Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Trojan Troubles

  • 18-10-2007 11:08am
    #1
    Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭


    Folks,


    Having a few issues on a regular basis with warning messages popping up ( using NOD32 ) about various trojan issues.

    Example Win32 Agent.BCK.Trojan


    Just wondering what application / trojan cleaner software is the best to protect clean the PC.:confused::confused:


Comments

  • Moderators, Recreation & Hobbies Moderators, Social & Fun Moderators, Sports Moderators Posts: 12,808 Mod ✭✭✭✭Keano


    Avast home edition. Free too! Just download and let it do a boot scan the next time you restart the pc. Should sort it out


  • Closed Accounts Posts: 188 ✭✭onechewy


    AVG is a pretty good free Anti-Virus, and yesterday I was told about CureIt which worked really well on a riddled laptop.


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    Using NOD32 and now Avast version 4.7 pro. Have also run drweb curerit. When the scans are finished running some issues are being found and then cleaned.

    That being the case I was hopefull that the PC was clean but NOD32 is still highlighting Trojan problem particually at start-up

    The one in particular is Win32/Agent.BCK.trojan


    Can anyone please advise as its beginning to annoy me.:confused::confused::confused:


  • Closed Accounts Posts: 188 ✭✭onechewy


    Why don't you try CureIt, which I mentioned above?


  • Registered Users, Registered Users 2 Posts: 2,471 ✭✭✭majiktripp


    Have you run a program called Hijack This, which analyses all your start up files and makes a list which you can remove any nasty entries from should you find them. Even if you run the program found here
    http://www.filehippo.com/download_hijackthis/?199
    and post up the log of the contents that it finds and we can have a look.


  • Advertisement
  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    Have You done scans in safe mode?


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    onechewy wrote: »
    Why don't you try CureIt, which I mentioned above?

    See above post. I have also ran drweb cureit. Found one issue and cleaned it

    Thanks


    Ran SpyBot and it found three issues in the registry which all related to something called Virtumonde. The program performed a fix and I'm now running a full thorough scan with Avast.

    I take it I can run that program HiJackthis and post the findings here so more knowledgeble persons can advise on the issues.

    Thanks in advance


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    PogMoThoin wrote: »
    Have You done scans in safe mode?

    NO.......Apologies offered in my defence I haven't got much experience in dealing with these type of issues ( lucky so far ).

    What's the advantage on running in Safe Mode ???


  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    Advantages of safe mode av scans

    You get to safe mode by pressing f8 just before windows loads. It will load only the basic Windows services & drivers. Have a go


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    PogMoThoin wrote: »
    Advantages of safe mode av scans

    You get to safe mode by pressing f8 just before windows loads. It will load only the basic Windows services & drivers. Have a go

    Thanks for that info, I'll have to give it a go.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    I have just ran the program HiJackThis and the following below is the report. Advice please.............



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:53:06, on 18/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\CURITY~1\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.football365.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\bdhviksl.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Tocs] "C:\WINDOWS\CURITY~1\iexplore.exe" --ru -vt yazb
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160683618109
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{82E4D865-721D-49ED-A1FE-0C936CFABC79}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EZ-Backup Manager - Unknown owner - C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 13277 bytes



    Please note that I ran a thorough scan of my PC with Avast 4.7 pro and after nearly 3 hrs scanning it came back saying that no infected files where found.:)


    Thanks in advance.


  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    Don't see anything suspicious in that log (not saying some1 with better knowlege might find somethin tho)

    Jeez you got some amount of startup items, ever think of disabling some of those that ya dont need. Must take your pc ages to boot. Download startup Inspector,
    it will google all items when ya click consult & tell you what they are & wheter they needed or if ya can disable them. Just untick the boxes to disable them & click apply. Very user friendly.

    Noticed you got both Avast & Nod32 running. These could be conflicting & telling ya that the other is a virus. You should never run 2 av programs.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    You seem to have a bit of the vundo trojan. Do this

    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • Now click the Run Scan button on the toolbar.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.



    Also post a new HijackThis log.


  • Registered Users, Registered Users 2 Posts: 2,471 ✭✭✭majiktripp


    This looks dodgy...I think...
    O4 - HKCU\..\Run: [Tocs] "C:\WINDOWS\CURITY~1\iexplore.exe" --ru -vt yazb


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    You seem to have a bit of the vundo trojan. Do this

    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

    I have ran Vundofix see reports below


    VundoFix V6.5.10

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 22:26:31 18/10/2007

    Listing files found while scanning....

    C:\windows\system32\bbeeg.bak1
    C:\windows\system32\bbeeg.bak2
    C:\windows\system32\bbeeg.ini
    C:\windows\system32\bbeeg.ini2
    C:\WINDOWS\system32\bdhviksl.dll
    C:\windows\system32\bthhhypw.dll
    C:\windows\system32\cmslmvxf.ini
    C:\windows\system32\fxvmlsmc.dll
    C:\windows\system32\geebb.dll
    C:\WINDOWS\system32\lskivhdb.ini
    C:\windows\system32\wpyhhhtb.ini
    C:\WINDOWS\system32\xxyyxya.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\bbeeg.bak1
    C:\windows\system32\bbeeg.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\bbeeg.bak2
    C:\windows\system32\bbeeg.bak2 Has been deleted!

    Attempting to delete C:\windows\system32\bbeeg.ini
    C:\windows\system32\bbeeg.ini Has been deleted!

    Attempting to delete C:\windows\system32\bbeeg.ini2
    C:\windows\system32\bbeeg.ini2 Has been deleted!

    Attempting to delete C:\windows\system32\bthhhypw.dll
    C:\windows\system32\bthhhypw.dll Has been deleted!

    Attempting to delete C:\windows\system32\cmslmvxf.ini
    C:\windows\system32\cmslmvxf.ini Has been deleted!

    Attempting to delete C:\windows\system32\fxvmlsmc.dll
    C:\windows\system32\fxvmlsmc.dll Has been deleted!

    Attempting to delete C:\windows\system32\geebb.dll
    C:\windows\system32\geebb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lskivhdb.ini
    C:\WINDOWS\system32\lskivhdb.ini Has been deleted!

    Attempting to delete C:\windows\system32\wpyhhhtb.ini
    C:\windows\system32\wpyhhhtb.ini Has been deleted!

    Performing Repairs to the registry.
    Done!



    Here is the new HiJackThis report after the Vundofix

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:40:23, on 18/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    D:\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\WINDOWS\CURITY~1\iexplore.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.football365.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {DDF76102-EE3A-4B14-ADA6-5E757FD05C91} - C:\WINDOWS\system32\geebb.dll (file missing)
    O2 - BHO: (no name) - {E180F336-9CD4-4C61-B0A9-CE6F52D9FDA5} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Tocs] "C:\WINDOWS\CURITY~1\iexplore.exe" --ru -vt yazb
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160683618109
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{82E4D865-721D-49ED-A1FE-0C936CFABC79}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: xxyyxya - xxyyxya.dll (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EZ-Backup Manager - Unknown owner - C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 14045 bytes




    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • Now click the Run Scan button on the toolbar.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.





    Also post a new HijackThis log.

    I will perform this as requested and reply shortly in new post as this one is rather large and I do not want to add to the confusion.

    Thanks


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    You seem to have a bit of the vundo trojan. Do this

    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • Now click the Run Scan button on the toolbar.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

