| grahalex |
| (regular) |
| Sat Mar 29 2008 05:05 PM |
Blue Screen - please check log
|
Hi, just turned PC on and have a blue screen, saying I have a spyware problem and to click on a link to solve it.Can someone plese check my Log for problems.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:44, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Firefly Media Server\firefly.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\WINDOWS\wanmpsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Philips\VOIP321\VOIP321.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\program files\common files\aol\1179865871\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CICache] CICache.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Roku - Mark Heaton - C:\Program Files\RokuNSE\Roku.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe
--
End of file - 12579 bytes
| bricat |
| (HijackThis Helper) |
| Mon Mar 31 2008 06:57 PM |
|
Re: Blue Screen - please check log
|
Please download ComboFix from either of these two locations
BleepingComputerComboFix
geeks to go combofix
And save it to your DESKTOP.
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
| grahalex |
| (regular) |
| Mon Mar 31 2008 09:53 PM |
|
Re: Blue Screen - please check log
|
"Graham" - 2008-03-31 21:46:02 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
2008-03-31 03:27 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 03:27 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 03:19 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-03-31 03:19 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-03-30 14:00 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\The Labyrinth Plus! Edition
2008-03-30 13:54 98,304 --a------ C:\WINDOWS\system32\ImmPID.dll
2008-03-30 13:54 29,372 --a------ C:\WINDOWS\system32\drivers\ImHidUsb.sys
2008-03-30 13:54 192,512 --a------ C:\WINDOWS\system32\IFC22.dll
2008-03-30 13:54 16,384 --a------ C:\WINDOWS\system32\imm_enu.dll
2008-03-30 13:54 1,024,000 --a------ C:\WINDOWS\system32\ImmCpl.dll
2008-03-30 13:54 <DIR> d-------- C:\Program Files\Saitek
2008-03-30 12:59 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-03-29 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Barbie Fashion Show
2008-03-29 18:38 <DIR> d-------- C:\Program Files\Common Files\Vivendi Universal Games
2008-03-29 18:38 <DIR> d-------- C:\Program Files\Barbie(TM)
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopTrojan.Win32.BlackBird.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopFWebdEditor.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfwebd.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfkwp2.0.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfkwp1.5.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfilemanagerclient.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopEditorFKWP2.0.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopEditorFKWP1.5.exe
2008-03-29 17:31 <DIR> d-------- C:\DOCUME~1\Graham\Desktopvirii
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopTrojan.Win32.BlackBird.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopFWebdEditor.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfwebd.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfkwp2.0.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfkwp1.5.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfilemanagerclient.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopEditorFKWP2.0.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopEditorFKWP1.5.exe
2008-03-29 15:27 <DIR> d-------- C:\DOCUME~1\CATHER~1\Desktopvirii
2008-03-29 14:55 94,208 --a------ C:\WINDOWS\system32\uhelgdsv.exe
2008-03-29 14:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fhhjytzh
2008-03-29 14:04 32,256 --a------ C:\WINDOWS\system32\drivers\w2wtime.sys
2008-03-29 14:04 12,800 --a------ C:\WINDOWS\system32\drivers\wtcls2k.sys
2008-03-29 14:04 114,688 --a------ C:\WINDOWS\system32\wintab32.exe
2008-03-29 14:04 <DIR> d-------- C:\WINDOWS\Wintime
2008-03-29 13:50 94,208 --a------ C:\WINDOWS\system32\ncxudivg.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\winsystem.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32thun.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32taack.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32taack.dat
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32netode.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32bdn.com
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\mssecu.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\bdn.com
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\a.bat
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\DesktopTrojan.Win32.BlackBird.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\DesktopFWebdEditor.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\Desktopfwebd.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\Desktopfkwp2.0.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\Desktopfkwp1.5.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\Desktopfilemanagerclient.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\DesktopEditorFKWP2.0.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\DesktopEditorFKWP1.5.exe
2008-03-29 13:50 <DIR> d-------- C:\WINDOWS\system32smp
2008-03-29 13:50 <DIR> d-------- C:\DOCUME~1\Annette\Desktopvirii
2008-03-29 11:47 <DIR> d-------- C:\Program Files\WinTime
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-03-31 20:49:33 -------- d-----w C:\Program Files\Firefly Media Server
2008-03-31 20:48:37 51,075,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-31 18:13:31 599,576 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-30 12:54:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 10:15:37 -------- d-----w C:\Program Files\Elaborate Bytes
2008-03-29 20:29:18 -------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35:21 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29:08 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27:33 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26:52 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23:22 95,608 -c--a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-27 08:26:37 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\LimeWire
2008-03-22 09:34:18 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\WeatherWatcher
2008-03-22 09:31:33 -------- d-----w C:\Program Files\Weather Watcher
2008-03-21 10:07:08 -------- d-----w C:\Program Files\EPSON
2008-03-21 06:22:35 -------- d-----w C:\Program Files\Google
2008-03-20 20:54:54 -------- d-----w C:\Program Files\Windows Live
2008-03-20 20:38:59 -------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-03-20 20:38:59 -------- d-----w C:\Program Files\SimpleDivX
2008-03-20 20:38:59 -------- d-----w C:\Program Files\Roku Radio Snooper
2008-03-20 20:38:53 -------- d-----w C:\Program Files\MP3 Remix
2008-03-20 20:38:46 -------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-20 20:38:46 -------- d-----w C:\Program Files\DivX
2008-03-20 20:38:46 -------- d-----w C:\Program Files\Common Files\Nullsoft
2008-03-20 20:38:43 -------- d-----w C:\Program Files\Common Files\aolshare
2008-03-20 20:38:39 -------- d-----w C:\Program Files\Apple Software Update
2008-03-20 20:38:39 -------- d-----w C:\Program Files\AOL 9.0
2008-03-19 15:14:57 -------- d-----w C:\Program Files\RogueRemover FREE
2008-03-17 18:51:41 -------- d-----w C:\Program Files\SpywareBlaster
2008-03-13 16:36:18 -------- d-----w C:\Program Files\IObit
2008-03-09 10:30:42 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\ZipGenius
