfftw3f-3.dll
<unsigned> MD5: 4c8a880eabc0b4d462cc4b2472116ea1 C:\Program Files\Last.fm\Microsoft.VC80.CRT\msvcp80.dll
<unsigned> MD5: e4fece18310e23b1d8fee993e35e7a6f C:\Program Files\Last.fm\Microsoft.VC80.CRT\msvcr80.dll
<unsigned> MD5: 4a50310a052412c12fd1dd04f13ee493 C:\Program Files\Last.fm\Moose1.dll
<unsigned> MD5: bbd5f81c6bbc1fb47ec1be6cd03807d2 C:\Program Files\Last.fm\QtCore4.dll
<unsigned> MD5: 99474aee8ca74ef85ec77e446a5d4ab4 C:\Program Files\Last.fm\QtGui4.dll
<unsigned> MD5: f151e8e0c8371dd88c9bfc9f469470ed C:\Program Files\Last.fm\QtNetwork4.dll
<unsigned> MD5: 0dacd51c27d8ecc279479a3354eb7d42 C:\Program Files\Last.fm\QtSql4.dll
<unsigned> MD5: abf7ac83769d1396cacf2659f4fb0f85 C:\Program Files\Last.fm\QtXml4.dll
<unsigned> MD5: 4dc7f4acd7fe15df53a10041cbc2caca C:\Program Files\Last.fm\srv_httpinput.dll
<unsigned> MD5: 2234c0673c6c0211e4f5de15240803ff C:\Program Files\Last.fm\srv_madtranscode.dll
<unsigned> MD5: f7f5f3948ec107e173567e97f9b30d61 C:\Program Files\Last.fm\srv_rtaudioplayback.dll
<unsigned> MD5: 4efaa53c545f4ffb1ee0ed1709c15ea7 C:\Program Files\Last.fm\zlibwapi.dll
<unsigned> MD5: bbad1d9b0694f5e8fe2acb85283cc5fe C:\Program Files\Lavasoft\Ad-Aware\aebb.dll
<unsigned> MD5: 362c15749b2ba559e64d508935e3146c C:\Program Files\Lavasoft\Ad-Aware\aecore.dll
<unsigned> MD5: 87a6c6e3993d3a635f8e7152fc6d1907 C:\Program Files\Lavasoft\Ad-Aware\aeemu.dll
<unsigned> MD5: 63f18a1fd1a6d1069b892ec25280e595 C:\Program Files\Lavasoft\Ad-Aware\aegen.dll
<unsigned> MD5: 83bac707a4b7682201a1eb9766b54ceb C:\Program Files\Lavasoft\Ad-Aware\aehelp.dll
<unsigned> MD5: 8c0ea77695842c6b559e918925f3ce53 C:\Program Files\Lavasoft\Ad-Aware\aeheur.dll
<unsigned> MD5: f2e24228155d496d4b0ee5cfdc3b62fb C:\Program Files\Lavasoft\Ad-Aware\aeoffice.dll
<unsigned> MD5: bc3a6ddc19c4511ca2c37f0938eb8853 C:\Program Files\Lavasoft\Ad-Aware\aepack.dll
<unsigned> MD5: 352c02cd46f42a12635297ab0aa7bfc6 C:\Program Files\Lavasoft\Ad-Aware\aerdl.dll
<unsigned> MD5: f519c10b10d73b2b6b75cfebc5096236 C:\Program Files\Lavasoft\Ad-Aware\aescn.dll
<unsigned> MD5: ab21044752f14aa52f1ea39aafbb7d50 C:\Program Files\Lavasoft\Ad-Aware\aescript.dll
<unsigned> MD5: c9fffd5005f4fe7131df6128e98e3a6a C:\Program Files\Lavasoft\Ad-Aware\aevdf.dll
<unsigned> MD5: ca5d39af61338f6b32ae772a3dd4754c C:\Program Files\Lavasoft\Ad-Aware\avpal.dll
<unsigned> MD5: cf6d9f1a30885e16aed8ff0cf56aeaf2 C:\Program Files\Lavasoft\Ad-Aware\libapr-1.dll
<unsigned> MD5: 1d5433328ed602c52fce588e49b07bba C:\Program Files\Lavasoft\Ad-Aware\libavll.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Lavasoft\Ad-Aware\msvcr71.dll
<unsigned> MD5: a870ee28da8bb3f40d485b6d020f2d2b C:\Program Files\Lavasoft\Ad-Aware\pcre.dll
<unsigned> MD5: 698251d649d99817fec4a8f732598c77 C:\Program Files\Lavasoft\Ad-Aware\savapi3.dll
<unsigned> MD5: a3922cd380f968b898da4bb414c38900 C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
<unsigned> MD5: d0085928913edb25fa306523a14f9a16 C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
<unsigned> MD5: 6256684495c499b22dcdba266e4f2494 C:\Program Files\Messenger Plus! Live\Detoured.dll
<unsigned> MD5: cb7524c21727404bd3140dca32deb7de C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