    WinPFind3 report

    WinPFind3 logfile created on: 18/10/2007 22:50:22
    WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Mark\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.80% Memory free
    3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.16% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 50.00 Gb Total Space | 9.75 Gb Free Space | 19.50% Space Free
    Drive D: | 248.09 Gb Total Space | 107.55 Gb Free Space | 43.35% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: MYBITCH
    Current User Name: Mark
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 13:28:18 | Attr = ]
    asdhremote.exe -> %ProgramFiles%\ASUS\ASUS DH Remote\AsDhRemote.exe -> T-wins [Ver = 0, 0, 13, 0 | Size = 208896 bytes | Modified Date = 19/07/2006 09:32:20 | Attr = ]
    ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 11:06:10 | Attr = ]
    ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 11:05:42 | Attr = ]
    ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 11:06:04 | Attr = ]
    ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 11:04:44 | Attr = ]
    asrc.exe -> %ProgramFiles%\ASUS\ASUS DH Remote\AsRc.exe -> [Ver = | Size = 3167744 bytes | Modified Date = 19/07/2006 09:52:42 | Attr = ]
    aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 10:54:58 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 487424 bytes | Modified Date = 22/08/2007 02:57:16 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 487424 bytes | Modified Date = 22/08/2007 02:57:16 | Attr = ]
    calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 30/03/2006 09:15:44 | Attr = ]
    ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:34 | Attr = ]
    ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 02/12/2004 18:23:34 | Attr = ]
    ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 01:00:00 | Attr = ]
    cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 39 | Size = 17920 bytes | Modified Date = 01/06/2006 11:34:56 | Attr = ]
    ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 01:01:00 | Attr = ]
    ctxfihlp.exe -> %System32%\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 01/06/2006 11:34:58 | Attr = ]
    ctxfispi.exe -> %System32%\CTXFISPI.EXE -> Creative Technology Ltd [Ver = 1.0.21.1180 (Beta-Release) | Size = 729600 bytes | Modified Date = 01/06/2006 11:29:38 | Attr = ]
    datalayer.exe -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1106944 bytes | Modified Date = 31/03/2005 10:30:52 | Attr = ]
    dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 16/06/2005 18:25:28 | Attr = ]
    ezbackup.exe -> %ProgramFiles%\EzBackup\EZ-Backup Manager\EzBackup.exe -> [Ver = | Size = 1123840 bytes | Modified Date = 08/05/2006 18:10:38 | Attr = ]
    firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.7: 2007091417 | Size = 7644520 bytes | Modified Date = 16/09/2007 07:56:40 | Attr = ]
    iexplore.exe -> %SystemRoot%\??curity\iexplore.exe -> File not found
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.1.2 | Size = 503608 bytes | Modified Date = 07/09/2007 16:55:02 | Attr = ]
    ituneshelper.exe -> D:\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.1.2 | Size = 267064 bytes | Modified Date = 07/09/2007 16:55:08 | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    khalmnpr.exe -> %CommonProgramFiles%\Logitech\KHAL\KHALMNPR.EXE -> Logitech Inc. [Ver = 2.22.104 | Size = 37888 bytes | Modified Date = 05/11/2004 16:32:20 | Attr = ]
    launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 50, 14, 6 | Size = 167936 bytes | Modified Date = 22/03/2005 10:39:34 | Attr = ]
    lcdclock.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDClock.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 198656 bytes | Modified Date = 06/03/2006 16:16:12 | Attr = ]
    lcdcountdown.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 378880 bytes | Modified Date = 06/03/2006 16:16:48 | Attr = ]
    lcdmedia.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDMedia.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 289792 bytes | Modified Date = 06/03/2006 16:15:42 | Attr = ]
    lcdmon.exe -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 06/03/2006 16:14:58 | Attr = ]
    lcdpop3.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 307200 bytes | Modified Date = 06/03/2006 16:17:24 | Attr = ]
    lgdcore.exe -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 06/03/2006 16:31:52 | Attr = ]
    mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ]
    mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:56 | Attr = ]
    nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 32 | Size = 552064 bytes | Modified Date = 18/03/2007 11:52:02 | Attr = ]
    nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 32 | Size = 949376 bytes | Modified Date = 18/03/2007 11:52:02 | Attr = ]
    notiman.exe -> %ProgramFiles%\Creative\ShareDLL\CADI\NotiMan.exe -> Creative Technology Ltd. [Ver = 1.0.0.1 | Size = 73728 bytes | Modified Date = 14/01/2005 19:32:44 | Attr = ]
    oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1634 | Size = 1050120 bytes | Modified Date = 11/05/2007 02:09:48 | Attr = ]
    pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 02/10/2007 22:24:22 | Attr = ]
    richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 08/08/2005 13:54:00 | Attr = ]
    schedhlp.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 16/10/2006 21:13:32 | Attr = ]
    schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 16/10/2006 21:13:28 | Attr = ]
    servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 50, 28, 2 | Size = 97792 bytes | Modified Date = 22/03/2005 13:27:16 | Attr = ]
    setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.22.124 | Size = 598016 bytes | Modified Date = 02/12/2004 09:33:32 | Attr = ]
    ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 07/01/2006 03:36:10 | Attr = ]
    taskswitch.exe -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 19/03/2002 17:30:00 | Attr = ]
    teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr = ]
    timountermonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 16/10/2006 21:17:16 | Attr = ]
    trueimagemonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 16/10/2006 21:12:20 | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 16/10/2006 21:13:28 | Attr = ]
    (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/10/2006 23:52:46 | Attr = ]
    (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 13:28:18 | Attr = ]
    (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 10:54:58 | Attr = ]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 487424 bytes | Modified Date = 22/08/2007 02:57:16 | Attr = ]
    (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 21/08/2007 21:05:00 | Attr = ]
    (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 11:06:04 | Attr = ]
    (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 11:05:42 | Attr = ]
    (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 11:04:44 | Attr = ]
    (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ]
    (CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 30/03/2006 09:15:44 | Attr = ]
    (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 01:01:00 | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ]
    (EZ-Backup Manager) EZ-Backup Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\EzBackup\EZ-Backup Manager\EzBackup.exe -> [Ver = | Size = 1123840 bytes | Modified Date = 08/05/2006 18:10:38 | Attr = ]
    (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 02/09/2007 20:16:56 | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.1.2 | Size = 503608 bytes | Modified Date = 07/09/2007 16:55:02 | Attr = ]
    (MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 24/11/2005 18:03:22 | Attr = ]
    (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 29/06/2007 19:16:56 | Attr = ]
    (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 27/06/2007 19:04:00 | Attr = ]
    (NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 32 | Size = 552064 bytes | Modified Date = 18/03/2007 11:52:02 | Attr = ]
    (O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1634 | Size = 1050120 bytes | Modified Date = 11/05/2007 02:09:48 | Attr = ]
    (PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 24/11/2005 17:57:44 | Attr = ]
    (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 02/10/2007 22:24:22 | Attr = ]
    (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 08/08/2005 13:54:00 | Attr = ]
    (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 24/11/2005 17:47:30 | Attr = ]
    (SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 06/01/2006 23:25:12 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 16/10/2006 21:13:32 | Attr = ]
    AcronisTimounterMonitor -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 16/10/2006 21:17:16 | Attr = ]
    Ai Quicker Help -> %ProgramFiles%\ASUS\ASUS DH Remote\AsRc.exe -> [Ver = | Size = 3167744 bytes | Modified Date = 19/07/2006 09:52:42 | Attr = ]
    AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 16/06/2005 18:25:28 | Attr = ]
    avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 11:06:10 | Attr = ]
    CoolSwitch -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 19/03/2002 17:30:00 | Attr = ]
    CTDVDDET -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 01:00:00 | Attr = ]
    CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 39 | Size = 17920 bytes | Modified Date = 01/06/2006 11:34:56 | Attr = ]
    CTxfiHlp -> %System32%\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 01/06/2006 11:34:58 | Attr = ]
    DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1106944 bytes | Modified Date = 31/03/2005 10:30:52 | Attr = ]
    iTunesHelper -> D:\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.1.2 | Size = 267064 bytes | Modified Date = 07/09/2007 16:55:08 | Attr = ]
    Kernel and Hardware Abstraction Layer -> KHALMNPR.EXE -> File not found
    LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 13/04/2006 11:09:00 | Attr = ]
    Launch LCDMon -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 06/03/2006 16:14:58 | Attr = ]
    Launch LGDCore -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 06/03/2006 16:31:52 | Attr = ]
    NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 01/03/2007 15:57:24 | Attr = ]
    nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 32 | Size = 949376 bytes | Modified Date = 18/03/2007 11:52:02 | Attr = ]
    PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 50, 14, 6 | Size = 167936 bytes | Modified Date = 22/03/2005 10:39:34 | Attr = ]
    RCSystem -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 16/06/2005 18:25:28 | Attr = ]
    SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 07/01/2006 03:36:10 | Attr = ]
    StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 10/11/2006 12:35:24 | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:36 | Attr = ]
    TrueImageMonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 16/10/2006 21:12:20 | Attr = ]
    UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 11/05/2000 01:00:00 | Attr = ]
    VolPanel -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.21.0 | Size = 122880 bytes | Modified Date = 11/07/2005 11:34:06 | Attr = ]
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 02/12/2004 18:23:34 | Attr = ]
    SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr = ]
    Tocs -> %SystemRoot%\??curity\iexplore.exe -> File not found
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 23:05:26 | Attr = ]
    %AllUsersStartup%\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.22.124 | Size = 598016 bytes | Modified Date = 02/12/2004 09:33:32 | Attr = ]
    < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    {8CEFE835-8EBF-420F-AFA2-807008E32917} [HKLM] -> Reg Data - Key not found [] -> File not found
    {93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> %ProgramFiles%\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 09/10/2004 15:18:02 | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4175 | Size = 122880 bytes | Modified Date = 22/08/2007 02:58:44 | Attr = ]
    xxyyxya -> xxyyxya.dll -> File not found
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
    < HOSTS File > (193279 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
    HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.football365.com/ ->
    HKCU: ProxyEnable -> 0 ->
    HKCU: ProxyOverride -> *.local ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 05:16:42 | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    {DDF76102-EE3A-4B14-ADA6-5E757FD05C91} [HKLM] -> %System32%\geebb.dll [Reg Data - Value does not exist] -> File not found
    {E180F336-9CD4-4C61-B0A9-CE6F52D9FDA5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    {E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
    {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    &Subscribe with ArchosLink -> -> File not found
    E&xport to Microsoft Excel -> -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {20B66F52-4ECA-45A6-B3C6-E62679B30452} -> (Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter) ->
    {329C0643-B212-4D95-B942-85B554D90834} -> (Nintendo Wi-Fi USB Connector) ->
    {4A74ED1C-FE7D-47A9-8553-C11570D1A440} -> () ->
    {6388B550-2334-4380-A574-EABC46C3BEBB} -> () ->
    {6C93F758-34A0-4307-A1DE-CC24F4B326A4} -> (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) ->
    {82E4D865-721D-49ED-A1FE-0C936CFABC79} -> 208.67.222.222,208.67.220.220 (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) ->
    {E91C1567-953E-4D16-B6B9-D6AB4BF97CD5} -> (1394 Net Adapter) ->
    < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
    NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 12:42:30 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab ->
    {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> OnlineScanner Control - CodeBase = http://www.eset.eu/buxus/docs/OnlineScanner.cab ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160683618109 ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ->