2008-03-07 21:19:33 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\RipIt4Me
2008-02-28 19:36:48 -------- d-----w C:\Program Files\BitComet
2008-02-26 16:23:29 -------- d-----w C:\Program Files\i-Sound Pro
2008-02-19 19:56:54 13,568 -c--a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-02-16 09:50:47 -------- d-----w C:\Program Files\LimeWire
2008-01-31 15:52:57 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\Sereniti
2008-01-18 14:43:49 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-06 10:37:16 60,416 -c--a-w C:\WINDOWS\ALCFDRTM.EXE
2008-01-04 21:59:04 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58:50 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58:42 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58:42 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57:22 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57:22 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:57:16 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57:14 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57:14 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57:14 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57:14 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57:14 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57:12 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57:10 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57:10 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57:10 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:56:48 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56:24 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-01 13:39:58 46 -c--a-w C:\WINDOWS\system32\DonationCoder_rokusnooper_InstallInfo.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-23 00:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-09-28 14:30 521528 --a--c--- C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2008-01-04 18:21 1548624 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-09-25 01:11 501136 --a--c--- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-12-14 13:54 392240 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
2006-08-20 19:55 81920 --a--c--- C:\Program Files\Free Download Manager\iefdmcks.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37]
"HostManager"="C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe" [2006-11-17 14:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 05:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52]
"CICache"="CICache.exe" [2002-09-05 15:21 C:\WINDOWS\CICache.exe]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 17:43]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-01-08 00:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-18 18:11]
"SAITEKAUTOCONFIGURE"="C:\Program Files\Saitek\ST\Drv\saicnfig.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages :\WINDOWS\syste
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
Contents of the 'Scheduled Tasks' folder
2008-03-11 20:07:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-30 21:00:00 C:\WINDOWS\tasks\SmartDefrag.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 21:49:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-03-31 21:50:00
C:\ComboFix2.txt ... 2008-03-29 17:54
C:\ComboFix3.txt ... 2008-03-14 21:09
--- E O F ---
"Graham" - 2008-03-31 21:46:02 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
2008-03-31 03:27 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 03:27 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 03:19 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-03-31 03:19 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-03-30 14:00 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\The Labyrinth Plus! Edition
2008-03-30 13:54 98,304 --a------ C:\WINDOWS\system32\ImmPID.dll
2008-03-30 13:54 29,372 --a------ C:\WINDOWS\system32\drivers\ImHidUsb.sys
2008-03-30 13:54 192,512 --a------ C:\WINDOWS\system32\IFC22.dll
2008-03-30 13:54 16,384 --a------ C:\WINDOWS\system32\imm_enu.dll
2008-03-30 13:54 1,024,000 --a------ C:\WINDOWS\system32\ImmCpl.dll
2008-03-30 13:54 <DIR> d-------- C:\Program Files\Saitek
2008-03-30 12:59 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-03-29 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Barbie Fashion Show
2008-03-29 18:38 <DIR> d-------- C:\Program Files\Common Files\Vivendi Universal Games
2008-03-29 18:38 <DIR> d-------- C:\Program Files\Barbie(TM)
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopTrojan.Win32.BlackBird.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopFWebdEditor.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfwebd.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfkwp2.0.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfkwp1.5.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfilemanagerclient.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopEditorFKWP2.0.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopEditorFKWP1.5.exe
2008-03-29 17:31 <DIR> d-------- C:\DOCUME~1\Graham\Desktopvirii
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopTrojan.Win32.BlackBird.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopFWebdEditor.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfwebd.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfkwp2.0.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfkwp1.5.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfilemanagerclient.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopEditorFKWP2.0.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopEditorFKWP1.5.exe
2008-03-29 15:27 <DIR> d-------- C:\DOCUME~1\CATHER~1\Desktopvirii
2008-03-29 14:55 94,208 --a------ C:\WINDOWS\system32\uhelgdsv.exe
2008-03-29 14:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fhhjytzh
2008-03-29 14:04 32,256 --a------ C:\WINDOWS\system32\drivers\w2wtime.sys
2008-03-29 14:04 12,800 --a------ C:\WINDOWS\system32\drivers\wtcls2k.sys
2008-03-29 14:04 114,688 --a------ C:\WINDOWS\system32\wintab32.exe
2008-03-29 14:04 <DIR> d-------- C:\WINDOWS\Wintime
2008-03-29 13:50 94,208 --a------ C:\WINDOWS\system32\ncxudivg.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\winsystem.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32thun.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32taack.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32taack.dat
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32netode.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32bdn.com
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\mssecu.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\bdn.com
2008-03-29 13:50 4,096 --a------ C:\WINDOWS\a.bat
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\DesktopTrojan.Win32.BlackBird.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\DesktopFWebdEditor.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\Desktopfwebd.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\Desktopfkwp2.0.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\Desktopfkwp1.5.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\Desktopfilemanagerclient.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\DesktopEditorFKWP2.0.exe
2008-03-29 13:50 4,096 --a------ C:\DOCUME~1\Annette\DesktopEditorFKWP1.5.exe
2008-03-29 13:50 <DIR> d-------- C:\WINDOWS\system32smp
2008-03-29 13:50 <DIR> d-------- C:\DOCUME~1\Annette\Desktopvirii
2008-03-29 11:47 <DIR> d-------- C:\Program Files\WinTime
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-03-31 20:49:33 -------- d-----w C:\Program Files\Firefly Media Server
