AAAARRRGGGHHH! What Have I done? - Free Antivirus Forum

AAAARRRGGGHHH! What Have I done?

BullGuard Antivirus Forum > Virus Removal > Removal Help > AAAARRRGGGHHH! What Have I done?

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

yimmin
New Member

Date Joined Sep 2008
Total Posts : 5

Posted 9-13-2008 11:39 (GMT +1)

I was in the middle of downloading when a pop-up apeared saying there was a virus infection. Now all I've got is this !!!! SMART ANTIVIRUS 2009 with all kind of pop-ups coming up.

I've tried to run AVG & Spyware Doctor and they claim to have removed a couple of things but it's still persisting. I'm now unable to select my C drive...can anyone offer any advice before it goes out the window?

Thanks in advance for helping a tired stupid mong out.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14301

Posted 9-14-2008 3:47 (GMT +1)

Hello

Click here - >> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic

Please copy and paste your log. DO NOT add it as an attachment

Kindly do not annotate or format the log with color or font changes.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

yimmin
New Member

Date Joined Sep 2008
Total Posts : 5

Posted 9-15-2008 10:43 (GMT +1)

I'm currently running SUPERAntiSpyware on my mashed up laptop at the minute an as it's taking so !!!! long I thought I'drepeat the process on my spare coal powered one to see if that had been infected in anyway. So here are those results.

Thanks again for your help with this Touch, it's greatly appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:02, on 15/09/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\BtUsrBdg.exe
C:\WINDOWS\System32\BTSetBootKey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
C:\Program Files\BT Broadband 2091\Help\bin\mpbtn.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Ben Appleton\Local Settings\Temporary Internet Files\Content.IE5\D4C0X3NM\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WinScan] drvdisk16.exe -services
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\RunServices: [WinScan] drvdisk16.exe -services
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WinScan] drvdisk16.exe -drivers
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 2091\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Startup.exe
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {1E50B82A-0D78-48B9-97EC-391B2F81CE8A} - http://dialercenter.com/dl/ieloader.cab
O16 - DPF: {1EEC3C99-7AA3-4F6E-B381-AF6942B51618} - http://www.lazychestnuts.net/0015/ph/pup.CAB
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} (GreasyPalmInstallHelper Class) - http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107274410995
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - http://register.btinternet.com/templates/btmailcontrol013.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB676D96-BE22-4133-A45F-9FD6376366DA} - http://www.freefunmp3.com/contenido/IconoMail.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11260 bytes

yimmin
New Member

Date Joined Sep 2008
Total Posts : 5

Posted 9-16-2008 12:05 (GMT +1)

Here is the information requested from the initially infected laptop. Regards Ben.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02, on 16/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Documents and Settings\Ben\sccs.exe
C:\Program Files\Entriq\MediaSphere\3.8.2.9\EntriqMediaServer.exe
C:\Documents and Settings\Ben\css.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\BPPJEDEN\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu.asp?l=en&u=a&h=0809
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Sccs] C:\Documents and Settings\Ben\sccs.exe
O4 - HKLM\..\Run: [Css] C:\Documents and Settings\Ben\css.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4D561B31-49A0-4E2C-8AFF-353468EC669B} (GreasyPalmInstallHelper Class) - http://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150818443921
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 16788 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14301

Posted 9-16-2008 5:59 (GMT +1)

Please download Malwarebytes' Anti-Malware:

http://www.spywarefri.dk/downloads1/mbam-setup.exe

Or here:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with s combofix log.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

yimmin
New Member

Date Joined Sep 2008
Total Posts : 5

Posted 9-16-2008 10:18 (GMT +1)

Here's the data fron the old laptop

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600

16/09/2008 09:56:23
mbam-log-2008-09-16 (09-56-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 70995
Time elapsed: 58 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\c48d3b9bca9b3a5a04bc26f729ee0c6e389dde2e (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\20d44373d4925635cd6b8242090010d8c942c65e (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\d0201ec18700c017433b1c681c48acd51b332706 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 08-09-15.02 - Ben Appleton 2008-09-16 10:03:56.2 - NTFSx86
Running from: C:\Documents and Settings\Ben Appleton\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\llbiirc.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.