    [Files/Folders - Created Within 30 days]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 18/10/2007 21:26:31 | Attr = ]
    ZB20071018200312001.xml -> %SystemDrive%\ZB20071018200312001.xml -> [Ver = | Size = 439 bytes | Created Date = 18/10/2007 19:03:12 | Attr = ]
    $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/10/2007 12:53:19 | Attr = H ]
    $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/10/2007 12:51:47 | Attr = H ]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1114 bytes | Created Date = 30/09/2007 20:25:41 | Attr = ]
    Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 18/10/2007 14:55:36 | Attr = ]
    mozregistry.dat -> %SystemRoot%\mozregistry.dat -> [Ver = | Size = 335 bytes | Created Date = 03/10/2007 12:04:06 | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 15/10/2007 13:33:15 | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 15/10/2007 13:33:15 | Attr = H ]
    Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 11/10/2007 20:21:00 | Attr = ]
    _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Created Date = 29/09/2007 18:50:52 | Attr = ]
    ??curity -> %SystemRoot%\??curity -> [Folder | Created Date = 12/04/1746 07:09:55 | Attr = ]
    aabdymbv.ini -> %System32%\aabdymbv.ini -> [Ver = | Size = 693541 bytes | Created Date = 13/10/2007 19:14:11 | Attr = HS]
    actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 17/10/2007 14:11:48 | Attr = ]
    alnnpkvo.ini -> %System32%\alnnpkvo.ini -> [Ver = | Size = 693748 bytes | Created Date = 02/10/2007 18:52:40 | Attr = HS]
    ankwclyh.ini -> %System32%\ankwclyh.ini -> [Ver = | Size = 695332 bytes | Created Date = 11/10/2007 17:08:25 | Attr = HS]
    asamgkne.ini -> %System32%\asamgkne.ini -> [Ver = | Size = 695581 bytes | Created Date = 12/10/2007 19:17:55 | Attr = HS]
    aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 18/10/2007 11:42:50 | Attr = ]
    AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 18/10/2007 11:43:00 | Attr = ]
    bhwpsdnq.dll -> %System32%\bhwpsdnq.dll -> [Ver = | Size = 83008 bytes | Created Date = 18/10/2007 15:05:03 | Attr = ]
    bioqpxru.dll -> %System32%\bioqpxru.dll -> [Ver = | Size = 87104 bytes | Created Date = 01/10/2007 15:11:37 | Attr = ]
    cqgqnyva.ini -> %System32%\cqgqnyva.ini -> [Ver = | Size = 694948 bytes | Created Date = 10/10/2007 17:17:44 | Attr = HS]
    ddxuttrf.ini -> %System32%\ddxuttrf.ini -> [Ver = | Size = 693832 bytes | Created Date = 03/10/2007 07:55:51 | Attr = HS]
    DGPNorm.ocx -> %System32%\DGPNorm.ocx -> DGP [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Created Date = 17/10/2007 14:11:49 | Attr = ]
    enkgmasa.dll -> %System32%\enkgmasa.dll -> [Ver = | Size = 84032 bytes | Created Date = 12/10/2007 19:17:54 | Attr = ]
    eudccscp.ini -> %System32%\eudccscp.ini -> [Ver = | Size = 693952 bytes | Created Date = 08/10/2007 12:06:37 | Attr = HS]
    frtjjvjd.ini -> %System32%\frtjjvjd.ini -> [Ver = | Size = 694132 bytes | Created Date = 04/10/2007 09:16:23 | Attr = HS]
    gvjpbfok.ini -> %System32%\gvjpbfok.ini -> [Ver = | Size = 693499 bytes | Created Date = 01/10/2007 20:17:39 | Attr = HS]
    hcbxdjwi.dll -> %System32%\hcbxdjwi.dll -> [Ver = | Size = 87104 bytes | Created Date = 05/10/2007 12:50:49 | Attr = ]
    ilshirnj.ini -> %System32%\ilshirnj.ini -> [Ver = | Size = 693841 bytes | Created Date = 14/10/2007 19:11:55 | Attr = HS]
    ISUSPM.cpl -> %System32%\ISUSPM.cpl -> Macrovision Corporation [Ver = 6, 1, 100, 56793 | Size = 78784 bytes | Created Date = 29/09/2007 20:03:21 | Attr = ]
    iwjdxbch.ini -> %System32%\iwjdxbch.ini -> [Ver = | Size = 694339 bytes | Created Date = 05/10/2007 12:50:50 | Attr = HS]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 13/10/2007 11:55:31 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 13/10/2007 11:55:31 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 13/10/2007 11:55:31 | Attr = ]
    jmshkraa.ini -> %System32%\jmshkraa.ini -> [Ver = | Size = 693499 bytes | Created Date = 07/10/2007 14:37:14 | Attr = HS]
    jwekcnvw.ini -> %System32%\jwekcnvw.ini -> [Ver = | Size = 693499 bytes | Created Date = 01/10/2007 15:26:03 | Attr = HS]
    lame_enc.dll -> %System32%\lame_enc.dll -> [Ver = | Size = 233472 bytes | Created Date = 17/10/2007 14:11:49 | Attr = ]
    NCTAudioFile.dll -> %System32%\NCTAudioFile.dll -> NCT Company [Ver = 1, 7, 4, 1 | Size = 1703936 bytes | Created Date = 17/10/2007 14:11:49 | Attr = ]
    NCTWMAFile.dll -> %System32%\NCTWMAFile.dll -> NCT Company [Ver = 1, 7, 2, 0 | Size = 360448 bytes | Created Date = 17/10/2007 14:11:49 | Attr = ]
    nhbvradj.ini -> %System32%\nhbvradj.ini -> [Ver = | Size = 693619 bytes | Created Date = 07/10/2007 17:29:52 | Attr = HS]
    nvoaomqu.ini -> %System32%\nvoaomqu.ini -> [Ver = | Size = 694072 bytes | Created Date = 08/10/2007 14:01:01 | Attr = HS]
    qndspwhb.ini -> %System32%\qndspwhb.ini -> [Ver = | Size = 594 bytes | Created Date = 18/10/2007 15:05:04 | Attr = HS]
    qoivsuif.ini -> %System32%\qoivsuif.ini -> [Ver = | Size = 693841 bytes | Created Date = 08/10/2007 09:41:04 | Attr = HS]
    qqxjiblr.ini -> %System32%\qqxjiblr.ini -> [Ver = | Size = 693532 bytes | Created Date = 01/10/2007 20:06:02 | Attr = HS]
    rcafgqeb.ini -> %System32%\rcafgqeb.ini -> [Ver = | Size = 694621 bytes | Created Date = 09/10/2007 17:18:54 | Attr = HS]
    rlbijxqq.dll -> %System32%\rlbijxqq.dll -> [Ver = | Size = 87104 bytes | Created Date = 01/10/2007 20:06:01 | Attr = ]
    rpycbqep.ini -> %System32%\rpycbqep.ini -> [Ver = | Size = 693601 bytes | Created Date = 02/10/2007 15:08:47 | Attr = HS]
    streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 13/10/2007 21:51:46 | Attr = R ]
    tcecrekc.ini -> %System32%\tcecrekc.ini -> [Ver = | Size = 693748 bytes | Created Date = 07/10/2007 19:13:11 | Attr = HS]
    urxpqoib.ini -> %System32%\urxpqoib.ini -> [Ver = | Size = 693901 bytes | Created Date = 01/10/2007 15:11:39 | Attr = HS]
    veafynsq.ini -> %System32%\veafynsq.ini -> [Ver = | Size = 693832 bytes | Created Date = 30/09/2007 14:47:30 | Attr = HS]
    xbwsvupo.ini -> %System32%\xbwsvupo.ini -> [Ver = | Size = 694012 bytes | Created Date = 03/10/2007 08:17:43 | Attr = HS]
    xklajlbk.ini -> %System32%\xklajlbk.ini -> [Ver = | Size = 534 bytes | Created Date = 17/10/2007 19:14:31 | Attr = HS]
    xnrtuvsh.ini -> %System32%\xnrtuvsh.ini -> [Ver = | Size = 694252 bytes | Created Date = 08/10/2007 17:14:45 | Attr = HS]
    yrhchoke.ini -> %System32%\yrhchoke.ini -> [Ver = | Size = 414 bytes | Created Date = 16/10/2007 19:14:05 | Attr = HS]
    aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 18/10/2007 11:43:02 | Attr = ]
    aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 18/10/2007 11:42:55 | Attr = ]
    aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 18/10/2007 11:42:55 | Attr = ]
    aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 18/10/2007 11:43:04 | Attr = ]
    aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 18/10/2007 11:43:04 | Attr = ]
    hosts.20071014-151712.backup -> %System32%\drivers\etc\hosts.20071014-151712.backup -> [Ver = | Size = 734 bytes | Created Date = 14/10/2007 14:17:12 | Attr = ]
    hosts.20071017-162235.backup -> %System32%\drivers\etc\hosts.20071017-162235.backup -> [Ver = | Size = 190678 bytes | Created Date = 17/10/2007 15:22:35 | Attr = R ]
    hosts.20071018-164549.backup -> %System32%\drivers\etc\hosts.20071018-164549.backup -> [Ver = | Size = 193279 bytes | Created Date = 18/10/2007 15:45:49 | Attr = R ]