2008-03-31 20:48:37 51,075,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-31 18:13:31 599,576 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-30 12:54:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 10:15:37 -------- d-----w C:\Program Files\Elaborate Bytes
2008-03-29 20:29:18 -------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35:21 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29:08 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27:33 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26:52 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23:22 95,608 -c--a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-27 08:26:37 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\LimeWire
2008-03-22 09:34:18 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\WeatherWatcher
2008-03-22 09:31:33 -------- d-----w C:\Program Files\Weather Watcher
2008-03-21 10:07:08 -------- d-----w C:\Program Files\EPSON
2008-03-21 06:22:35 -------- d-----w C:\Program Files\Google
2008-03-20 20:54:54 -------- d-----w C:\Program Files\Windows Live
2008-03-20 20:38:59 -------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-03-20 20:38:59 -------- d-----w C:\Program Files\SimpleDivX
2008-03-20 20:38:59 -------- d-----w C:\Program Files\Roku Radio Snooper
2008-03-20 20:38:53 -------- d-----w C:\Program Files\MP3 Remix
2008-03-20 20:38:46 -------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-20 20:38:46 -------- d-----w C:\Program Files\DivX
2008-03-20 20:38:46 -------- d-----w C:\Program Files\Common Files\Nullsoft
2008-03-20 20:38:43 -------- d-----w C:\Program Files\Common Files\aolshare
2008-03-20 20:38:39 -------- d-----w C:\Program Files\Apple Software Update
2008-03-20 20:38:39 -------- d-----w C:\Program Files\AOL 9.0
2008-03-19 15:14:57 -------- d-----w C:\Program Files\RogueRemover FREE
2008-03-17 18:51:41 -------- d-----w C:\Program Files\SpywareBlaster
2008-03-13 16:36:18 -------- d-----w C:\Program Files\IObit
2008-03-09 10:30:42 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\ZipGenius
2008-03-07 21:19:33 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\RipIt4Me
2008-02-28 19:36:48 -------- d-----w C:\Program Files\BitComet
2008-02-26 16:23:29 -------- d-----w C:\Program Files\i-Sound Pro
2008-02-19 19:56:54 13,568 -c--a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-02-16 09:50:47 -------- d-----w C:\Program Files\LimeWire
2008-01-31 15:52:57 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\Sereniti
2008-01-18 14:43:49 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-06 10:37:16 60,416 -c--a-w C:\WINDOWS\ALCFDRTM.EXE
2008-01-04 21:59:04 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58:50 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58:42 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58:42 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57:22 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57:22 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:57:16 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57:14 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57:14 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57:14 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57:14 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57:14 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57:12 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57:10 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57:10 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57:10 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:56:48 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56:24 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-01 13:39:58 46 -c--a-w C:\WINDOWS\system32\DonationCoder_rokusnooper_InstallInfo.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-23 00:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-09-28 14:30 521528 --a--c--- C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2008-01-04 18:21 1548624 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-09-25 01:11 501136 --a--c--- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-12-14 13:54 392240 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
2006-08-20 19:55 81920 --a--c--- C:\Program Files\Free Download Manager\iefdmcks.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37]
"HostManager"="C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe" [2006-11-17 14:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 05:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52]
"CICache"="CICache.exe" [2002-09-05 15:21 C:\WINDOWS\CICache.exe]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 17:43]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-01-08 00:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-18 18:11]
"SAITEKAUTOCONFIGURE"="C:\Program Files\Saitek\ST\Drv\saicnfig.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages :\WINDOWS\syste
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
Contents of the 'Scheduled Tasks' folder
2008-03-11 20:07:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-30 21:00:00 C:\WINDOWS\tasks\SmartDefrag.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 21:49:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-03-31 21:50:00
C:\ComboFix2.txt ... 2008-03-29 17:54
C:\ComboFix3.txt ... 2008-03-14 21:09
--- E O F ---
| grahalex |
| (regular) |
| Mon Mar 31 2008 09:57 PM |
|
Re: Blue Screen - please check log
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:16, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Firefly Media Server\firefly.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\WINDOWS\wanmpsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\VOIP321\VOIP321.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\program files\common files\aol\1179865871\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\common files\aol\1179865871\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CICache] CICache.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\ST\Drv\saicnfig.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Roku - Mark Heaton - C:\Program Files\RokuNSE\Roku.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe
--
End of file - 12915 bytes
| grahalex |
| (regular) |
| Mon Mar 31 2008 10:45 PM |
|
Re: Blue Screen - please check log
|
I got rid of the blue screen, something had replaced my desktop, an advert for an anti spyware program.Also did a scan with spybot and found several things to remove, Golden Palace Casino was one .
| bricat |
| (HijackThis Helper) |
| Mon Mar 31 2008 11:45 PM |
|
|
|
Re: Blue Screen - please check log
|
I don't know what you clicked on at 13.50 on 29/03/08 but it installed a lot of nasty files on your comp.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\WINDOWS\system32\ncxudivg.exe
C:\WINDOWS\winsystem.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\bdn.com
C:\WINDOWS\a.bat
C:\DOCUME~1\Annette\DesktopTrojan.Win32.BlackBird.exe
C:\DOCUME~1\Annette\DesktopFWebdEditor.exe
C:\DOCUME~1\Annette\Desktopfwebd.exe
C:\DOCUME~1\Annette\Desktopfkwp2.0.exe
C:\DOCUME~1\Annette\Desktopfkwp1.5.exe
C:\DOCUME~1\Annette\Desktopfilemanagerclient.exe
C:\DOCUME~1\Annette\DesktopEditorFKWP2.0.exe
C:\DOCUME~1\Annette\DesktopEditorFKWP1.5.exe
Folder::
C:\WINDOWS\system32smp
C:\DOCUME~1\Annette\Desktopvirii
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
| grahalex |
| (regular) |
| Tue Apr 01 2008 02:54 PM |
|
Re: Blue Screen - please check log
|
Hi Bricat, here is combo log, HJT to follow.