2008-09-16 08:18 . 2008-09-16 08:19 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 08:18 . 2008-09-16 08:18 <DIR> d----c--- C:\Documents and Settings\Ben Appleton\Application Data\Malwarebytes
2008-09-16 08:18 . 2008-09-16 08:18 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 08:18 . 2008-09-10 00:04 38,528 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 08:18 . 2008-09-10 00:03 17,200 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 00:16 . 2008-09-16 00:16 <DIR> d----c--- C:\Documents and Settings\Ben Appleton\Application Data\Apple Computer
2008-09-15 23:58 . 2008-09-15 23:58 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-15 23:43 . 2008-09-15 23:50 <DIR> d----c--- C:\Documents and Settings\Ben Appleton\Application Data\vlc
2008-09-15 23:43 . 2008-09-15 23:45 <DIR> d----c--- C:\Documents and Settings\Ben Appleton\Application Data\dvdcss
2008-09-15 23:40 . 2008-09-15 23:40 <DIR> d----c--- C:\Program Files\VideoLAN
2008-09-15 23:21 . 2005-01-28 13:44 96,768 --a--c--- C:\WINDOWS\system32\setb1.tmp
2008-09-15 23:19 . 2008-09-15 23:19 <DIR> d----c--- C:\Program Files\J River
2008-09-15 23:19 . 2008-09-15 23:19 <DIR> d----c--- C:\Documents and Settings\Ben Appleton\Application Data\J River
2008-09-15 22:45 . 2008-09-16 09:58 <DIR> d----c--- C:\Virus Restore
2008-09-15 19:59 . 2008-09-15 19:59 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-09-15 19:59 . 2008-09-15 19:59 <DIR> d----c--- C:\Documents and Settings\Ben Appleton\Application Data\SUPERAntiSpyware.com
2008-09-15 19:59 . 2008-09-15 19:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-15 19:57 . 2008-09-15 19:57 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-15 19:22 . 2008-09-15 19:22 <DIR> d----c--- C:\Program Files\CCleaner
2008-09-15 18:55 . 2008-09-15 18:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\LogMeIn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 07:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-09-15 23:19 --------- dc----w C:\Program Files\LogMeIn
2008-09-15 21:51 --------- dc----w C:\Program Files\BearShare
2005-05-01 12:13 77,312 -csha-w C:\Program Files\Thumbs.db
2004-12-17 11:37 3,816,760 -c--a-w C:\Documents and Settings\FW_update_30\suds.bin
2004-08-07 15:07 560 -c--a-w C:\Documents and Settings\Ben Appleton\Application Data\ViewerApp.dat
2003-08-22 09:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2001-11-02 09:57 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe
2004-05-10 20:44 32 -csha-w C:\WINDOWS\{4838CF0F-507D-4A93-893E-6D1625DCCB37}.dat
2004-05-10 20:47 32 -csha-w C:\WINDOWS\{C6CEB0A1-2889-41A0-8F80-912C3F553767}.dat
2004-07-27 14:44 56 -csh--r C:\WINDOWS\system32\2DD78CFF0D.sys
2004-09-21 09:10 11,690 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-05-10 20:44 32 -csha-w C:\WINDOWS\system32\{59C017F5-1562-47A0-ABA4-BB8A731BCA5A}.dat
2004-05-10 20:47 32 -csha-w C:\WINDOWS\system32\{CA438A09-55E8-4ED9-82CE-6696672375C0}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-15_22.34.34.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-09-22 17:45:38 161,792 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 12:44:28 164,864 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
- 2004-09-22 17:45:54 25,088 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 12:44:28 25,088 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
- 2004-09-22 17:45:54 169,472 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 12:44:28 173,568 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
- 2004-09-22 17:45:56 360,176 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 12:44:28 364,784 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
- 2004-09-22 17:45:56 311,296 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 12:44:28 315,904 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
- 2004-09-22 17:46:12 30,208 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 12:44:28 28,160 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
- 2004-09-22 17:46:12 34,304 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2005-01-28 12:44:28 33,792 -c--a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2004-09-22 17:46:10 47,104 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\uwdf.exe
+ 2004-09-22 17:46:10 15,872 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wdfapi.dll
+ 2004-09-22 17:46:10 38,912 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wdfmgr.exe
+ 2004-09-22 17:46:38 38,912 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpd_ci.dll
+ 2004-09-22 17:46:36 61,952 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdconns.dll
+ 2004-09-22 17:46:36 114,176 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdmtp.dll
+ 2004-09-22 17:46:36 331,776 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdmtpdr.dll
+ 2004-09-22 17:46:36 66,560 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdmtpus.dll
+ 2004-09-22 17:46:36 327,680 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdsp.dll
+ 2004-09-22 17:46:38 10,752 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdtrace.dll
+ 2004-09-22 17:46:38 18,944 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wpdusb.sys
- 2004-09-22 17:46:10 47,104 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 12:44:28 47,104 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
- 2004-09-22 17:46:10 15,872 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 12:44:28 15,872 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
- 2004-09-22 17:46:10 38,912 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 12:44:28 38,912 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
- 2004-09-22 17:46:38 38,912 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 12:44:28 38,912 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
- 2004-09-22 17:46:36 61,952 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 12:44:28 61,952 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