<unsigned> MD5: a67137616bb9668f46f595ce4c861af4 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: cbf614a2ea4fdae7a45fb98097002f3b C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: cc579e1a88c865c880ce32d8b46c4734 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: b81f8778f5bb485f3b75114f0c99a49f C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
<unsigned> MD5: 005ff09ce9462bfa9002803654d4849f C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll
<unsigned> MD5: 2783e1ec4e115f358f5430b30c6a7923 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll
<unsigned> MD5: 365f65e70f5381162d085e7f6c2eec32 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll
<unsigned> MD5: 38b0b1f97e2dd8afa73d36265a8a9c28 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
<unsigned> MD5: a9a473a7024e043ce5c3a1115e892abe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll
<unsigned> MD5: 32e0da15bf9638038a29df5671b75fb6 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\nv_common.dll
<unsigned> MD5: 40dfd54076168caa1fbc95c1574a34fa C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
<unsigned> MD5: d3aea2f00b256ad5e8ba4d70369058c9 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so
<unsigned> MD5: 0c1304ae6fa935f224cfcfe71c2e53ed C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so
<unsigned> MD5: 60a2f365067028125f4ba35141750aed C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so
<unsigned> MD5: 14a9876b2f4f62c6d482485cb86d87a8 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
<unsigned> MD5: ba73a91f92d7bd1b7577b0ba0f8ff9e7 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so
<unsigned> MD5: b34fb7a0356db0d8300bd637ab215cfe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so
<unsigned> MD5: 08fbb23c474856b47c1159e64d95b6da C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so
<unsigned> MD5: 50f2981213f32d6aa1e2413dcdf42937 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so
<unsigned> MD5: d1a6bc81ecc9ce4b162ce14c719d8477 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so
<unsigned> MD5: b3e4a89017b115ab1b5850c3c8ba040e C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so
<unsigned> MD5: c555e1125c522e972626047c6779fccf C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so
<unsigned> MD5: 8e4b76fb33783b1eb3da4972f5d67fa3 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so
<unsigned> MD5: 29ef46651b3f3db9a25a8b14ff396607 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so
<unsigned> MD5: 790d834c8c67305fd2cabf94f2a0bb0c C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so
<unsigned> MD5: f9d1ba2b90a4c987e1017ca485fe0167 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so
<unsigned> MD5: bbce9ec41e0f5a361017d9fc15f209f1 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nmi.dll
<unsigned> MD5: adc2d25754f8ca371aff9644b8eaa681 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
<unsigned> MD5: ee0f4d3e3fd2b5dacf7eedddbb243973 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
<unsigned> MD5: 32e0da15bf9638038a29df5671b75fb6 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll
<unsigned> MD5: 94e8a179963027d69ec4eb44a566ff10 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common_firewall.dll
<unsigned> MD5: 84f6b3ae2bbbfc146a27ede853eccb6b C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: eadfcaf6888b10183a0ef881453fa0ba C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 239eadd6b5ab68051c3dad1e9403b33d C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 55d7a219ad8d0db8980528944152a6fd C:\Program Files\QuickTime\qttask.exe