    [Files/Folders - Modified Within 30 days]
    Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 13/10/2007 22:35:46 | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146553856 bytes | Modified Date = 18/10/2007 22:30:50 | Attr = HS]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 18/10/2007 18:41:46 | Attr = ]
    ProgramData -> %SystemDrive%\ProgramData -> [Folder | Modified Date = 29/09/2007 21:05:28 | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 18/10/2007 22:26:32 | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 18/10/2007 15:55:38 | Attr = ]
    ZB20071018200312001.xml -> %SystemDrive%\ZB20071018200312001.xml -> [Ver = | Size = 439 bytes | Modified Date = 18/10/2007 20:03:14 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 14/10/2007 13:33:30 | Attr = H ]
    $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/10/2007 13:53:22 | Attr = H ]
    $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/10/2007 13:51:48 | Attr = H ]
    assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/10/2007 13:34:16 | Attr = R S]
    AviSplitter.INI -> %SystemRoot%\AviSplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 25/09/2007 19:04:22 | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 18/10/2007 22:31:02 | Attr = S]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1114 bytes | Modified Date = 14/10/2007 00:36:04 | Attr = ]
    Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 29/09/2007 20:37:06 | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 03/10/2007 11:41:46 | Attr = S]
    DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 67 bytes | Modified Date = 18/10/2007 20:51:12 | Attr = ]
    game.ini -> %SystemRoot%\game.ini -> [Ver = | Size = 267 bytes | Modified Date = 13/10/2007 11:47:28 | Attr = ]
    Help -> %SystemRoot%\Help -> [Folder | Modified Date = 29/09/2007 19:52:18 | Attr = ]
    ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/10/2007 13:52:00 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 13/10/2007 11:48:12 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 17/10/2007 15:13:24 | Attr = HS]
    Media -> %SystemRoot%\Media -> [Folder | Modified Date = 29/09/2007 20:37:06 | Attr = ]
    Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 18/10/2007 15:55:38 | Attr = ]
    mozregistry.dat -> %SystemRoot%\mozregistry.dat -> [Ver = | Size = 335 bytes | Modified Date = 03/10/2007 13:04:08 | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 18/10/2007 20:51:58 | Attr = ]
    ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 510 bytes | Modified Date = 19/09/2007 14:31:12 | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 18/10/2007 12:27:44 | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 15/10/2007 14:33:28 | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 18/10/2007 22:31:40 | Attr = H ]
    Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 29/09/2007 20:37:02 | Attr = ]
    Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 17/10/2007 20:39:58 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 13/10/2007 22:34:44 | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 18/10/2007 22:29:34 | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 18/10/2007 22:48:48 | Attr = ]
    vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 63 bytes | Modified Date = 19/09/2007 14:32:08 | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 29/09/2007 19:52:16 | Attr = ]
    _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Modified Date = 29/09/2007 19:50:54 | Attr = ]
    ??curity -> %SystemRoot%\??curity -> [Folder | Modified Date = 07/08/2007 23:44:34 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 18/10/2007 22:31:06 | Attr = H ]
    aabdymbv.ini -> %System32%\aabdymbv.ini -> [Ver = | Size = 693541 bytes | Modified Date = 14/10/2007 17:30:26 | Attr = HS]
    alnnpkvo.ini -> %System32%\alnnpkvo.ini -> [Ver = | Size = 693748 bytes | Modified Date = 03/10/2007 08:29:28 | Attr = HS]
    ankwclyh.ini -> %System32%\ankwclyh.ini -> [Ver = | Size = 695332 bytes | Modified Date = 12/10/2007 20:03:30 | Attr = HS]
    asamgkne.ini -> %System32%\asamgkne.ini -> [Ver = | Size = 695581 bytes | Modified Date = 13/10/2007 17:19:14 | Attr = HS]
    bhwpsdnq.dll -> %System32%\bhwpsdnq.dll -> [Ver = | Size = 83008 bytes | Modified Date = 18/10/2007 16:05:06 | Attr = ]
    bioqpxru.dll -> %System32%\bioqpxru.dll -> [Ver = | Size = 87104 bytes | Modified Date = 01/10/2007 16:11:40 | Attr = ]
    BMXState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> %System32%\BMXState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> [Ver = | Size = 53816 bytes | Modified Date = 18/10/2007 22:29:48 | Attr = ]
    BMXStateBkp-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> %System32%\BMXStateBkp-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> [Ver = | Size = 53816 bytes | Modified Date = 18/10/2007 22:29:48 | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 18/10/2007 22:31:54 | Attr = ]
    config -> %System32%\config -> [Folder | Modified Date = 18/10/2007 13:33:42 | Attr = ]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 18/10/2007 12:43:04 | Attr = ]
    cqgqnyva.ini -> %System32%\cqgqnyva.ini -> [Ver = | Size = 694948 bytes | Modified Date = 11/10/2007 16:11:06 | Attr = HS]
    ddxuttrf.ini -> %System32%\ddxuttrf.ini -> [Ver = | Size = 693832 bytes | Modified Date = 03/10/2007 09:12:32 | Attr = HS]
    DirectX -> %System32%\DirectX -> [Folder | Modified Date = 13/10/2007 22:21:58 | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/10/2007 13:53:22 | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 18/10/2007 12:43:06 | Attr = ]
    DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 29/09/2007 19:52:30 | Attr = ]
    DVCState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> %System32%\DVCState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> [Ver = | Size = 64980 bytes | Modified Date = 18/10/2007 22:29:48 | Attr = ]
    enkgmasa.dll -> %System32%\enkgmasa.dll -> [Ver = | Size = 84032 bytes | Modified Date = 12/10/2007 20:17:56 | Attr = ]
    eudccscp.ini -> %System32%\eudccscp.ini -> [Ver = | Size = 693952 bytes | Modified Date = 08/10/2007 14:51:26 | Attr = HS]
    frtjjvjd.ini -> %System32%\frtjjvjd.ini -> [Ver = | Size = 694132 bytes | Modified Date = 05/10/2007 13:45:38 | Attr = HS]
    gvjpbfok.ini -> %System32%\gvjpbfok.ini -> [Ver = | Size = 693499 bytes | Modified Date = 02/10/2007 16:04:02 | Attr = HS]
    hcbxdjwi.dll -> %System32%\hcbxdjwi.dll -> [Ver = | Size = 87104 bytes | Modified Date = 05/10/2007 13:50:52 | Attr = ]
    ilshirnj.ini -> %System32%\ilshirnj.ini -> [Ver = | Size = 693841 bytes | Modified Date = 15/10/2007 20:13:04 | Attr = HS]
    imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 190 bytes | Modified Date = 07/10/2007 23:32:12 | Attr = ]
    iwjdxbch.ini -> %System32%\iwjdxbch.ini -> [Ver = | Size = 694339 bytes | Modified Date = 06/10/2007 10:07:10 | Attr = HS]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 24/09/2007 22:30:28 | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Modified Date = 24/09/2007 23:31:42 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 24/09/2007 22:30:30 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 24/09/2007 23:31:42 | Attr = ]
    jmshkraa.ini -> %System32%\jmshkraa.ini -> [Ver = | Size = 693499 bytes | Modified Date = 07/10/2007 18:21:32 | Attr = HS]
    jwekcnvw.ini -> %System32%\jwekcnvw.ini -> [Ver = | Size = 693499 bytes | Modified Date = 01/10/2007 20:54:44 | Attr = HS]
    nhbvradj.ini -> %System32%\nhbvradj.ini -> [Ver = | Size = 693619 bytes | Modified Date = 07/10/2007 20:07:34 | Attr = HS]
    NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 30/09/2007 04:05:34 | Attr = ]
    nvoaomqu.ini -> %System32%\nvoaomqu.ini -> [Ver = | Size = 694072 bytes | Modified Date = 08/10/2007 18:06:32 | Attr = HS]
    oodag -> %System32%\oodag -> [Folder | Modified Date = 18/10/2007 13:46:24 | Attr = ]
    oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 172395 bytes | Modified Date = 18/10/2007 22:30:44 | Attr = ]
    PnkBstrA.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 02/10/2007 22:24:22 | Attr = ]
    PnkBstrB.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 18/10/2007 21:03:14 | Attr = ]
    qndspwhb.ini -> %System32%\qndspwhb.ini -> [Ver = | Size = 594 bytes | Modified Date = 18/10/2007 16:44:50 | Attr = HS]
    qoivsuif.ini -> %System32%\qoivsuif.ini -> [Ver = | Size = 693841 bytes | Modified Date = 08/10/2007 12:58:30 | Attr = HS]
    qqxjiblr.ini -> %System32%\qqxjiblr.ini -> [Ver = | Size = 693532 bytes | Modified Date = 01/10/2007 21:06:22 | Attr = HS]
    rcafgqeb.ini -> %System32%\rcafgqeb.ini -> [Ver = | Size = 694621 bytes | Modified Date = 10/10/2007 15:41:34 | Attr = HS]
    rlbijxqq.dll -> %System32%\rlbijxqq.dll -> [Ver = | Size = 87104 bytes | Modified Date = 01/10/2007 21:06:02 | Attr = ]
    rpycbqep.ini -> %System32%\rpycbqep.ini -> [Ver = | Size = 693601 bytes | Modified Date = 02/10/2007 19:44:30 | Attr = HS]
    settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 18/10/2007 22:29:48 | Attr = ]
    settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 18/10/2007 22:29:48 | Attr = ]
    spool -> %System32%\spool -> [Folder | Modified Date = 18/10/2007 11:24:16 | Attr = ]
    streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 13/10/2007 22:51:56 | Attr = R ]
    tcecrekc.ini -> %System32%\tcecrekc.ini -> [Ver = | Size = 693748 bytes | Modified Date = 08/10/2007 10:29:36 | Attr = HS]
    urxpqoib.ini -> %System32%\urxpqoib.ini -> [Ver = | Size = 693901 bytes | Modified Date = 01/10/2007 16:12:42 | Attr = HS]
    veafynsq.ini -> %System32%\veafynsq.ini -> [Ver = | Size = 693832 bytes | Modified Date = 01/10/2007 14:33:16 | Attr = HS]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 18/10/2007 22:31:38 | Attr = ]
    xbwsvupo.ini -> %System32%\xbwsvupo.ini -> [Ver = | Size = 694012 bytes | Modified Date = 04/10/2007 10:08:26 | Attr = HS]
    xklajlbk.ini -> %System32%\xklajlbk.ini -> [Ver = | Size = 534 bytes | Modified Date = 17/10/2007 20:30:44 | Attr = HS]
    xnrtuvsh.ini -> %System32%\xnrtuvsh.ini -> [Ver = | Size = 694252 bytes | Modified Date = 09/10/2007 18:15:12 | Attr = HS]
    yrhchoke.ini -> %System32%\yrhchoke.ini -> [Ver = | Size = 414 bytes | Modified Date = 17/10/2007 16:57:48 | Attr = HS]
    etc -> %System32%\drivers\etc -> [Folder | Modified Date = 18/10/2007 16:45:50 | Attr = ]
    PnkBstrK.sys -> %System32%\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 18/10/2007 21:04:24 | Attr = ]
    hosts.20071017-162235.backup -> %System32%\drivers\etc\hosts.20071017-162235.backup -> [Ver = | Size = 190678 bytes | Modified Date = 14/10/2007 15:17:14 | Attr = R ]
    hosts.20071018-164549.backup -> %System32%\drivers\etc\hosts.20071018-164549.backup -> [Ver = | Size = 193279 bytes | Modified Date = 17/10/2007 16:22:36 | Attr = R ]
    hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 431 bytes | Modified Date = 18/10/2007 22:32:04 | Attr = ]

    [File String Scan - Non-Microsoft Only]
    UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 11:09:50 | Attr = ]
    UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 07/10/2005 18:14:52 | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 15/08/2007 23:30:56 | Attr = ]
    Thawte Consulting , -> %System32%\ISUSPM.cpl -> Macrovision Corporation [Ver = 6, 1, 100, 56793 | Size = 78784 bytes | Modified Date = 27/04/2007 11:12:44 | Attr = ]
    USERTRUST , -> %System32%\PhysXLoader.dll -> [Ver = 2, 7, 2, 9 | Size = 70400 bytes | Modified Date = 19/06/2007 08:59:36 | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
    UPX! , UPX0 , -> %System32%\WNASPI32.DLL -> Jukka Poikolainen Software [Ver = 5, 0, 0, 1 | Size = 22528 bytes | Modified Date = 17/03/2001 21:34:12 | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 193279 bytes | Modified Date = 18/10/2007 16:45:50 | Attr = R ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071017-162235.backup -> [Ver = | Size = 190678 bytes | Modified Date = 14/10/2007 15:17:14 | Attr = R ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071018-164549.backup -> [Ver = | Size = 193279 bytes | Modified Date = 17/10/2007 16:22:36 | Attr = R ]


    < End of report >


    Latest HiJackThis report


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:56:21, on 18/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    D:\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\WINDOWS\CURITY~1\iexplore.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Mark\Desktop\WinPFind3u\WinPFind3U.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.football365.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {DDF76102-EE3A-4B14-ADA6-5E757FD05C91} - C:\WINDOWS\system32\geebb.dll (file missing)
    O2 - BHO: (no name) - {E180F336-9CD4-4C61-B0A9-CE6F52D9FDA5} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\J