- 2004-09-22 17:46:36 114,176 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 12:44:28 114,176 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
- 2004-09-22 17:46:36 331,776 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 12:44:28 331,776 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
- 2004-09-22 17:46:36 66,560 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 12:44:28 66,560 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
- 2004-09-22 17:46:36 327,680 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 12:44:28 331,264 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
- 2004-09-22 17:46:38 10,752 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 12:44:28 10,752 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
- 2004-09-22 17:46:38 18,944 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2005-01-28 12:44:28 18,944 -c--a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2004-09-22 17:46:32 1,181,944 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvadvd.dll
- 2004-09-22 17:46:10 380,144 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 12:44:28 396,528 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2004-09-22 17:46:26 773,368 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 12:44:28 774,904 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2004-09-22 17:46:30 531,192 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 12:44:28 413,944 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2004-09-22 17:46:32 1,181,944 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 12:44:28 1,218,808 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2004-09-22 17:46:34 871,160 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2005-01-28 12:44:28 895,736 -c--a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-09-22 17:46:12 344,064 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMDRMdev.dll
+ 2004-09-22 17:46:14 290,816 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMDRMNet.dll
+ 2004-09-22 17:46:32 1,509,376 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\WMVADVE.DLL
- 2004-09-22 17:45:44 6,656 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 12:44:28 6,656 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
- 2004-09-22 17:45:44 96,768 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 12:44:28 96,768 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
- 2004-09-22 17:46:02 221,184 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 12:44:28 221,184 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
- 2004-09-22 17:46:10 712,704 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 12:44:28 716,288 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
- 2004-09-22 17:46:12 229,376 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 12:44:28 224,768 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
- 2004-09-22 17:46:12 344,064 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 12:44:28 335,872 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
- 2004-09-22 17:46:14 290,816 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 12:44:28 290,816 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
- 2004-09-22 17:46:14 150,016 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 12:44:28 150,016 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
- 2004-09-22 17:46:16 1,027,072 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,027,072 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
- 2004-09-22 17:46:26 1,116,160 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 12:44:28 1,119,744 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
- 2004-09-22 17:46:30 936,960 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 12:44:28 940,544 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
- 2004-09-22 17:46:32 1,509,376 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 12:44:28 1,512,448 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
- 2004-09-22 17:46:32 2,362,104 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 12:44:28 2,370,296 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
- 2004-09-22 17:46:34 999,424 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2005-01-28 12:44:28 1,003,008 -c--a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
- 2004-09-22 17:45:38 233,472 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 12:44:28 294,912 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
- 2004-09-22 17:45:42 253,688 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 12:44:28 258,296 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
- 2004-09-22 17:45:42 95,232 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 12:44:28 96,768 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
- 2004-09-22 17:45:42 527,360 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 12:44:28 502,272 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
- 2004-09-22 17:45:52 141,312 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2005-01-28 12:44:28 142,336 -c--a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
- 2004-09-22 17:45:38 233,472 -c--a-w C:\WINDOWS\system32\blackbox.dll
+ 2005-01-28 12:44:28 294,912 -c--a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-22 17:45:38 161,792 -c--a-w C:\WINDOWS\system32\cewmdm.dll
+ 2005-01-28 12:44:28 164,864 -c--a-w C:\WINDOWS\system32\cewmdm.dll
- 2008-09-15 20:43:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-16 06:56:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-15 20:43:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-16 06:56:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-15 20:43:21 49,152 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-16 06:56:48 49,152 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-15 21:27:46 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-09-16 09:03:48 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2004-09-22 17:45:38 233,472 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2005-01-28 12:44:28 294,912 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-22 17:45:38 161,792 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2005-01-28 12:44:28 164,864 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-09-22 17:45:42 253,688 -c--a-w C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2005-01-28 12:44:28 258,296 -c--a-w C:\WINDOWS\system32\dllcache\drmclien.dll