<unsigned> MD5: a7416ce124ef1e6df0e88e583e238f20 C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
<unsigned> MD5: 9005a51c551ed70f8bd0c02054b2bd58 C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
<unsigned> MD5: 50f9124cb00860a39934283222e39990 C:\Program Files\Real\RealPlayer\browserrecord\rpmainbrowserrecordplugin.dll
<unsigned> MD5: 89b0d5db4cafc9acc09a4863dd918158 C:\Program Files\Real\RealPlayer\browserrecord\thinshims\rpnpshimswf.dll
<unsigned> MD5: dd33975dcfe8c020c07f6707f81a1d12 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> MD5: 01f0264937036bd962563f1adf35ce72 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned> MD5: 4a2a05b25df4385f5aec6f07b1c1e93d C:\Program Files\RocketDock\RocketDock.dll
<unsigned> MD5: 7dfccc67990b6de7f30f553a4e4612a4 C:\Program Files\RocketDock\RocketDock.exe
<unsigned> MD5: e3f974bdedc336490a2e6f3a703f016a C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
<unsigned> MD5: f80eec5e1d6cdf82cb974daada0c57dd C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
<unsigned> MD5: f0367b4cc35a12974a066b12a01839cc C:\Program Files\Winamp\libsndfile.dll
<unsigned> MD5: 06472a0672c46fdf4312817789b27435 C:\Program Files\Winamp\nde.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Winamp\nscrt.dll
<unsigned> MD5: 8ddf98391c5aa64ff9516ab69c1f1da2 C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
<unsigned> MD5: 11ba905bebd73d65dddcfc11d9501ee2 C:\Program Files\Winamp\Plugins\gen_dropbox.dll
<unsigned> MD5: a92fac741695b783f7eaae9be2b5987f C:\Program Files\Winamp\Plugins\gen_ff.dll
<unsigned> MD5: f782e10835c3bce8d35253b6f0b35b6c C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
<unsigned> MD5: 09de4ea35a1392be9ecd0cb8bd85cbeb C:\Program Files\Winamp\Plugins\gen_jumpex.dll
<unsigned> MD5: e53a94e6c9ce07ee54ae4d9266d805ea C:\Program Files\Winamp\Plugins\gen_ml.dll
<unsigned> MD5: c62443c2add1f60667142e56d8ceb650 C:\Program Files\Winamp\Plugins\gen_tray.dll
<unsigned> MD5: 41c3050250b74f3aa578c624802d0101 C:\Program Files\Winamp\Plugins\in_cdda.dll
<unsigned> MD5: aca71c7b5769423a76cc62b142ca51ef C:\Program Files\Winamp\Plugins\in_dshow.dll
<unsigned> MD5: e7f485e3ba4ccbf9719a246dd5f93081 C:\Program Files\Winamp\Plugins\in_flac.dll
<unsigned> MD5: eac621d284f247ee8e8c50331ccb940d C:\Program Files\Winamp\Plugins\in_flv.dll
<unsigned> MD5: bf32eb594cdaffe6584aa1a9bad1824e C:\Program Files\Winamp\Plugins\in_linein.dll
<unsigned> MD5: 5539174758c749e69fa3573556a883c7 C:\Program Files\Winamp\Plugins\in_midi.dll
<unsigned> MD5: 28b4e69f176293c5b2a1a311fc090a57 C:\Program Files\Winamp\Plugins\in_mod.dll
<unsigned> MD5: 544f070274c2e6394d83075554193568 C:\Program Files\Winamp\Plugins\in_mp3.dll
<unsigned> MD5: 79152fc05b3237dc767f7869a8cfcb49 C:\Program Files\Winamp\Plugins\in_mp4.dll
<unsigned> MD5: 7c99009bde76255bc1b51d28c6185587 C:\Program Files\Winamp\Plugins\in_nsv.dll
<unsigned> MD5: 326b6da44e3206bee61ae307eca644ae C:\Program Files\Winamp\Plugins\in_swf.dll
<unsigned> MD5: 9c82259d1b7e8a95a3e7cf6d9379504e C:\Program Files\Winamp\Plugins\in_vorbis.dll
<unsigned> MD5: bea58a10b2a9a77210696aa81b97d5c8 C:\Program Files\Winamp\Plugins\in_wave.dll
<unsigned> MD5: 7af64225917d3059690d120377eac475 C:\Program Files\Winamp\Plugins\in_wm.dll