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hi, do this

    Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    [Processes - Non-Microsoft Only]
    YN -> iexplore.exe -> %SystemRoot%\??curity\iexplore.exe
    [Registry - Non-Microsoft Only]
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> Tocs -> %SystemRoot%\??curity\iexplore.exe
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    YN -> {8CEFE835-8EBF-420F-AFA2-807008E32917} [HKLM] -> Reg Data - Key not found []
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YN -> xxyyxya -> xxyyxya.dll
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
    YN -> {DDF76102-EE3A-4B14-ADA6-5E757FD05C91} [HKLM] -> %System32%\geebb.dll [Reg Data - Value does not exist]
    YN -> {E180F336-9CD4-4C61-B0A9-CE6F52D9FDA5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    YN -> {E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote]
    YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
    YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    YN -> &Subscribe with ArchosLink ->
    YN -> E&xport to Microsoft Excel ->
    [Files/Folders - Created Within 30 days]
    NY -> ??curity -> %SystemRoot%\??curity
    NY -> aabdymbv.ini -> %System32%\aabdymbv.ini
    NY -> alnnpkvo.ini -> %System32%\alnnpkvo.ini
    NY -> ankwclyh.ini -> %System32%\ankwclyh.ini
    NY -> asamgkne.ini -> %System32%\asamgkne.ini
    NY -> bhwpsdnq.dll -> %System32%\bhwpsdnq.dll
    NY -> bioqpxru.dll -> %System32%\bioqpxru.dll
    NY -> cqgqnyva.ini -> %System32%\cqgqnyva.ini
    NY -> ddxuttrf.ini -> %System32%\ddxuttrf.ini
    NY -> enkgmasa.dll -> %System32%\enkgmasa.dll
    NY -> eudccscp.ini -> %System32%\eudccscp.ini
    NY -> frtjjvjd.ini -> %System32%\frtjjvjd.ini
    NY -> gvjpbfok.ini -> %System32%\gvjpbfok.ini
    NY -> hcbxdjwi.dll -> %System32%\hcbxdjwi.dll
    NY -> ilshirnj.ini -> %System32%\ilshirnj.ini
    NY -> iwjdxbch.ini -> %System32%\iwjdxbch.ini
    NY -> jmshkraa.ini -> %System32%\jmshkraa.ini
    NY -> jwekcnvw.ini -> %System32%\jwekcnvw.ini
    NY -> nhbvradj.ini -> %System32%\nhbvradj.ini
    NY -> nvoaomqu.ini -> %System32%\nvoaomqu.ini
    NY -> qndspwhb.ini -> %System32%\qndspwhb.ini
    NY -> qoivsuif.ini -> %System32%\qoivsuif.ini
    NY -> qqxjiblr.ini -> %System32%\qqxjiblr.ini
    NY -> rcafgqeb.ini -> %System32%\rcafgqeb.ini
    NY -> rlbijxqq.dll -> %System32%\rlbijxqq.dll
    NY -> rpycbqep.ini -> %System32%\rpycbqep.ini
    NY -> tcecrekc.ini -> %System32%\tcecrekc.ini
    NY -> urxpqoib.ini -> %System32%\urxpqoib.ini
    NY -> veafynsq.ini -> %System32%\veafynsq.ini
    NY -> xbwsvupo.ini -> %System32%\xbwsvupo.ini
    NY -> xklajlbk.ini -> %System32%\xklajlbk.ini
    NY -> xnrtuvsh.ini -> %System32%\xnrtuvsh.ini
    NY -> yrhchoke.ini -> %System32%\yrhchoke.ini
    [Files/Folders - Modified Within 30 days]
    NY -> ??curity -> %SystemRoot%\??curity
    NY -> aabdymbv.ini -> %System32%\aabdymbv.ini
    NY -> alnnpkvo.ini -> %System32%\alnnpkvo.ini
    NY -> ankwclyh.ini -> %System32%\ankwclyh.ini
    NY -> asamgkne.ini -> %System32%\asamgkne.ini
    NY -> bhwpsdnq.dll -> %System32%\bhwpsdnq.dll
    NY -> bioqpxru.dll -> %System32%\bioqpxru.dll
    NY -> cqgqnyva.ini -> %System32%\cqgqnyva.ini
    NY -> ddxuttrf.ini -> %System32%\ddxuttrf.ini
    NY -> enkgmasa.dll -> %System32%\enkgmasa.dll
    NY -> eudccscp.ini -> %System32%\eudccscp.ini
    NY -> frtjjvjd.ini -> %System32%\frtjjvjd.ini
    NY -> gvjpbfok.ini -> %System32%\gvjpbfok.ini
    NY -> hcbxdjwi.dll -> %System32%\hcbxdjwi.dll
    NY -> ilshirnj.ini -> %System32%\ilshirnj.ini
    NY -> iwjdxbch.ini -> %System32%\iwjdxbch.ini
    NY -> jmshkraa.ini -> %System32%\jmshkraa.ini
    NY -> jwekcnvw.ini -> %System32%\jwekcnvw.ini
    NY -> nhbvradj.ini -> %System32%\nhbvradj.ini
    NY -> qndspwhb.ini -> %System32%\qndspwhb.ini
    NY -> qoivsuif.ini -> %System32%\qoivsuif.ini
    NY -> qqxjiblr.ini -> %System32%\qqxjiblr.ini
    NY -> rcafgqeb.ini -> %System32%\rcafgqeb.ini
    NY -> rlbijxqq.dll -> %System32%\rlbijxqq.dll
    NY -> rpycbqep.ini -> %System32%\rpycbqep.ini
    NY -> tcecrekc.ini -> %System32%\tcecrekc.ini
    NY -> urxpqoib.ini -> %System32%\urxpqoib.ini
    NY -> veafynsq.ini -> %System32%\veafynsq.ini
    NY -> xbwsvupo.ini -> %System32%\xbwsvupo.ini
    NY -> xklajlbk.ini -> %System32%\xklajlbk.ini
    NY -> xnrtuvsh.ini -> %System32%\xnrtuvsh.ini
    NY -> yrhchoke.ini -> %System32%\yrhchoke.ini
    [File String Scan - Non-Microsoft Only]
    NY -> abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts
    NY -> abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071017-162235.backup
    NY -> abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071018-164549.backup

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

    I will review the information when it comes back in.



    Also please post a new HijackThis log


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    Hi, do this

    Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.



    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

    I will review the information when it comes back in.



    Also please post a new HijackThis log

    Report on the actions taken during fix

    [Processes - Non-Microsoft Only]
    Unable to kill process iexplore.exe .
    [Registry - Non-Microsoft Only]
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Tocs not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8CEFE835-8EBF-420F-AFA2-807008E32917} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyxya deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDF76102-EE3A-4B14-ADA6-5E757FD05C91} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDF76102-EE3A-4B14-ADA6-5E757FD05C91} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E180F336-9CD4-4C61-B0A9-CE6F52D9FDA5} deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Subscribe with ArchosLink deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel deleted successfully.
    [Files/Folders - Created Within 30 days]
    File C:\WINDOWS\??curity not found!
    C:\WINDOWS\SYSTEM32\aabdymbv.ini moved successfully.
    C:\WINDOWS\SYSTEM32\alnnpkvo.ini moved successfully.
    C:\WINDOWS\SYSTEM32\ankwclyh.ini moved successfully.
    C:\WINDOWS\SYSTEM32\asamgkne.ini moved successfully.
    C:\WINDOWS\SYSTEM32\bhwpsdnq.dll moved successfully.
    C:\WINDOWS\SYSTEM32\bioqpxru.dll moved successfully.
    C:\WINDOWS\SYSTEM32\cqgqnyva.ini moved successfully.
    C:\WINDOWS\SYSTEM32\ddxuttrf.ini moved successfully.
    C:\WINDOWS\SYSTEM32\enkgmasa.dll moved successfully.
    C:\WINDOWS\SYSTEM32\eudccscp.ini moved successfully.
    C:\WINDOWS\SYSTEM32\frtjjvjd.ini moved successfully.
    C:\WINDOWS\SYSTEM32\gvjpbfok.ini moved successfully.
    C:\WINDOWS\SYSTEM32\hcbxdjwi.dll moved successfully.
    C:\WINDOWS\SYSTEM32\ilshirnj.ini moved successfully.
    C:\WINDOWS\SYSTEM32\iwjdxbch.ini moved successfully.
    C:\WINDOWS\SYSTEM32\jmshkraa.ini moved successfully.
    C:\WINDOWS\SYSTEM32\jwekcnvw.ini moved successfully.
    C:\WINDOWS\SYSTEM32\nhbvradj.ini moved successfully.
    C:\WINDOWS\SYSTEM32\nvoaomqu.ini moved successfully.
    C:\WINDOWS\SYSTEM32\qndspwhb.ini moved successfully.
    C:\WINDOWS\SYSTEM32\qoivsuif.ini moved successfully.
    C:\WINDOWS\SYSTEM32\qqxjiblr.ini moved successfully.
    C:\WINDOWS\SYSTEM32\rcafgqeb.ini moved successfully.
    C:\WINDOWS\SYSTEM32\rlbijxqq.dll moved successfully.
    C:\WINDOWS\SYSTEM32\rpycbqep.ini moved successfully.
    C:\WINDOWS\SYSTEM32\tcecrekc.ini moved successfully.
    C:\WINDOWS\SYSTEM32\urxpqoib.ini moved successfully.
    C:\WINDOWS\SYSTEM32\veafynsq.ini moved successfully.
    C:\WINDOWS\SYSTEM32\xbwsvupo.ini moved successfully.
    C:\WINDOWS\SYSTEM32\xklajlbk.ini moved successfully.
    C:\WINDOWS\SYSTEM32\xnrtuvsh.ini moved successfully.
    C:\WINDOWS\SYSTEM32\yrhchoke.ini moved successfully.
    [Files/Folders - Modified Within 30 days]
    File C:\WINDOWS\??curity not found!
    File C:\WINDOWS\SYSTEM32\aabdymbv.ini not found!
    File C:\WINDOWS\SYSTEM32\alnnpkvo.ini not found!
    File C:\WINDOWS\SYSTEM32\ankwclyh.ini not found!
    File C:\WINDOWS\SYSTEM32\asamgkne.ini not found!
    File C:\WINDOWS\SYSTEM32\bhwpsdnq.dll not found!
    File C:\WINDOWS\SYSTEM32\bioqpxru.dll not found!
    File C:\WINDOWS\SYSTEM32\cqgqnyva.ini not found!
    File C:\WINDOWS\SYSTEM32\ddxuttrf.ini not found!
    File C:\WINDOWS\SYSTEM32\enkgmasa.dll not found!
    File C:\WINDOWS\SYSTEM32\eudccscp.ini not found!
    File C:\WINDOWS\SYSTEM32\frtjjvjd.ini not found!
    File C:\WINDOWS\SYSTEM32\gvjpbfok.ini not found!
    File C:\WINDOWS\SYSTEM32\hcbxdjwi.dll not found!
    File C:\WINDOWS\SYSTEM32\ilshirnj.ini not found!
    File C:\WINDOWS\SYSTEM32\iwjdxbch.ini not found!
    File C:\WINDOWS\SYSTEM32\jmshkraa.ini not found!
    File C:\WINDOWS\SYSTEM32\jwekcnvw.ini not found!
    File C:\WINDOWS\SYSTEM32\nhbvradj.ini not found!
    File C:\WINDOWS\SYSTEM32\qndspwhb.ini not found!
    File C:\WINDOWS\SYSTEM32\qoivsuif.ini not found!
    File C:\WINDOWS\SYSTEM32\qqxjiblr.ini not found!
    File C:\WINDOWS\SYSTEM32\rcafgqeb.ini not found!
    File C:\WINDOWS\SYSTEM32\rlbijxqq.dll not found!
    File C:\WINDOWS\SYSTEM32\rpycbqep.ini not found!
    File C:\WINDOWS\SYSTEM32\tcecrekc.ini not found!
    File C:\WINDOWS\SYSTEM32\urxpqoib.ini not found!
    File C:\WINDOWS\SYSTEM32\veafynsq.ini not found!
    File C:\WINDOWS\SYSTEM32\xbwsvupo.ini not found!
    File C:\WINDOWS\SYSTEM32\xklajlbk.ini not found!
    File C:\WINDOWS\SYSTEM32\xnrtuvsh.ini not found!
    File C:\WINDOWS\SYSTEM32\yrhchoke.ini not found!
    [File String Scan - Non-Microsoft Only]
    C:\WINDOWS\SYSTEM32\drivers\etc\hosts moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20071017-162235.backup moved successfully.
    C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20071018-164549.backup moved successfully.
    < End of log >
    Created on 10/19/2007 20:14:08