- 2004-09-22 17:45:42 95,232 -c--a-w C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2005-01-28 12:44:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\drmstor.dll
- 2002-12-11 17:09:22 678,912 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2005-01-28 12:44:28 502,272 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2004-09-22 17:45:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2005-01-28 12:44:28 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
- 2004-09-22 17:45:44 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2005-01-28 12:44:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-09-22 17:45:52 141,312 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2005-01-28 12:44:28 142,336 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-22 17:45:54 169,472 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2005-01-28 12:44:28 173,568 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-22 17:45:56 360,176 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2005-01-28 12:44:28 364,784 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-22 17:45:56 311,296 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2005-01-28 12:44:28 315,904 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2004-09-22 17:46:02 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2005-01-28 12:44:28 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-22 17:46:10 380,144 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2005-01-28 12:44:28 396,528 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
- 2004-09-22 17:46:10 712,704 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2005-01-28 12:44:28 716,288 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
- 2004-09-22 17:46:12 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2005-01-28 12:44:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-09-22 17:46:12 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2005-01-28 12:44:28 28,160 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-22 17:46:12 34,304 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2005-01-28 12:44:28 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-22 17:46:16 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
- 2004-09-22 17:46:26 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2005-01-28 12:44:28 774,904 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-22 17:46:32 2,362,104 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2005-01-28 12:44:28 2,370,296 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-22 17:46:34 871,160 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2005-01-28 12:44:28 895,736 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-22 17:46:38 18,944 -c--a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2005-01-28 12:44:28 18,944 -c--a-w C:\WINDOWS\system32\drivers\wpdusb.sys
- 2004-09-22 17:45:42 253,688 -c--a-w C:\WINDOWS\system32\drmclien.dll
+ 2005-01-28 12:44:28 258,296 -c--a-w C:\WINDOWS\system32\drmclien.dll
- 2004-09-22 17:45:42 95,232 -c--a-w C:\WINDOWS\system32\drmstor.dll
+ 2005-01-28 12:44:28 96,768 -c--a-w C:\WINDOWS\system32\drmstor.dll
- 2004-09-22 17:45:42 527,360 -c--a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2005-01-28 12:44:28 502,272 -c--a-w C:\WINDOWS\system32\drmv2clt.dll
- 2004-09-22 17:45:44 6,656 -c--a-w C:\WINDOWS\system32\laprxy.dll
+ 2005-01-28 12:44:28 6,656 -c--a-w C:\WINDOWS\system32\laprxy.dll
- 2004-09-22 17:45:44 96,768 -c--a-w C:\WINDOWS\system32\logagent.exe
+ 2005-01-28 12:44:28 96,768 -c--a-w C:\WINDOWS\system32\logagent.exe
- 2004-09-22 17:45:52 141,312 -c--a-w C:\WINDOWS\system32\msnetobj.dll
+ 2005-01-28 12:44:28 142,336 -c--a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-22 17:45:54 25,088 -c--a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2005-01-28 12:44:28 25,088 -c--a-w C:\WINDOWS\system32\MsPMSNSv.dll
- 2004-09-22 17:45:54 169,472 -c--a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2005-01-28 12:44:28 173,568 -c--a-w C:\WINDOWS\system32\MsPMSP.dll
- 2004-09-22 17:45:56 360,176 -c--a-w C:\WINDOWS\system32\MSSCP.dll
+ 2005-01-28 12:44:28 364,784 -c--a-w C:\WINDOWS\system32\MSSCP.dll
- 2004-09-22 17:45:56 311,296 -c--a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2005-01-28 12:44:28 315,904 -c--a-w C:\WINDOWS\system32\MSWMDM.dll
- 2004-09-22 17:46:02 221,184 -c--a-w C:\WINDOWS\system32\qasf.dll
+ 2005-01-28 12:44:28 221,184 -c--a-w C:\WINDOWS\system32\qasf.dll
- 2004-09-22 17:46:10 47,104 -c--a-w C:\WINDOWS\system32\uwdf.exe
+ 2005-01-28 12:44:28 47,104 -c--a-w C:\WINDOWS\system32\uwdf.exe
- 2004-09-22 17:46:10 15,872 -c--a-w C:\WINDOWS\system32\wdfapi.dll
+ 2005-01-28 12:44:28 15,872 -c--a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-22 17:46:10 38,912 -c--a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2005-01-28 12:44:28 38,912 -c--a-w C:\WINDOWS\system32\wdfmgr.exe
- 2004-09-22 17:46:10 380,144 -c--a-w C:\WINDOWS\system32\wmadmod.dll
+ 2005-01-28 12:44:28 396,528 -c--a-w C:\WINDOWS\system32\wmadmod.dll
- 2004-09-22 17:46:10 712,704 -c--a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2005-01-28 12:44:28 716,288 -c--a-w C:\WINDOWS\system32\wmadmoe.dll
- 2004-09-22 17:46:12 229,376 -c--a-w C:\WINDOWS\system32\wmasf.dll
+ 2005-01-28 12:44:28 224,768 -c--a-w C:\WINDOWS\system32\wmasf.dll
- 2004-09-22 17:46:12 30,208 -c--a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2005-01-28 12:44:28 28,160 -c--a-w C:\WINDOWS\system32\WMDMLOG.dll