"Graham" - 2008-04-01 14:50:08 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Graham\Desktop\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Annette\DesktopEditorFKWP1.5.exe
C:\DOCUME~1\Annette\DesktopEditorFKWP2.0.exe
C:\DOCUME~1\Annette\Desktopfilemanagerclient.exe
C:\DOCUME~1\Annette\Desktopfkwp1.5.exe
C:\DOCUME~1\Annette\Desktopfkwp2.0.exe
C:\DOCUME~1\Annette\Desktopfwebd.exe
C:\DOCUME~1\Annette\DesktopFWebdEditor.exe
C:\DOCUME~1\Annette\DesktopTrojan.Win32.BlackBird.exe
C:\DOCUME~1\Annette\Desktopvirii
C:\DOCUME~1\Annette\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe
C:\DOCUME~1\Annette\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe
C:\DOCUME~1\Annette\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe
C:\DOCUME~1\Annette\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe
C:\DOCUME~1\Annette\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe
C:\WINDOWS\a.bat
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\ncxudivg.exe
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
2008-03-31 03:27 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 03:27 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 03:19 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-03-31 03:19 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-03-30 14:00 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\The Labyrinth Plus! Edition
2008-03-30 13:54 98,304 --a------ C:\WINDOWS\system32\ImmPID.dll
2008-03-30 13:54 29,372 --a------ C:\WINDOWS\system32\drivers\ImHidUsb.sys
2008-03-30 13:54 192,512 --a------ C:\WINDOWS\system32\IFC22.dll
2008-03-30 13:54 16,384 --a------ C:\WINDOWS\system32\imm_enu.dll
2008-03-30 13:54 1,024,000 --a------ C:\WINDOWS\system32\ImmCpl.dll
2008-03-30 13:54 <DIR> d-------- C:\Program Files\Saitek
2008-03-30 12:59 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-03-29 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Barbie Fashion Show
2008-03-29 18:38 <DIR> d-------- C:\Program Files\Common Files\Vivendi Universal Games
2008-03-29 18:38 <DIR> d-------- C:\Program Files\Barbie(TM)
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopTrojan.Win32.BlackBird.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopFWebdEditor.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfwebd.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfkwp2.0.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfkwp1.5.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\Desktopfilemanagerclient.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopEditorFKWP2.0.exe
2008-03-29 17:31 4,096 --a------ C:\DOCUME~1\Graham\DesktopEditorFKWP1.5.exe
2008-03-29 17:31 <DIR> d-------- C:\DOCUME~1\Graham\Desktopvirii
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopTrojan.Win32.BlackBird.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopFWebdEditor.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfwebd.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfkwp2.0.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfkwp1.5.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\Desktopfilemanagerclient.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopEditorFKWP2.0.exe
2008-03-29 15:27 4,096 --a------ C:\DOCUME~1\CATHER~1\DesktopEditorFKWP1.5.exe
2008-03-29 15:27 <DIR> d-------- C:\DOCUME~1\CATHER~1\Desktopvirii
2008-03-29 14:55 94,208 --a------ C:\WINDOWS\system32\uhelgdsv.exe
2008-03-29 14:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fhhjytzh
2008-03-29 14:04 32,256 --a------ C:\WINDOWS\system32\drivers\w2wtime.sys
2008-03-29 14:04 12,800 --a------ C:\WINDOWS\system32\drivers\wtcls2k.sys
2008-03-29 14:04 114,688 --a------ C:\WINDOWS\system32\wintab32.exe
2008-03-29 14:04 <DIR> d-------- C:\WINDOWS\Wintime
2008-03-29 11:47 <DIR> d-------- C:\Program Files\WinTime
2008-03-29 11:14 50,280 --a------ C:\WINDOWS\system32\Pnptbyb.exe
2008-03-29 11:14 308,312 --a------ C:\WINDOWS\system32\Penopcco.dll
2008-03-29 11:14 187,208 --a------ C:\WINDOWS\system32\Penopx.dll
2008-03-29 11:14 106,824 --a------ C:\WINDOWS\system32\Penopvx.dll
2008-03-29 11:14 <DIR> d-------- C:\Program Files\PenOp
2008-03-29 11:08 94,016 --a------ C:\WINDOWS\system32\Wintab.dll
2008-03-29 11:08 65,536 --a------ C:\WINDOWS\system32\wintab32.dll
2008-03-29 11:08 10,288 --a------ C:\WINDOWS\system32\Wtt16.dll
2008-03-29 11:08 <DIR> d-------- C:\Program Files\Your Company Name
2008-03-29 10:40 <DIR> d-------- C:\Program Files\JL2005C
2008-03-28 17:12 95,232 --a------ C:\WINDOWS\system\LFKODAK.DLL
2008-03-28 17:12 93,184 --a------ C:\WINDOWS\system\LFTIF70N.DLL
2008-03-28 17:12 77,824 --a------ C:\WINDOWS\system\Lffax10n.dll
2008-03-28 17:12 600,576 --a------ C:\WINDOWS\system\Ltwrp10n.dll
2008-03-28 17:12 57,344 --a------ C:\WINDOWS\system\BPEnhan.dll
2008-03-28 17:12 55,296 --a------ C:\WINDOWS\system\LTFIL70N.DLL
2008-03-28 17:12 350,208 --a------ C:\WINDOWS\system\LTKRN70N.DLL
2008-03-28 17:12 35,840 --a------ C:\WINDOWS\system32\Lflma10n.dll
2008-03-28 17:12 35,328 --a------ C:\WINDOWS\system\LFFPX70N.DLL
2008-03-28 17:12 34,304 --a------ C:\WINDOWS\system\Lfbmp10n.dll
2008-03-28 17:12 33,280 --a------ C:\WINDOWS\system32\Lfpcx10n.dll
2008-03-28 17:12 32,768 --a------ C:\WINDOWS\system\LFGIF70N.DLL
2008-03-28 17:12 31,232 --a------ C:\WINDOWS\system32\Lflmb10n.dll
2008-03-28 17:12 297,472 --a------ C:\WINDOWS\system\Ltkrn10n.dll