    New WinPFind3U report

    WinPFind3 logfile created on: 19/10/2007 20:16:56
    WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Mark\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.63% Memory free
    3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.19% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 50.00 Gb Total Space | 9.66 Gb Free Space | 19.32% Space Free
    Drive D: | 248.09 Gb Total Space | 107.55 Gb Free Space | 43.35% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: MYBITCH
    Current User Name: Mark
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 13:28:18 | Attr = ]
    asdhremote.exe -> %ProgramFiles%\ASUS\ASUS DH Remote\AsDhRemote.exe -> T-wins [Ver = 0, 0, 13, 0 | Size = 208896 bytes | Modified Date = 19/07/2006 09:32:20 | Attr = ]
    ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 11:06:10 | Attr = ]
    ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 11:05:42 | Attr = ]
    ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 11:06:04 | Attr = ]
    ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 11:04:44 | Attr = ]
    asrc.exe -> %ProgramFiles%\ASUS\ASUS DH Remote\AsRc.exe -> [Ver = | Size = 3167744 bytes | Modified Date = 19/07/2006 09:52:42 | Attr = ]
    aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 10:54:58 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 487424 bytes | Modified Date = 22/08/2007 02:57:16 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 487424 bytes | Modified Date = 22/08/2007 02:57:16 | Attr = ]
    calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 30/03/2006 09:15:44 | Attr = ]
    ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:34 | Attr = ]
    ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 02/12/2004 18:23:34 | Attr = ]
    ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 01:00:00 | Attr = ]
    ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 01:01:00 | Attr = ]
    ctxfihlp.exe -> %System32%\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 01/06/2006 11:34:58 | Attr = ]
    ctxfispi.exe -> %System32%\CTXFISPI.EXE -> Creative Technology Ltd [Ver = 1.0.21.1180 (Beta-Release) | Size = 729600 bytes | Modified Date = 01/06/2006 11:29:38 | Attr = ]
    datalayer.exe -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1106944 bytes | Modified Date = 31/03/2005 10:30:52 | Attr = ]
    dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 16/06/2005 18:25:28 | Attr = ]
    ezbackup.exe -> %ProgramFiles%\EzBackup\EZ-Backup Manager\EzBackup.exe -> [Ver = | Size = 1123840 bytes | Modified Date = 08/05/2006 18:10:38 | Attr = ]
    firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.7: 2007091417 | Size = 7644520 bytes | Modified Date = 16/09/2007 07:56:40 | Attr = ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.1.2 | Size = 503608 bytes | Modified Date = 07/09/2007 16:55:02 | Attr = ]
    ituneshelper.exe -> D:\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.1.2 | Size = 267064 bytes | Modified Date = 07/09/2007 16:55:08 | Attr = ]
    lcdclock.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDClock.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 198656 bytes | Modified Date = 06/03/2006 16:16:12 | Attr = ]
    lcdcountdown.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 378880 bytes | Modified Date = 06/03/2006 16:16:48 | Attr = ]
    lcdmedia.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDMedia.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 289792 bytes | Modified Date = 06/03/2006 16:15:42 | Attr = ]
    lcdmon.exe -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 06/03/2006 16:14:58 | Attr = ]
    lcdpop3.exe -> %ProgramFiles%\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 307200 bytes | Modified Date = 06/03/2006 16:17:24 | Attr = ]
    lgdcore.exe -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 06/03/2006 16:31:52 | Attr = ]
    mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ]
    mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:56 | Attr = ]
    nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 32 | Size = 552064 bytes | Modified Date = 18/03/2007 11:52:02 | Attr = ]
    nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 32 | Size = 949376 bytes | Modified Date = 18/03/2007 11:52:02 | Attr = ]
    notiman.exe -> %ProgramFiles%\Creative\ShareDLL\CADI\NotiMan.exe -> Creative Technology Ltd. [Ver = 1.0.0.1 | Size = 73728 bytes | Modified Date = 14/01/2005 19:32:44 | Attr = ]
    oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1634 | Size = 1050120 bytes | Modified Date = 11/05/2007 02:09:48 | Attr = ]
    pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 02/10/2007 22:24:22 | Attr = ]
    richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 08/08/2005 13:54:00 | Attr = ]
    schedhlp.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 16/10/2006 21:13:32 | Attr = ]
    schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 16/10/2006 21:13:28 | Attr = ]
    servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 50, 28, 2 | Size = 97792 bytes | Modified Date = 22/03/2005 13:27:16 | Attr = ]
    taskswitch.exe -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 19/03/2002 17:30:00 | Attr = ]
    teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr = ]
    timountermonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 16/10/2006 21:17:16 | Attr = ]
    trueimagemonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 16/10/2006 21:12:20 | Attr = ]
    volpanel.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.21.0 | Size = 122880 bytes | Modified Date = 11/07/2005 11:34:06 | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 16/10/2006 21:13:28 | Attr = ]
    (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/10/2006 23:52:46 | Attr = ]
    (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 13:28:18 | Attr = ]
    (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 10:54:58 | Attr = ]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 487424 bytes | Modified Date = 22/08/2007 02:57:16 | Attr = ]
    (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 21/08/2007 21:05:00 | Attr = ]
    (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 11:06:04 | Attr = ]
    (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 11:05:42 | Attr = ]
    (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 11:04:44 | Attr = ]
    (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ]
    (CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 30/03/2006 09:15:44 | Attr = ]
    (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 01:01:00 | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ]
    (EZ-Backup Manager) EZ-Backup Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\EzBackup\EZ-Backup Manager\EzBackup.exe -> [Ver = | Size = 1123840 bytes | Modified Date = 08/05/2006 18:10:38 | Attr = ]
    (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 02/09/2007 20:16:56 | Attr = ]
    (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.1.2 | Size = 503608 bytes | Modified Date = 07/09/2007 16:55:02 | Attr = ]
    (MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 24/11/2005 18:03:22 | Attr = ]
    (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 10, 3, 2 | Size = 800040 bytes | Modified Date = 29/06/2007 19:16:56 | Attr = ]
    (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,16,0 | Size = 279848 bytes | Modified Date = 27/06/2007 19:04:00 | Attr = ]
    (NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 32 | Size = 552064 bytes | Modified Date = 18/03/2007 11:52:02 | Attr = ]
    (O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 10.0.1634 | Size = 1050120 bytes | Modified Date = 11/05/2007 02:09:48 | Attr = ]
    (PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 24/11/2005 17:57:44 | Attr = ]
    (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 02/10/2007 22:24:22 | Attr = ]
    (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 08/08/2005 13:54:00 | Attr = ]
    (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 24/11/2005 17:47:30 | Attr = ]
    (SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 06/01/2006 23:25:12 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 16/10/2006 21:13:32 | Attr = ]
    AcronisTimounterMonitor -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 16/10/2006 21:17:16 | Attr = ]
    Ai Quicker Help -> %ProgramFiles%\ASUS\ASUS DH Remote\AsRc.exe -> [Ver = | Size = 3167744 bytes | Modified Date = 19/07/2006 09:52:42 | Attr = ]
    AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 16/06/2005 18:25:28 | Attr = ]
    avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 11:06:10 | Attr = ]
    CoolSwitch -> %System32%\taskswitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 19/03/2002 17:30:00 | Attr = ]
    CTDVDDET -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 01:00:00 | Attr = ]
    CTxfiHlp -> %System32%\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 01/06/2006 11:34:58 | Attr = ]
    DataLayer -> %CommonProgramFiles%\PCSuite\DataLayer\DataLayer.exe -> Nokia Mobile Phones Ltd. [Ver = 6, 50, 101, 3 | Size = 1106944 bytes | Modified Date = 31/03/2005 10:30:52 | Attr = ]
    iTunesHelper -> D:\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.1.2 | Size = 267064 bytes | Modified Date = 07/09/2007 16:55:08 | Attr = ]
    Kernel and Hardware Abstraction Layer -> KHALMNPR.EXE -> File not found
    Launch LCDMon -> %ProgramFiles%\Logitech\G-series Software\LCDMon.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 497152 bytes | Modified Date = 06/03/2006 16:14:58 | Attr = ]
    Launch LGDCore -> %ProgramFiles%\Logitech\G-series Software\LGDCore.exe -> Logitech Inc. [Ver = 1.02.218 | Size = 1122304 bytes | Modified Date = 06/03/2006 16:31:52 | Attr = ]
    nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 32 | Size = 949376 bytes | Modified Date = 18/03/2007 11:52:02 | Attr = ]
    RCSystem -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 16/06/2005 18:25:28 | Attr = ]
    StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 10/11/2006 12:35:24 | Attr = ]
    TrueImageMonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 16/10/2006 21:12:20 | Attr = ]
    VolPanel -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.21.0 | Size = 122880 bytes | Modified Date = 11/07/2005 11:34:06 | Attr = ]
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 02/12/2004 18:23:34 | Attr = ]
    SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 31/08/2007 16:46:28 | Attr = ]
    < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    {93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> %ProgramFiles%\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 09/10/2004 15:18:02 | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4175 | Size = 122880 bytes | Modified Date = 22/08/2007 02:58:44 | Attr = ]
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
    < HOSTS File > -> ->
    -> Hosts file not found ->
    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
    HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.football365.com/ ->
    HKCU: ProxyEnable -> 0 ->
    HKCU: ProxyOverride -> *.local ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 05:16:42 | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {20B66F52-4ECA-45A6-B3C6-E62679B30452} -> (Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter) ->
    {329C0643-B212-4D95-B942-85B554D90834} -> (Nintendo Wi-Fi USB Connector) ->
    {4A74ED1C-FE7D-47A9-8553-C11570D1A440} -> () ->
    {6388B550-2334-4380-A574-EABC46C3BEBB} -> () ->
    {6C93F758-34A0-4307-A1DE-CC24F4B326A4} -> (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) ->
    {82E4D865-721D-49ED-A1FE-0C936CFABC79} -> 208.67.222.222,208.67.220.220 (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) ->
    {E91C1567-953E-4D16-B6B9-D6AB4BF97CD5} -> (1394 Net Adapter) ->
    < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
    NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 12:42:30 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 18/03/2007 11:52:04 | Attr = ]
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab ->
    {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> OnlineScanner Control - CodeBase = http://www.eset.eu/buxus/docs/OnlineScanner.cab ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160683618109 ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc4.cab ->
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ->