- 2004-09-22 17:46:12 34,304 -c--a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2005-01-28 12:44:28 33,792 -c--a-w C:\WINDOWS\system32\WMDMPS.dll
- 2004-09-22 17:46:12 344,064 -c--a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2005-01-28 12:44:28 335,872 -c--a-w C:\WINDOWS\system32\WMDRMdev.dll
- 2004-09-22 17:46:14 290,816 -c--a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2005-01-28 12:44:28 290,816 -c--a-w C:\WINDOWS\system32\WMDRMNet.dll
- 2004-09-22 17:46:14 150,016 -c--a-w C:\WINDOWS\system32\wmidx.dll
+ 2005-01-28 12:44:28 150,016 -c--a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-22 17:46:16 1,027,072 -c--a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,027,072 -c--a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2004-09-22 17:46:26 773,368 -c--a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2005-01-28 12:44:28 774,904 -c--a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-22 17:46:26 1,116,160 -c--a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2005-01-28 12:44:28 1,119,744 -c--a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-22 17:46:30 531,192 -c--a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2005-01-28 12:44:28 413,944 -c--a-w C:\WINDOWS\system32\wmspdmod.dll
- 2004-09-22 17:46:30 936,960 -c--a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2005-01-28 12:44:28 940,544 -c--a-w C:\WINDOWS\system32\wmspdmoe.dll
- 2004-09-22 17:46:32 1,181,944 -c--a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2005-01-28 12:44:28 1,218,808 -c--a-w C:\WINDOWS\system32\wmvadvd.dll
- 2004-09-22 17:46:32 1,509,376 -c--a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2005-01-28 12:44:28 1,512,448 -c--a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2004-09-22 17:46:32 2,362,104 -c--a-w C:\WINDOWS\system32\wmvcore.dll
+ 2005-01-28 12:44:28 2,370,296 -c--a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-09-22 17:46:34 871,160 -c--a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2005-01-28 12:44:28 895,736 -c--a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-22 17:46:34 999,424 -c--a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2005-01-28 12:44:28 1,003,008 -c--a-w C:\WINDOWS\system32\wmvdmoe2.dll
- 2004-09-22 17:46:38 38,912 -c--a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2005-01-28 12:44:28 38,912 -c--a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-22 17:46:36 61,952 -c--a-w C:\WINDOWS\system32\wpdconns.dll
+ 2005-01-28 12:44:28 61,952 -c--a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-22 17:46:36 114,176 -c--a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2005-01-28 12:44:28 114,176 -c--a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-22 17:46:36 331,776 -c--a-w C:\WINDOWS\system32\wpdmtpdr.dll
+ 2005-01-28 12:44:28 331,776 -c--a-w C:\WINDOWS\system32\wpdmtpdr.dll
- 2004-09-22 17:46:36 66,560 -c--a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2005-01-28 12:44:28 66,560 -c--a-w C:\WINDOWS\system32\wpdmtpus.dll
- 2004-09-22 17:46:36 327,680 -c--a-w C:\WINDOWS\system32\wpdsp.dll
+ 2005-01-28 12:44:28 331,264 -c--a-w C:\WINDOWS\system32\wpdsp.dll
- 2004-09-22 17:46:38 10,752 -c--a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2005-01-28 12:44:28 10,752 -c--a-w C:\WINDOWS\system32\wpdtrace.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-18 13312]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2006-10-27 406016]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-07 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2005-06-22 417792]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"HPHmon04"="C:\WINDOWS\System32\hphmon04.exe" [2006-01-06 348160]
"CARPService"="carpserv.exe" [2003-11-08 C:\WINDOWS\system32\carpserv.exe]
"BTUSRBDG"="BtUsrBdg.exe" [2003-04-18 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 C:\WINDOWS\system32\BTSetBootKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-18 13312]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2006-10-27 146432]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Broadband Desktop Help.lnk - C:\Program Files\BT Broadband 2091\Help\bin\matcli.exe [2006-06-21 217088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"0"= blackd.exe
"1"= blackice.exe
"2"= lockdown.exe
"3"= lockdown2000.exe
"4"= netmon.exe
"5"= processmonitor.exe
"6"= taskkill.exe
"7"= tskill.exe
"8"= smc.exe
"9"= sniffem.exe
"10"= zapro.exe
"11"= zlclient.exe
"12"= zonealarm.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 BTCOMM;BTCOMM;C:\WINDOWS\System32\drivers\Btcomm.sys [2003-04-14 55616]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\System32\DRIVERS\btkrnbdg.sys [2003-03-18 15876]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys [2002-11-05 291328]
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys [2002-11-05 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2003-10-17 16512]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\System32\drivers\vadmulti.sys [2003-11-05 19840]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\System32\Drivers\csrbc01.sys [2003-10-29 24523]
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\System32\DRIVERS\WG511ICB.sys [ ]
S3 WLAN;NETGEAR Wireless 802.11b LAN Driver;C:\WINDOWS\System32\DRIVERS\MA401RB.SYS [2003-03-05 614400]
S3 WNUSCTLH;NEC 606 CONTROL Driver;C:\WINDOWS\System32\DRIVERS\WNUSCTLH.SYS [2002-04-18 46810]
S3 WNUSENUH;NEC 606 ENUMERATION Driver;C:\WINDOWS\System32\DRIVERS\WNUSENUH.SYS [2002-04-18 14458]
S3 WNUSOBXH;NEC 606 OBEX Port Driver;C:\WINDOWS\System32\DRIVERS\WNUSOBXH.sys [2002-09-12 33536]
S3 WNUSTACH;NEC 606 Command Port Driver;C:\WINDOWS\System32\DRIVERS\WNUSTACH.sys [2002-04-18 28304]
S4 Lmhic2oegi;Lmhic2oegi;C:\WINDOWS\System32\drivers\rasacd.sys [2001-08-18 8832]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.com
R0 -: HKLM-Main,Start Page = hxxp://home.bt.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 -: HKCU-SearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
C:\WINDOWS\Downloaded Program Files\yregucfg.dll