2008-03-28 17:12 29,184 --a------ C:\WINDOWS\system\LFLMA70N.DLL
2008-03-28 17:12 28,160 --a------ C:\WINDOWS\system32\Lfwmf10n.dll
2008-03-28 17:12 266,752 --a------ C:\WINDOWS\system\Lfcmp10n.dll
2008-03-28 17:12 26,112 --a------ C:\WINDOWS\system\LFICA70N.DLL
2008-03-28 17:12 25,088 --a------ C:\WINDOWS\system\LFLMB70N.DLL
2008-03-28 17:12 24,576 --a------ C:\WINDOWS\system\LFBMP70N.DLL
2008-03-28 17:12 24,064 --a------ C:\WINDOWS\system\LFPCT70N.DLL
2008-03-28 17:12 228,864 --a------ C:\WINDOWS\system32\Ltdis10n.dll
2008-03-28 17:12 224,768 --a------ C:\WINDOWS\system\LFCMP70N.DLL
2008-03-28 17:12 20,992 --a------ C:\WINDOWS\system\LFTGA70N.DLL
2008-03-28 17:12 20,480 --a------ C:\WINDOWS\system\LFIMG70N.DLL
2008-03-28 17:12 19,968 --a------ C:\WINDOWS\system\LFCAL70N.DLL
2008-03-28 17:12 19,456 --a------ C:\WINDOWS\system\LFPCD70N.DLL
2008-03-28 17:12 18,944 --a------ C:\WINDOWS\system\LFMAC70N.DLL
2008-03-28 17:12 175,104 --a------ C:\WINDOWS\system\LFFAX70N.DLL
2008-03-28 17:12 17,920 --a------ C:\WINDOWS\system\LFAVI70N.DLL
2008-03-28 17:12 122,368 --a------ C:\WINDOWS\system\Lftif10n.dll
2008-03-28 17:12 117,760 --a------ C:\WINDOWS\system32\Ltimg10n.dll
2008-03-28 17:12 103,424 --a------ C:\WINDOWS\system\Ltfil10n.dll
2008-03-28 16:03 <DIR> d-------- C:\Program Files\XnView
2008-03-28 16:03 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\XnView
2008-03-28 15:07 <DIR> d-------- C:\Program Files\IrfanView
2008-03-28 14:43 163,840 --a------ C:\WINDOWS\system32\12kUBusd.dll
2008-03-28 14:43 <DIR> d-------- C:\Program Files\Temp
2008-03-28 14:26 323,584 --a------ C:\WINDOWS\dwnrpofk.dll
2008-03-28 14:26 212,992 --a------ C:\WINDOWS\kdftlboenbg.dll
2008-03-28 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\exarehqd
2008-03-28 14:07 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\Leadertech
2008-03-24 23:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-24 23:47 <DIR> d-------- C:\Program Files\Philips
2008-03-24 23:36 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\Skype
2008-03-24 18:04 <DIR> d-------- C:\DOCUME~1\Annette\APPLIC~1\Skype
2008-03-24 12:46 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-24 12:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-22 10:31 <DIR> d-------- C:\Program Files\Common Files\ODBC
2008-03-21 23:30 32 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-04-01 13:51:46 51,290,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 13:46:11 -------- d-----w C:\Program Files\Firefly Media Server
2008-04-01 13:42:08 -------- d-----w C:\Program Files\Soulseek
2008-04-01 11:15:06 602,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-30 12:54:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 10:15:37 -------- d-----w C:\Program Files\Elaborate Bytes
2008-03-29 20:29:18 -------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35:21 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29:08 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27:33 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26:52 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23:22 95,608 -c--a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-27 08:26:37 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\LimeWire
2008-03-22 09:34:18 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\WeatherWatcher
2008-03-22 09:31:33 -------- d-----w C:\Program Files\Weather Watcher
2008-03-21 10:07:08 -------- d-----w C:\Program Files\EPSON
2008-03-21 06:22:35 -------- d-----w C:\Program Files\Google
2008-03-20 20:54:54 -------- d-----w C:\Program Files\Windows Live
2008-03-20 20:38:59 -------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-03-20 20:38:59 -------- d-----w C:\Program Files\SimpleDivX
2008-03-20 20:38:59 -------- d-----w C:\Program Files\Roku Radio Snooper
2008-03-20 20:38:53 -------- d-----w C:\Program Files\MP3 Remix
2008-03-20 20:38:46 -------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-20 20:38:46 -------- d-----w C:\Program Files\DivX
2008-03-20 20:38:46 -------- d-----w C:\Program Files\Common Files\Nullsoft
2008-03-20 20:38:43 -------- d-----w C:\Program Files\Common Files\aolshare
2008-03-20 20:38:39 -------- d-----w C:\Program Files\Apple Software Update
2008-03-20 20:38:39 -------- d-----w C:\Program Files\AOL 9.0
2008-03-19 15:14:57 -------- d-----w C:\Program Files\RogueRemover FREE
2008-03-17 18:51:41 -------- d-----w C:\Program Files\SpywareBlaster
2008-03-13 16:36:18 -------- d-----w C:\Program Files\IObit
2008-03-09 10:30:42 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\ZipGenius
2008-03-07 21:19:33 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\RipIt4Me
2008-02-28 19:36:48 -------- d-----w C:\Program Files\BitComet
2008-02-26 18:49:47 -------- d-----w C:\Program Files\GirlTech
2008-02-26 16:23:29 -------- d-----w C:\Program Files\i-Sound Pro
2008-02-19 19:56:54 13,568 -c--a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-02-16 09:50:47 -------- d-----w C:\Program Files\LimeWire
2008-02-01 11:11:10 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-18 14:43:49 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-06 10:37:16 60,416 -c--a-w C:\WINDOWS\ALCFDRTM.EXE