    [Files/Folders - Created Within 30 days]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 18/10/2007 21:26:31 | Attr = ]
    ZB20071018200312001.xml -> %SystemDrive%\ZB20071018200312001.xml -> [Ver = | Size = 439 bytes | Created Date = 18/10/2007 19:03:12 | Attr = ]
    $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/10/2007 12:53:19 | Attr = H ]
    $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/10/2007 12:51:47 | Attr = H ]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1114 bytes | Created Date = 30/09/2007 20:25:41 | Attr = ]
    Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 18/10/2007 14:55:36 | Attr = ]
    mozregistry.dat -> %SystemRoot%\mozregistry.dat -> [Ver = | Size = 335 bytes | Created Date = 03/10/2007 12:04:06 | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 15/10/2007 13:33:15 | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 15/10/2007 13:33:15 | Attr = H ]
    Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 11/10/2007 20:21:00 | Attr = ]
    _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Created Date = 29/09/2007 18:50:52 | Attr = ]
    ??curity -> %SystemRoot%\??curity -> [Folder | Created Date = 29/04/1745 08:47:40 | Attr = ]
    actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 17/10/2007 14:11:48 | Attr = ]
    aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 18/10/2007 11:42:50 | Attr = ]
    AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 18/10/2007 11:43:00 | Attr = ]
    DGPNorm.ocx -> %System32%\DGPNorm.ocx -> DGP [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Created Date = 17/10/2007 14:11:49 | Attr = ]
    ISUSPM.cpl -> %System32%\ISUSPM.cpl -> Macrovision Corporation [Ver = 6, 1, 100, 56793 | Size = 78784 bytes | Created Date = 29/09/2007 20:03:21 | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 13/10/2007 11:55:31 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 13/10/2007 11:55:31 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 13/10/2007 11:55:31 | Attr = ]
    lame_enc.dll -> %System32%\lame_enc.dll -> [Ver = | Size = 233472 bytes | Created Date = 17/10/2007 14:11:49 | Attr = ]
    NCTAudioFile.dll -> %System32%\NCTAudioFile.dll -> NCT Company [Ver = 1, 7, 4, 1 | Size = 1703936 bytes | Created Date = 17/10/2007 14:11:49 | Attr = ]
    NCTWMAFile.dll -> %System32%\NCTWMAFile.dll -> NCT Company [Ver = 1, 7, 2, 0 | Size = 360448 bytes | Created Date = 17/10/2007 14:11:49 | Attr = ]
    streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 13/10/2007 21:51:46 | Attr = R ]
    aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 18/10/2007 11:43:02 | Attr = ]
    aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 18/10/2007 11:42:55 | Attr = ]
    aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 18/10/2007 11:42:55 | Attr = ]
    aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 18/10/2007 11:43:04 | Attr = ]
    aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 18/10/2007 11:43:04 | Attr = ]
    hosts.20071014-151712.backup -> %System32%\drivers\etc\hosts.20071014-151712.backup -> [Ver = | Size = 734 bytes | Created Date = 14/10/2007 14:17:12 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 13/10/2007 22:35:46 | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2146553856 bytes | Modified Date = 19/10/2007 20:09:52 | Attr = HS]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 18/10/2007 23:03:46 | Attr = ]
    ProgramData -> %SystemDrive%\ProgramData -> [Folder | Modified Date = 29/09/2007 21:05:28 | Attr = ]
    VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 18/10/2007 22:26:32 | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 18/10/2007 15:55:38 | Attr = ]
    ZB20071018200312001.xml -> %SystemDrive%\ZB20071018200312001.xml -> [Ver = | Size = 439 bytes | Modified Date = 18/10/2007 20:03:14 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 14/10/2007 13:33:30 | Attr = H ]
    $NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/10/2007 13:53:22 | Attr = H ]
    $NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/10/2007 13:51:48 | Attr = H ]
    assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/10/2007 13:34:16 | Attr = R S]
    AviSplitter.INI -> %SystemRoot%\AviSplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 25/09/2007 19:04:22 | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 19/10/2007 20:10:04 | Attr = S]
    cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1114 bytes | Modified Date = 14/10/2007 00:36:04 | Attr = ]
    Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 29/09/2007 20:37:06 | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 03/10/2007 11:41:46 | Attr = S]
    DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 67 bytes | Modified Date = 19/10/2007 08:57:20 | Attr = ]
    game.ini -> %SystemRoot%\game.ini -> [Ver = | Size = 267 bytes | Modified Date = 13/10/2007 11:47:28 | Attr = ]
    Help -> %SystemRoot%\Help -> [Folder | Modified Date = 29/09/2007 19:52:18 | Attr = ]
    ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/10/2007 13:52:00 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 13/10/2007 11:48:12 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 17/10/2007 15:13:24 | Attr = HS]
    Media -> %SystemRoot%\Media -> [Folder | Modified Date = 29/09/2007 20:37:06 | Attr = ]
    Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 18/10/2007 15:55:38 | Attr = ]
    mozregistry.dat -> %SystemRoot%\mozregistry.dat -> [Ver = | Size = 335 bytes | Modified Date = 03/10/2007 13:04:08 | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 18/10/2007 20:51:58 | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 19/10/2007 20:14:40 | Attr = ]
    QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 15/10/2007 14:33:28 | Attr = ]
    QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 19/10/2007 20:10:58 | Attr = H ]
    Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 29/09/2007 20:37:02 | Attr = ]
    Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 17/10/2007 20:39:58 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 13/10/2007 22:34:44 | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 19/10/2007 20:14:10 | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 19/10/2007 20:15:22 | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 29/09/2007 19:52:16 | Attr = ]
    _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Modified Date = 29/09/2007 19:50:54 | Attr = ]
    ??curity -> %SystemRoot%\??curity -> [Folder | Modified Date = 07/08/2007 23:44:34 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 19/10/2007 20:10:10 | Attr = H ]
    BMXState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> %System32%\BMXState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> [Ver = | Size = 53816 bytes | Modified Date = 19/10/2007 18:43:52 | Attr = ]
    BMXStateBkp-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> %System32%\BMXStateBkp-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> [Ver = | Size = 53816 bytes | Modified Date = 19/10/2007 18:43:52 | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 19/10/2007 20:10:30 | Attr = ]
    config -> %System32%\config -> [Folder | Modified Date = 18/10/2007 13:33:42 | Attr = ]
    CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 18/10/2007 12:43:04 | Attr = ]
    DirectX -> %System32%\DirectX -> [Folder | Modified Date = 13/10/2007 22:21:58 | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/10/2007 13:53:22 | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 18/10/2007 12:43:06 | Attr = ]
    DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 29/09/2007 19:52:30 | Attr = ]
    DVCState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> %System32%\DVCState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx -> [Ver = | Size = 64980 bytes | Modified Date = 19/10/2007 18:43:52 | Attr = ]
    imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 190 bytes | Modified Date = 07/10/2007 23:32:12 | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 24/09/2007 22:30:28 | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Modified Date = 24/09/2007 23:31:42 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 24/09/2007 22:30:30 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 24/09/2007 23:31:42 | Attr = ]
    NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 30/09/2007 04:05:34 | Attr = ]
    oodag -> %System32%\oodag -> [Folder | Modified Date = 18/10/2007 13:46:24 | Attr = ]
    oodbs.lor -> %System32%\oodbs.lor -> [Ver = | Size = 180057 bytes | Modified Date = 19/10/2007 20:09:46 | Attr = ]
    PnkBstrA.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 02/10/2007 22:24:22 | Attr = ]
    PnkBstrB.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 18/10/2007 21:03:14 | Attr = ]
    settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 19/10/2007 18:43:52 | Attr = ]
    settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 19/10/2007 18:43:52 | Attr = ]
    spool -> %System32%\spool -> [Folder | Modified Date = 18/10/2007 11:24:16 | Attr = ]
    streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 13/10/2007 22:51:56 | Attr = R ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 19/10/2007 20:10:34 | Attr = ]
    etc -> %System32%\drivers\etc -> [Folder | Modified Date = 19/10/2007 20:14:10 | Attr = ]
    PnkBstrK.sys -> %System32%\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 18/10/2007 21:04:24 | Attr = ]
    hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 431 bytes | Modified Date = 19/10/2007 20:10:46 | Attr = ]

    [File String Scan - Non-Microsoft Only]
    UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 11:09:50 | Attr = ]
    UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 07/10/2005 18:14:52 | Attr = ]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 15/08/2007 23:30:56 | Attr = ]
    Thawte Consulting , -> %System32%\ISUSPM.cpl -> Macrovision Corporation [Ver = 6, 1, 100, 56793 | Size = 78784 bytes | Modified Date = 27/04/2007 11:12:44 | Attr = ]
    USERTRUST , -> %System32%\PhysXLoader.dll -> [Ver = 2, 7, 2, 9 | Size = 70400 bytes | Modified Date = 19/06/2007 08:59:36 | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
    UPX! , UPX0 , -> %System32%\WNASPI32.DLL -> Jukka Poikolainen Software [Ver = 5, 0, 0, 1 | Size = 22528 bytes | Modified Date = 17/03/2001 21:34:12 | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 22:41:38 | Attr = ]

    < End of report >



    New HiJackThis report

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:22:33, on 19/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\iTunes\iTunesHelper.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.football365.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160683618109
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{82E4D865-721D-49ED-A1FE-0C936CFABC79}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EZ-Backup Manager - Unknown owner - C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 11451 bytes



    Thanks for all help my friend........... How does my PC look:confused:


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Your logs are looking good, we are nearly done.