O16 -: {1EEC3C99-7AA3-4F6E-B381-AF6942B51618} - hxxp://www.lazychestnuts.net/0015/ph/pup.CAB
C:\WINDOWS\Downloaded Program Files\pup.INF
C:\WINDOWS\System32\mscomctl.ocx
C:\WINDOWS\System32\MSVBVM60.DLL
C:\WINDOWS\System32\OLEAUT32.DLL
C:\WINDOWS\System32\OLEPRO32.DLL
C:\WINDOWS\System32\ASYCFILT.DLL
C:\WINDOWS\System32\STDOLE2.TLB
C:\WINDOWS\System32\COMCAT.DLL
C:\WINDOWS\Downloaded Program Files\pup.exe

O16 -: {4D561B31-49A0-4E2C-8AFF-353468EC669B} - hxxp://www.greasypalm.co.uk/bho/update/GreasyPalm.cab
C:\WINDOWS\Downloaded Program Files\GreasyPalm.inf
C:\WINDOWS\Downloaded Program Files\GreasyPalmHelper.dll

O16 -: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
C:\WINDOWS\Downloaded Program Files\accounttracking.dll

O16 -: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxp://register.btinternet.com/templates/btmailcontrol013.cab
C:\WINDOWS\Downloaded Program Files\btmailcontrol.inf
C:\WINDOWS\Downloaded Program Files\btmailcontrol.dll