2008-01-04 21:59:04 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58:50 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58:42 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58:42 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57:22 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57:22 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:57:16 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57:14 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57:14 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57:14 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57:14 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57:14 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57:12 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57:10 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57:10 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57:10 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:56:48 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56:24 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-01 13:39:58 46 -c--a-w C:\WINDOWS\system32\DonationCoder_rokusnooper_InstallInfo.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-23 00:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-09-28 14:30 521528 --a--c--- C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2008-01-04 18:21 1548624 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-09-25 01:11 501136 --a--c--- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2007-12-14 13:54 392240 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
2006-08-20 19:55 81920 --a--c--- C:\Program Files\Free Download Manager\iefdmcks.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37]
"HostManager"="C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe" [2006-11-17 14:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 05:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52]
"CICache"="CICache.exe" [2002-09-05 15:21 C:\WINDOWS\CICache.exe]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 17:43]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-01-08 00:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-18 18:11]
"SAITEKAUTOCONFIGURE"="C:\Program Files\Saitek\ST\Drv\saicnfig.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages :\WINDOWS\syste
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
Contents of the 'Scheduled Tasks' folder
2008-03-11 20:07:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-03-30 21:00:00 C:\WINDOWS\tasks\SmartDefrag.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 14:52:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-04-01 14:53:11
C:\ComboFix-quarantined-files.txt ... 2008-04-01 14:53
C:\ComboFix2.txt ... 2008-03-31 21:50
C:\ComboFix3.txt ... 2008-03-29 17:54
--- E O F ---
| grahalex |
| (regular) |
| Tue Apr 01 2008 02:56 PM |
|
Re: Blue Screen - please check log
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:25, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Firefly Media Server\firefly.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\WINDOWS\wanmpsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\program files\common files\aol\1179865871\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1179865871\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CICache] CICache.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\ST\Drv\saicnfig.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firefly Media Server - Ron Pedde - C:\Program Files\Firefly Media Server\firefly.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Roku - Mark Heaton - C:\Program Files\RokuNSE\Roku.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe
--
End of file - 12762 bytes
| bricat |
| (HijackThis Helper) |
| Tue Apr 01 2008 06:59 PM |
|
|
|
Re: Blue Screen - please check log
|
you have 2 user accnts graham and annette.
ineed you to run combofix on both of the accnts and run this fix on each of them.
and post both combofix logs back.
please do not install any more programs or applications until we get this sorted.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\DOCUME~1\Graham\DesktopTrojan.Win32.BlackBird.exe
C:\DOCUME~1\Graham\DesktopFWebdEditor.exe
C:\DOCUME~1\Graham\Desktopfwebd.exe
C:\DOCUME~1\Graham\Desktopfkwp2.0.exe
C:\DOCUME~1\Graham\Desktopfkwp1.5.exe
C:\DOCUME~1\Graham\Desktopfilemanagerclient.exe
C:\DOCUME~1\Graham\DesktopEditorFKWP2.0.exe
C:\DOCUME~1\Graham\DesktopEditorFKWP1.5.exe
C:\DOCUME~1\CATHER~1\DesktopTrojan.Win32.BlackBird.exe
C:\DOCUME~1\CATHER~1\DesktopFWebdEditor.exe
C:\DOCUME~1\CATHER~1\Desktopfwebd.exe
C:\DOCUME~1\CATHER~1\Desktopfkwp2.0.exe
C:\DOCUME~1\CATHER~1\Desktopfkwp1.5.exe
C:\DOCUME~1\CATHER~1\Desktopfilemanagerclient.exe
C:\DOCUME~1\CATHER~1\DesktopEditorFKWP2.0.exe
C:\DOCUME~1\CATHER~1\DesktopEditorFKWP1.5.exe
C:\WINDOWS\system32\Pnptbyb.exe
C:\WINDOWS\system32\uhelgdsv.exe
C:\WINDOWS\system32\Penopcco.dll
C:\WINDOWS\system32\Penopcco.dll
C:\WINDOWS\system32\Penopx.dll
C:\WINDOWS\system32\Penopvx.dll
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\kdftlboenbg.dll
Folder::
C:\Program Files\PenOp
C:\DOCUME~1\CATHER~1\Desktopvirii
C:\DOCUME~1\ALLUSE~1\APPLIC~1\fhhjytzh
C:\Program Files\WinTime
C:\WINDOWS\Wintime
C:\DOCUME~1\Graham\Desktopvirii
C:\DOCUME~1\ALLUSE~1\APPLIC~1\exarehqd
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
| grahalex |
| (regular) |
| Tue Apr 01 2008 09:58 PM |
|
Re: Blue Screen - please check log
|
Here is combo log for my account, Annettes to follow.