<unsigned> MD5: ce897428f43f3c576139791fdb1efafe C:\Program Files\Winamp\Plugins\ml_autotag.dll
<unsigned> MD5: acbde3f0cf1d0da9fda5c4fd1bbc708e C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
<unsigned> MD5: 540a92a82ddb0c926deeb00e61c88bad C:\Program Files\Winamp\Plugins\ml_dash.dll
<unsigned> MD5: 1fd54d8a58194042ea073c5d4d9207e4 C:\Program Files\Winamp\Plugins\ml_disc.dll
<unsigned> MD5: 6433e3f12e49474311cf609acc64b281 C:\Program Files\Winamp\Plugins\ml_history.dll
<unsigned> MD5: dff36d9690149c8046104480327ac50d C:\Program Files\Winamp\Plugins\ml_impex.dll
<unsigned> MD5: 63033ef28bbccc7fd45797df76f472f6 C:\Program Files\Winamp\Plugins\ml_local.dll
<unsigned> MD5: 2efd14f37247783ad4fe594937554651 C:\Program Files\Winamp\Plugins\ml_nowplaying.dll
<unsigned> MD5: 48bc63d4620ef1317564cb0c0a3affda C:\Program Files\Winamp\Plugins\ml_online.dll
<unsigned> MD5: b750221d8ce2262e0042c7ed16a177a3 C:\Program Files\Winamp\Plugins\ml_orb.dll
<unsigned> MD5: fa452ce6568592cf5c460f8d1f4933bb C:\Program Files\Winamp\Plugins\ml_playlists.dll
<unsigned> MD5: 4951d9adc15f613c05fea8c6fdd1ab23 C:\Program Files\Winamp\Plugins\ml_plg.dll
<unsigned> MD5: 5c1e62c842751e203cb3ed0f55fdaae1 C:\Program Files\Winamp\Plugins\ml_pmp.dll
<unsigned> MD5: f30d5498f0c6b23667184855341d7c3a C:\Program Files\Winamp\Plugins\ml_rg.dll
<unsigned> MD5: 8d139d8b438d239c3ebb3891f3eda73b C:\Program Files\Winamp\Plugins\ml_transcode.dll
<unsigned> MD5: 595e22687e17dc66671c672375eccdb8 C:\Program Files\Winamp\Plugins\ml_wa2_scrobbler.dll
<unsigned> MD5: a7cf2c8ea56d940fe138d9e4d02287b4 C:\Program Files\Winamp\Plugins\ml_wire.dll
<unsigned> MD5: 86c147a825c28ea06304733086c1c2c7 C:\Program Files\Winamp\Plugins\out_disk.dll
<unsigned> MD5: 3182f0555546c65057a4c6045a47b1c8 C:\Program Files\Winamp\Plugins\out_ds.dll
<unsigned> MD5: 26d97e82acac1a5a6f2fc85ac49a6d70 C:\Program Files\Winamp\Plugins\out_null.dll
<unsigned> MD5: 73aed31606a86f975b739655c5284aa2 C:\Program Files\Winamp\Plugins\out_wave.dll
<unsigned> MD5: 5591eee69908b24019ae3feaa440dbc7 C:\Program Files\Winamp\Plugins\out_xf.dll
<unsigned> MD5: fb6998161d19d25c69e2c460940e8a85 C:\Program Files\Winamp\Plugins\pmp_ipod.dll
<unsigned> MD5: efba1688a89b89b63499c8421163b351 C:\Program Files\Winamp\Plugins\pmp_njb.dll
<unsigned> MD5: 90e2bb85e58e2c47300bd456dc61dda7 C:\Program Files\Winamp\Plugins\pmp_p4s.dll
<unsigned> MD5: ffa8647144b6c38112bc8f5f65bd8b2d C:\Program Files\Winamp\Plugins\pmp_usb.dll
<unsigned> MD5: 723525055861d6d490cc7fcee4f43fa7 C:\Program Files\Winamp\System\bmp.w5s
<unsigned> MD5: d5330bd54407f6107191cfb162c82085 C:\Program Files\Winamp\System\dlmgr.w5s
<unsigned> MD5: 7a3aba5664404e50f0338efb2d51786b C:\Program Files\Winamp\System\filereader.w5s
<unsigned> MD5: db43dbef28961e5c5d9d6c8b52495711 C:\Program Files\Winamp\System\gif.w5s
<unsigned> MD5: c8b8418e98f136527d1e98471beccb6e C:\Program Files\Winamp\System\gracenote.w5s
<unsigned> MD5: 21a6165ad3ad17ee895ca821cf5b81d4 C:\Program Files\Winamp\System\jnetlib.w5s
<unsigned> MD5: ccf128f2b462dc3bb2a3a713d4881a4a C:\Program Files\Winamp\System\jpeg.w5s
<unsigned> MD5: 04be6c994c207627a63aceae77cb4cb0 C:\Program Files\Winamp\System\playlist.w5s
<unsigned> MD5: 29dd155365a77f40fa32d9cebedac5a9 C:\Program Files\Winamp\System\png.w5s
<unsigned> MD5: 0aa3cbadae4801468a0df6eadc6fdfbf C:\Program Files\Winamp\System\primo.w5s