O16 -: {AB676D96-BE22-4133-A45F-9FD6376366DA} - hxxp://www.freefunmp3.com/contenido/IconoMail.cab
C:\WINDOWS\Downloaded Program Files\msamail.inf

O16 -: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} - hxxp://imlive.com/ChatSource/gVideoContol.cab
C:\WINDOWS\Downloaded Program Files\gVideoContol.inf
C:\WINDOWS\System32\Unicows.dll
C:\WINDOWS\Downloaded Program Files\EStream7Decoder.dll
C:\WINDOWS\Downloaded Program Files\EStream8Decoder.dll
C:\WINDOWS\Downloaded Program Files\EyeStream7.dll
C:\WINDOWS\Downloaded Program Files\GSM.dll
C:\WINDOWS\Downloaded Program Files\MELP.dll
C:\WINDOWS\Downloaded Program Files\MID.ocx
C:\WINDOWS\Downloaded Program Files\SslNetwork.dll
C:\WINDOWS\Downloaded Program Files\CoVideoMessage.ocx
C:\WINDOWS\Downloaded Program Files\ChatRoom.ocx
C:\WINDOWS\Downloaded Program Files\CoVideoWindow.ocx
C:\WINDOWS\Downloaded Program Files\VideoSession.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 10:06:59
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-16 10:10:30
ComboFix-quarantined-files.txt 2008-09-16 09:09:52

Pre-Run: 21,868,548,096 bytes free
Post-Run: 21,875,998,720 bytes free

417 --- E O F --- 2008-09-01 08:06:58

yimmin
New Member

Date Joined Sep 2008
Total Posts : 5

Posted 9-16-2008 10:45 (GMT +1)

Data from infected laptop

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3

16/09/2008 09:56:36
mbam-log-2008-09-16 (09-56-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 135788
Time elapsed: 1 hour(s), 32 minute(s), 0 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
C:\Documents and Settings\Ben\sccs.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Ben\css.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bdql (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sccs (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\css (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Ben\sccs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\FBrowsingAdvisor\XPCOMEvents.dll.vir (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP410\A0217768.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP410\A0217770.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP410\A0217773.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP414\A0217892.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP414\A0217924.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP420\A0223655.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP421\A0224722.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP423\A0225446.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP423\A0225448.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP423\A0225450.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C9934A89-58BA-400E-90E2-7FE380A718FA}\RP424\A0225613.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben\css.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mqgldfvo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

ComboFix 08-09-15.02 - Ben 2008-09-16 10:12:00.2 - NTFSx86
Running from: C:\Documents and Settings\Ben\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.