"Graham" - 2008-04-01 21:14:08 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Graham\Desktop\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1\exarehqd
C:\DOCUME~1\ALLUSE~1\APPLIC~1\exarehqd\qlkdkxqn.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\fhhjytzh
C:\DOCUME~1\ALLUSE~1\APPLIC~1\fhhjytzh\abshadsn.exe
C:\DOCUME~1\CATHER~1\DesktopEditorFKWP1.5.exe
C:\DOCUME~1\CATHER~1\DesktopEditorFKWP2.0.exe
C:\DOCUME~1\CATHER~1\Desktopfilemanagerclient.exe
C:\DOCUME~1\CATHER~1\Desktopfkwp1.5.exe
C:\DOCUME~1\CATHER~1\Desktopfkwp2.0.exe
C:\DOCUME~1\CATHER~1\Desktopfwebd.exe
C:\DOCUME~1\CATHER~1\DesktopFWebdEditor.exe
C:\DOCUME~1\CATHER~1\DesktopTrojan.Win32.BlackBird.exe
C:\DOCUME~1\CATHER~1\Desktopvirii
C:\DOCUME~1\CATHER~1\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe
C:\DOCUME~1\CATHER~1\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe
C:\DOCUME~1\CATHER~1\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe
C:\DOCUME~1\CATHER~1\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe
C:\DOCUME~1\CATHER~1\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe
C:\DOCUME~1\Graham\DesktopEditorFKWP1.5.exe
C:\DOCUME~1\Graham\DesktopEditorFKWP2.0.exe
C:\DOCUME~1\Graham\Desktopfilemanagerclient.exe
C:\DOCUME~1\Graham\Desktopfkwp1.5.exe
C:\DOCUME~1\Graham\Desktopfkwp2.0.exe
C:\DOCUME~1\Graham\Desktopfwebd.exe
C:\DOCUME~1\Graham\DesktopFWebdEditor.exe
C:\DOCUME~1\Graham\DesktopTrojan.Win32.BlackBird.exe
C:\DOCUME~1\Graham\Desktopvirii
C:\DOCUME~1\Graham\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe
C:\DOCUME~1\Graham\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe
C:\DOCUME~1\Graham\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe
C:\DOCUME~1\Graham\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe
C:\DOCUME~1\Graham\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe
C:\Program Files\PenOp
C:\Program Files\PenOp\Admin\Calib.exe
C:\Program Files\PenOp\Admin\Licence.exe
C:\Program Files\PenOp\Admin\PenStatus.exe
C:\Program Files\PenOp\Admin\pnpAdmin.exe
C:\Program Files\PenOp\Admin\pnpInfo.exe
C:\Program Files\PenOp\Admin\pnpStamp.exe
C:\Program Files\PenOp\INSTALL.LOG
C:\Program Files\PenOp\License.txt
C:\Program Files\PenOp\LOGO.ICO
C:\Program Files\PenOp\UNINSTALL.EXE
C:\Program Files\PenOp\UserGuide.PDF
C:\Program Files\WinTime
C:\Program Files\WinTime\Tablet Driver\Readme95.txt
C:\Program Files\WinTime\Tablet Driver\Remove.exe
C:\Program Files\WinTime\Tablet Driver\Uninst.isu
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\kdftlboenbg.dll
C:\WINDOWS\system32\Penopcco.dll
C:\WINDOWS\system32\Penopvx.dll
C:\WINDOWS\system32\Penopx.dll
C:\WINDOWS\system32\Pnptbyb.exe
C:\WINDOWS\system32\uhelgdsv.exe
C:\WINDOWS\Wintime
C:\WINDOWS\Wintime\gencsr.dll
C:\WINDOWS\Wintime\remove.exe
C:\WINDOWS\Wintime\remove.ing
C:\WINDOWS\Wintime\wintime.bmp
C:\WINDOWS\Wintime\wintime.dll
C:\WINDOWS\Wintime\wintime.stp
C:\WINDOWS\Wintime\wt_xpnt.dll
C:\WINDOWS\Wintime\wtframe.dll
C:\WINDOWS\Wintime\wtgenp.dll
C:\WINDOWS\Wintime\wthelp.hlp
C:\WINDOWS\Wintime\wtxpload.exe
C:\WINDOWS\Wintime\xpnt32.dll
C:\WINDOWS\Wintime\xpoint32.exe
C:\WINDOWS\Wintime\xpointps.dll
C:\WINDOWS\Wintime\xservice.exe
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
2008-03-31 03:27 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 03:27 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 03:19 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-03-31 03:19 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-03-30 14:00 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\The Labyrinth Plus! Edition
2008-03-30 13:54 98,304 --a------ C:\WINDOWS\system32\ImmPID.dll
2008-03-30 13:54 29,372 --a------ C:\WINDOWS\system32\drivers\ImHidUsb.sys
2008-03-30 13:54 192,512 --a------ C:\WINDOWS\system32\IFC22.dll
2008-03-30 13:54 16,384 --a------ C:\WINDOWS\system32\imm_enu.dll
2008-03-30 13:54 1,024,000 --a------ C:\WINDOWS\system32\ImmCpl.dll
2008-03-30 13:54 <DIR> d-------- C:\Program Files\Saitek
2008-03-30 12:59 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-03-29 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Barbie Fashion Show
2008-03-29 18:38 <DIR> d-------- C:\Program Files\Common Files\Vivendi Universal Games
2008-03-29 18:38 <DIR> d-------- C:\Program Files\Barbie(TM)
2008-03-29 14:04 32,256 --a------ C:\WINDOWS\system32\drivers\w2wtime.sys
2008-03-29 14:04 12,800 --a------ C:\WINDOWS\system32\drivers\wtcls2k.sys
2008-03-29 14:04 114,688 --a------ C:\WINDOWS\system32\wintab32.exe
2008-03-29 11:08 94,016 --a------ C:\WINDOWS\system32\Wintab.dll
2008-03-29 11:08 65,536 --a------ C:\WINDOWS\system32\wintab32.dll
2008-03-29 11:08 10,288 --a------ C:\WINDOWS\system32\Wtt16.dll
2008-03-29 11:08 <DIR> d-------- C:\Program Files\Your Company Name
2008-03-29 10:40 <DIR> d-------- C:\Program Files\JL2005C
2008-03-28 17:12 95,232 --a------ C:\WINDOWS\system\LFKODAK.DLL
2008-03-28 17:12 93,184 --a------ C:\WINDOWS\system\LFTIF70N.DLL
2008-03-28 17:12 77,824 --a------ C:\WINDOWS\system\Lffax10n.dll
2008-03-28 17:12 600,576 --a------ C:\WINDOWS\system\Ltwrp10n.dll
2008-03-28 17:12 57,344 --a------ C:\WINDOWS\system\BPEnhan.dll
2008-03-28 17:12 55,296 --a------ C:\WINDOWS\system\LTFIL70N.DLL
2008-03-28 17:12 350,208 --a------ C:\WINDOWS\system\LTKRN70N.DLL
2008-03-28 17:12 35,840 --a------ C:\WINDOWS\system32\Lflma10n.dll