    You seem to be using two anti-virus programs Nod32 and Avast!, you need to remove one of these as having two anti-virus programs running can cause a lot of problems. They are both good, so doesnt matter really which one you remove.

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Also let me know how your PC is running


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    Your logs are looking good, we are nearly done.

    You seem to be using two anti-virus programs Nod32 and Avast!, you need to remove one of these as having two anti-virus programs running can cause a lot of problems. They are both good, so doesnt matter really which one you remove.

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Also let me know how your PC is running

    I will get rid of the Avast program as I've been using NOD32 for a few years

    Here is the report log for combo fix

    I was about to say that I haven't seen any alerts since yesterday and PC appears to be running fine but as I was running the combofix program up popped a NOD332 alert

    details.....

    Time Module Object Name Threat Action User Information
    2007-10-20 21:40 AMON file C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\XC880XIX\gepj[1] Win32/Adware.Virtumonde application quarantined - deleted MYBITCH\Mark Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\findstr.exe.

    This alerted popped up when I started the ComboFix program ????? Is it a coincidence





    See below ComboFix log report

    ComboFix 07-10-20.2 - Mark 2007-10-19 21:27:14.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1285 [GMT 1:00]
    Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\Documents and Settings\Mark\Application Data\inst.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\curity~1
    C:\WINDOWS\curity~1\??curity\
    C:\WINDOWS\curity~1\iexplore.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    \LEGACY_IPRIP
    \Iprip


    ((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
    .

    2007-10-19 21:26 51,200 --a
    C:\WINDOWS\NirCmd.exe
    2007-10-18 23:11 <DIR> d
    C:\Documents and Settings\Mark\Application Data\wsInspector
    2007-10-18 23:03 <DIR> d
    C:\Program Files\Startup Inspector for Windows
    2007-10-18 22:26 <DIR> d
    C:\VundoFix Backups
    2007-10-18 18:41 <DIR> d
    C:\Program Files\Trend Micro
    2007-10-18 15:51 <DIR> d
    C:\Documents and Settings\Mark\DoctorWeb
    2007-10-18 12:43 95,608 --a
    C:\WINDOWS\system32\AvastSS.scr
    2007-10-18 12:43 42,912 --a
    C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-18 12:43 26,624 --a
    C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-18 12:43 23,152 --a
    C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-18 12:42 <DIR> d
    C:\Program Files\Alwil Software
    2007-10-18 12:42 801,144 --a
    C:\WINDOWS\system32\aswBoot.exe
    2007-10-18 12:42 94,416 --a
    C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-18 12:42 92,848 --a
    C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-18 00:19 <DIR> d-a
    C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-17 23:40 <DIR> d--h
    C:\Documents and Settings\Mark\InstallAnywhere
    2007-10-17 15:11 <DIR> d
    C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
    2007-10-17 15:11 1,703,936 --a
    C:\WINDOWS\system32\NCTAudioFile.dll
    2007-10-17 15:11 360,448 --a
    C:\WINDOWS\system32\NCTWMAFile.dll
    2007-10-17 15:11 233,472 --a
    C:\WINDOWS\system32\lame_enc.dll
    2007-10-14 15:55 <DIR> d
    C:\Program Files\Opera
    2007-10-14 14:55 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-13 22:52 <DIR> d
    C:\Documents and Settings\Mark\Application Data\TrojanHunter
    2007-10-13 22:51 <DIR> d
    C:\Program Files\TrojanHunter 5.0
    2007-10-11 21:21 <DIR> d
    C:\WINDOWS\Sun
    2007-10-10 11:58 582,656
    c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-08 18:49 <DIR> d
    C:\Documents and Settings\All Users\SonicStage
    2007-10-04 17:10 <DIR> d
    C:\Program Files\Ontrack
    2007-10-03 13:04 335 --a
    C:\WINDOWS\mozregistry.dat
    2007-10-03 11:42 <DIR> d
    C:\Program Files\EsetOnlineScanner
    2007-09-30 02:01 <DIR> d--h
    C:\Program Files\Zero G Registry
    2007-09-29 21:06 <DIR> d
    C:\Documents and Settings\Mark\Application Data\Codemasters
    2007-09-29 21:05 <DIR> d
    C:\Documents and Settings\All Users\Application Data\InstallShield
    2007-09-29 20:36 <DIR> d
    C:\Program Files\Visualizations
    2007-09-29 20:36 <DIR> d
    C:\Program Files\Microsoft Plus!
    2007-09-29 19:50 2,560 --a
    C:\WINDOWS\_MSRSTRT.EXE
    2007-09-24 17:15 <DIR> d
    C:\Program Files\EA GAMES

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-19 11:24
    d
    w C:\Program Files\Mozilla Thunderbird
    2007-10-18 20:04 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-10-18 19:03
    d
    w C:\Documents and Settings\Mark\Application Data\ZoomBrowser EX
    2007-10-18 02:29
    d
    w C:\Documents and Settings\Mark\Application Data\uTorrent
    2007-10-17 22:46
    d
    w C:\Documents and Settings\Mark\Application Data\Sports Interactive
    2007-10-17 14:13
    d
    w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-10-14 12:34
    d
    w C:\Program Files\Lavasoft
    2007-10-13 21:18
    d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-13 15:28
    d
    w C:\Program Files\Electronic Arts
    2007-10-13 11:55
    d
    w C:\Program Files\Java
    2007-10-09 17:23
    d
    w C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-03 16:20
    d
    w C:\Documents and Settings\Mark\Application Data\Vso
    2007-10-02 20:49 22,328 ----a-w C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
    2007-09-29 20:05
    d
    w C:\Documents and Settings\Mark\Application Data\InstallShield
    2007-09-29 20:03
    d
    w C:\Program Files\Common Files\InstallShield
    2007-09-24 16:13
    d
    w C:\Documents and Settings\Mark\Application Data\Bioshock
    2007-09-19 19:23
    d
    w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    2007-09-19 14:38
    d
    w C:\Program Files\DivX
    2007-09-19 14:35
    d
    w C:\Program Files\Driver Cleaner Pro
    2007-09-19 13:20
    d
    w C:\Program Files\MagicISO
    2007-09-19 13:13
    d
    w C:\Program Files\Google
    2007-09-15 20:05
    d
    w C:\Program Files\iPod
    2007-09-15 20:05
    d
    w C:\Program Files\Apple Software Update
    2007-09-15 16:58
    d
    w C:\Program Files\AGEIA Technologies
    2007-09-11 09:54
    d
    w C:\Documents and Settings\All Users\Application Data\ATI
    2007-09-11 09:49
    d
    w C:\Program Files\ATI Technologies
    2007-09-11 09:09
    d
    w C:\Documents and Settings\All Users\Application Data\Trymedia
    2007-09-04 20:20 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
    2007-09-04 20:20 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
    2007-09-02 19:43
    d
    w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-09-02 19:32
    d
    w C:\Program Files\Common Files\Adobe
    2007-09-02 19:32
    d
    w C:\Program Files\Bonjour
    2007-09-02 19:16
    d
    w C:\Program Files\Common Files\Macrovision Shared
    2007-09-02 01:07
    d
    w C:\Program Files\OO Software
    2007-09-02 00:43
    d
    w C:\Program Files\Common Files\InterVideo
    2007-09-02 00:38
    d
    w C:\Program Files\ASUS
    2007-09-01 20:37 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-08-31 14:37
    d
    w C:\Documents and Settings\Mark\Application Data\DVD Profiler
    2007-08-31 14:34
    d
    w C:\Program Files\DVD Profiler
    2007-08-29 13:51
    d
    w C:\Documents and Settings\Mark\Application Data\Ahead
    2007-08-29 13:36
    d
    w C:\Documents and Settings\All Users\Application Data\Ahead
    2007-08-29 13:35
    d
    w C:\Program Files\Common Files\Ahead
    2007-08-29 13:34
    d
    w C:\Documents and Settings\All Users\Application Data\Nero
    2007-08-26 21:42
    d
    w C:\Program Files\MSXML 6.0
    2007-08-22 02:33 46,432 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
    2007-08-22 02:07 2,417,664 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2007-08-22 01:13 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2007-07-12 19:17 47,360 ----a-w C:\Documents and Settings\Mark\Application Data\pcouffin.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-07-19 09:52]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
    "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
    "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-06-01 11:34 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []
    "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31]
    "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14]
    "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 21:12]
    "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 21:17]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 21:13]
    "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-18 11:52]
    "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 10:30]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
    "iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzBackup Manager]
    C:\Program Files\EzBackup\EZ-Backup Manager\ezbackupmanager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
    "C:\Program Files\ASUS\Ai Booster\OverClk.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "RocketDock"="D:\RocketDock\RocketDock.exe"

    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R2 EZ-Backup Manager;EZ-Backup Manager;C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
    S3 cportclm;cportclm;\??\C:\DOCUME~1\Mark\LOCALS~1\Temp\cportclm.sys
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
    S3 SjyPkt;SjyPkt;\??\C:\WINDOWS\System32\Drivers\SjyPkt.sys
    S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command - F:\autorun.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-15 20:05:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-20 21:55:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-20 21:57:34 - machine was rebooted
    .
    --- E O F ---


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Your logs look good. No need to worry about those messages you got, the first one is easily fixed, and the second one is related to combofix.

    You can delete WinPFind3.exe and ComboFix.exe


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
      Double-click
    ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browser
      Click
    Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click
    Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program



    Other than that, we are all done. Just make sure to remove the 2nd anti-virus program.


  • Registered Users, Registered Users 2 Posts: 1,886 ✭✭✭Macker1


    Your logs look good. No need to worry about those messages you got, the first one is easily fixed, and the second one is related to combofix.

    You can delete WinPFind3.exe and ComboFix.exe


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
      Double-click
    ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browser
      Click
    Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click
    Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program



    Other than that, we are all done. Just make sure to remove the 2nd anti-virus program.


    Just done that..... Thanks for all your help and your patience in dealing with the issues. Are there any reasons as to how my PC got into a bit of a mess....just wondering so I don't have any repeated mistakes I my behalf.

    Once again many thanks...Time for bed now up at 05.00am for work


    Bye...


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Its hard to tell how you got infected. Usually p2p/cracks/warez/pr0n are responsible. To stop it happening again make sure you use a good anti-virus program and a firewall, along with a few anti-spyware scanners. Also stay away from suspicious sites.


Advertisement