2008-09-16 08:18 . 2008-09-16 08:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 08:18 . 2008-09-16 08:18 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Malwarebytes
2008-09-16 08:18 . 2008-09-16 08:18 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 08:18 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 08:18 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-15 19:56 . 2008-09-15 19:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-15 19:47 . 2008-09-15 19:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-15 19:47 . 2008-09-15 19:47 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\SUPERAntiSpyware.com
2008-09-15 19:41 . 2008-09-15 19:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-15 19:30 . 2008-09-15 19:30 <DIR> d-------- C:\Program Files\CCleaner
2008-09-14 08:31 . 2008-09-14 08:31 <DIR> d----c--- C:\Documents and Settings\Administrator.BEN\Application Data\Teleca
2008-09-14 08:31 . 2008-09-14 08:31 <DIR> d----c--- C:\Documents and Settings\Administrator.BEN\Application Data\Sony Ericsson
2008-09-14 08:26 . 2005-03-02 17:35 <DIR> d----c--- C:\Documents and Settings\Administrator.BEN\Application Data\Symantec
2008-09-14 08:26 . 2005-03-02 17:31 <DIR> d----c--- C:\Documents and Settings\Administrator.BEN\Application Data\Sony Corporation
2008-09-14 08:26 . 2008-09-14 08:26 <DIR> d----c--- C:\Documents and Settings\Administrator.BEN
2008-09-14 08:12 . 2008-09-14 08:12 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Azureus
2008-09-14 08:12 . 2008-09-14 08:12 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\.wyzo
2008-09-14 08:12 . 2008-09-14 08:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-14 07:47 . 2008-09-14 08:12 <DIR> d---sc--- C:\Documents and Settings\Administrator
2008-09-14 02:01 . 2008-09-14 08:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-14 02:01 . 2008-09-14 08:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 01:33 . 2008-09-14 01:33 <DIR> d----c--- C:\!KillBox
2008-09-13 22:17 . 2008-09-14 08:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-13 21:35 . 2008-09-15 21:24 <DIR> d-------- C:\Program Files\MicroAV
2008-09-13 20:16 . 2008-09-14 08:15 <DIR> d-------- C:\Program Files\Vuze
2008-09-11 11:46 . 2008-09-11 11:46 0 --a--c--- C:\winamp.ini
2008-09-10 01:28 . 2008-09-10 01:28 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-10 01:26 . 2008-09-10 01:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-09-10 01:26 . 2008-09-10 01:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-09-10 01:26 . 2008-09-10 01:26 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Intel
2008-09-10 01:13 . 2008-09-10 01:13 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\InstallShield
2008-09-10 00:32 . 2008-09-10 00:42 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\vlc
2008-09-10 00:30 . 2008-09-10 00:30 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-05 19:34 . 2008-09-15 22:43 <DIR> d-------- C:\Program Files\UltimateEnhancer
2008-08-28 08:36 . 2008-08-28 08:36 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-28 08:36 . 2008-08-28 08:36 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-28 08:36 . 2008-08-28 08:36 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 08:36 . 2008-08-28 08:36 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-28 08:25 . 2008-08-28 08:38 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-28 07:57 . 2008-08-28 07:57 <DIR> d-------- C:\WINDOWS\EHome
2008-08-28 07:46 . 2008-04-14 01:12 712,704 --a------ C:\WINDOWS\system32\windowscodecs.dll
2008-08-28 07:46 . 2008-04-14 01:12 346,112 --a------ C:\WINDOWS\system32\windowscodecsext.dll
2008-08-28 07:46 . 2008-04-14 01:12 276,992 --a------ C:\WINDOWS\system32\wmphoto.dll
2008-08-28 07:46 . 2008-04-14 01:12 69,120 --a------ C:\WINDOWS\system32\wlanapi.dll
2008-08-28 07:44 . 2008-04-14 01:12 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll
2008-08-28 07:43 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-27 18:04 . 2008-08-27 18:04 <DIR> d-------- C:\WINDOWS\Ver
2008-08-27 18:04 . 2008-08-27 18:04 <DIR> d-------- C:\Program Files\Entriq
2008-08-27 18:04 . 2008-08-27 18:06 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Entriq
2008-08-27 14:00 . 2008-08-27 14:00 <DIR> d-------- C:\Program Files\Channel4
2008-08-27 13:59 . 2008-08-27 13:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Channel4
2008-08-27 10:09 . 2008-09-16 10:11 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\LimeWire
2008-08-27 10:08 . 2008-08-27 10:08 <DIR> d-------- C:\Program Files\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 09:08 197,669,678 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-16 09:08 --------- d-----w C:\Program Files\Plaxo
2008-09-16 07:00 --------- d-----w C:\Documents and Settings\Ben\Application Data\AVG7
2008-09-15 23:00 --------- d-----w C:\Program Files\LogMeIn
2008-09-13 23:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-11 11:04 --------- d-----w C:\Program Files\ISP
2008-09-10 00:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 00:19 --------- d-----w C:\Program Files\Sony
2008-08-27 19:03 --------- d-----w C:\Documents and Settings\Donna\Application Data\AVG7
2008-08-27 13:00 --------- d-----w C:\Program Files\Kontiki
2008-08-26 14:46 --------- d-----w C:\Program Files\Java
2008-08-24 16:05 --------- d-----w C:\Program Files\Sun
2008-08-20 18:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-19 09:45 --------- d-----w C:\Documents and Settings\Donna\Application Data\Yahoo!
2008-07-19 09:37 --------- d-----w C:\Documents and Settings\Ben\Application Data\Yahoo!
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 17:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-11-16 23:38 1,470 ----a-w C:\Documents and Settings\Ben\Application Data\wklnhst.dat
2006-07-26 09:14 0 ----a-w C:\D