<unsigned> MD5: 404338bb67a53f1e970741db9eaa3b5a C:\Program Files\Winamp\System\tagz.w5s
<unsigned> MD5: 646902091b4078eb950bf347aad8fa48 C:\Program Files\Winamp\System\timer.w5s
<unsigned> MD5: 5888e09406f13745b3e37519daa8f9ad C:\Program Files\Winamp\System\xml.w5s
<unsigned> MD5: cb553ef84337505cc19089442cda50ad C:\Program Files\Winamp\tataki.dll
<unsigned> MD5: 2ed1775d761251c645d6590ae4e7248c C:\Program Files\Winamp\winampa.exe
<unsigned> MD5: c7203ee45c204cb18b0df546a9ba2d9e C:\Program Files\Winamp\zlib.dll
<unsigned> MD5: ea7267505149b3a10df32506a4e4e412 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
<unsigned> MD5: be5d50529799b9bab6be879ec768b6cf C:\WINDOWS\system32\drivers\BIOS.sys
<unsigned> MD5: 0744aa40fe6fa9c471fa59ccb5ca1f73 C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
<unsigned> MD5: 01d1832f2b13dfaf7384884f7c3e0124 C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
<unsigned> MD5: 3efdd3cc9118f6290398d94a72458b00 C:\WINDOWS\System32\Drivers\btcusb.sys
<unsigned> MD5: a9164c2a39bd917b9f42ae087560ac3d C:\WINDOWS\System32\Drivers\BTHidMgr.sys
<unsigned> MD5: 51eff72092088948933298c12ed23fd1 C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
<unsigned> MD5: 78a033933af2cac043a445ff1db876b8 C:\WINDOWS\system32\drivers\BTNETFILTER.sys
<unsigned> MD5: fa9e43b1f947f2527ba3e070fe45a474 C:\WINDOWS\System32\Drivers\BUSB2902.sys
<unsigned> MD5: 98c0857d43a95368f4a17a9900db1895 C:\WINDOWS\system32\drivers\busbwdm.sys
<unsigned> MD5: d768dd2aa755bf8d3fd78bec3f8645d5 C:\WINDOWS\system32\drivers\Maplom.sys
<unsigned> MD5: e69d9e7854095a9c81acee40d766fe2d C:\WINDOWS\system32\DRIVERS\vbtenum.sys
<unsigned> MD5: 9ebee4a060c5364a31aeaa04eac2af1e C:\WINDOWS\system32\DRIVERS\VComm.sys
<unsigned> MD5: d1ddff84dc3060456c8bc0c47af8cbb2 C:\WINDOWS\System32\Drivers\VcommMgr.sys
<unsigned> MD5: 9f22e3ce1639917eb07dcc730cd0d410 C:\WINDOWS\system32\IM31IMG.DIL
<unsigned> MD5: 86c5aac31ea7909121327701045f74bd C:\WINDOWS\system32\IMGMAN32.DLL
<unsigned> MD5: 9754eab39a192fb431405a0d474e9ff1 C:\WINDOWS\system32\LXPMONRC.DLL
<unsigned> MD5: ff93f3730eef696a7f87b09dcf0e7c27 C:\WINDOWS\system32\LXPRMON.DLL
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\WINDOWS\system32\msvcp71.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\WINDOWS\system32\msvcr71.dll
<unsigned> MD5: 7a221212e6f57f188e704dab8438368b C:\WINDOWS\system32\nvrseng.dll
<unsigned> MD5: d5c9dc605e1acb57bf37be3e9890b936 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.10 MB sent, 3.61 KB recvd
Scanned 1424 files and modules - 214 seconds


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:13 AM

Posted 01 April 2010 - 07:19 PM

Good result. thumbup2.gif

How is the PC running now?
Posted Image
m0le is a proud member of UNITE

#15 Evertonized

Evertonized
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 01 April 2010 - 07:23 PM

Everything looks good on the TeenArea direction which was bothering my computer thumbup2.gif thanks.

Still a few problems with Google, sending me to results.googleservices.com before then redirecting me somewhere else I don't really need. Is there anyway we can fix that, if there is and you've got enough time to help me still then that'll be absoloutely ace smile.gif x.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users