2008-03-28 17:12 35,328 --a------ C:\WINDOWS\system\LFFPX70N.DLL
2008-03-28 17:12 34,304 --a------ C:\WINDOWS\system\Lfbmp10n.dll
2008-03-28 17:12 33,280 --a------ C:\WINDOWS\system32\Lfpcx10n.dll
2008-03-28 17:12 32,768 --a------ C:\WINDOWS\system\LFGIF70N.DLL
2008-03-28 17:12 31,232 --a------ C:\WINDOWS\system32\Lflmb10n.dll
2008-03-28 17:12 297,472 --a------ C:\WINDOWS\system\Ltkrn10n.dll
2008-03-28 17:12 29,184 --a------ C:\WINDOWS\system\LFLMA70N.DLL
2008-03-28 17:12 28,160 --a------ C:\WINDOWS\system32\Lfwmf10n.dll
2008-03-28 17:12 266,752 --a------ C:\WINDOWS\system\Lfcmp10n.dll
2008-03-28 17:12 26,112 --a------ C:\WINDOWS\system\LFICA70N.DLL
2008-03-28 17:12 25,088 --a------ C:\WINDOWS\system\LFLMB70N.DLL
2008-03-28 17:12 24,576 --a------ C:\WINDOWS\system\LFBMP70N.DLL
2008-03-28 17:12 24,064 --a------ C:\WINDOWS\system\LFPCT70N.DLL
2008-03-28 17:12 228,864 --a------ C:\WINDOWS\system32\Ltdis10n.dll
2008-03-28 17:12 224,768 --a------ C:\WINDOWS\system\LFCMP70N.DLL
2008-03-28 17:12 20,992 --a------ C:\WINDOWS\system\LFTGA70N.DLL
2008-03-28 17:12 20,480 --a------ C:\WINDOWS\system\LFIMG70N.DLL
2008-03-28 17:12 19,968 --a------ C:\WINDOWS\system\LFCAL70N.DLL
2008-03-28 17:12 19,456 --a------ C:\WINDOWS\system\LFPCD70N.DLL
2008-03-28 17:12 18,944 --a------ C:\WINDOWS\system\LFMAC70N.DLL
2008-03-28 17:12 175,104 --a------ C:\WINDOWS\system\LFFAX70N.DLL
2008-03-28 17:12 17,920 --a------ C:\WINDOWS\system\LFAVI70N.DLL
2008-03-28 17:12 122,368 --a------ C:\WINDOWS\system\Lftif10n.dll
2008-03-28 17:12 117,760 --a------ C:\WINDOWS\system32\Ltimg10n.dll
2008-03-28 17:12 103,424 --a------ C:\WINDOWS\system\Ltfil10n.dll
2008-03-28 16:03 <DIR> d-------- C:\Program Files\XnView
2008-03-28 16:03 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\XnView
2008-03-28 15:07 <DIR> d-------- C:\Program Files\IrfanView
2008-03-28 14:43 163,840 --a------ C:\WINDOWS\system32\12kUBusd.dll
2008-03-28 14:43 <DIR> d-------- C:\Program Files\Temp
2008-03-28 14:07 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\Leadertech
2008-03-24 23:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-24 23:47 <DIR> d-------- C:\Program Files\Philips
2008-03-24 23:36 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\Skype
2008-03-24 18:04 <DIR> d-------- C:\DOCUME~1\Annette\APPLIC~1\Skype
2008-03-24 12:46 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-24 12:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-22 10:31 <DIR> d-------- C:\Program Files\Common Files\ODBC
2008-03-21 23:30 32 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
2008-03-21 23:30 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\skypePM
2008-03-21 23:29 <DIR> d-------- C:\Program Files\Skype
2008-03-21 23:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2008-03-21 20:34 <DIR> d-------- C:\DOCUME~1\Rachel\APPLIC~1\IObit
2008-03-21 11:04 <DIR> d-------- C:\DOCUME~1\CATHER~1\APPLIC~1\Help
2008-03-17 19:58 <DIR> d-------- C:\DOCUME~1\CATHER~1\APPLIC~1\Google
2008-03-17 19:55 <DIR> d-------- C:\DOCUME~1\CATHER~1\APPLIC~1\IObit
2008-03-17 08:38 <DIR> d-------- C:\DOCUME~1\Annette\APPLIC~1\Google
2008-03-16 11:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2008-03-16 11:07 <DIR> d-------- C:\THIS_IS_ENGLAND
2008-03-15 18:02 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-14 20:54 <DIR> d-------- C:\Program Files\FlashGet
2008-03-14 08:34 <DIR> d-------- C:\DOCUME~1\Annette\APPLIC~1\IObit
2008-03-13 17:26 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\IObit
2008-03-11 21:17 <DIR> d-------- C:\Program Files\iTunes
2008-03-11 21:17 <DIR> d-------- C:\Program Files\iPod
2008-03-11 21:16 <DIR> d-------- C:\Program Files\QuickTime
2008-03-08 10:55 <DIR> d-------- C:\DOCUME~1\Graham\APPLIC~1\CyberLink
2008-03-08 10:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2008-03-08 10:41 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-03-01 22:06 <DIR> d-------- C:\Program Files\Smith Micro
2008-03-01 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SMSI
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-04-01 20:16:22 51,433,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 20:12:05 -------- d-----w C:\Program Files\Firefly Media Server
2008-04-01 19:53:07 -------- d-----w C:\Program Files\Soulseek
2008-04-01 16:53:07 604,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-30 12:54:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 10:15:37 -------- d-----w C:\Program Files\Elaborate Bytes
2008-03-29 20:29:18 -------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-03-29 17:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35:21 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29:08 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27:33 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26:52 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23:22 95,608 -c--a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-27 08:26:37 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\LimeWire
2008-03-22 09:34:18 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\WeatherWatcher
2008-03-22 09:31:33 -------- d-----w C:\Program Files\Weather Watcher
2008-03-21 10:07:08 -------- d-----w C:\Program Files\EPSON
2008-03-21 06:22:35 -------- d-----w C:\Program Files\Google
2008-03-20 20:54:54 -------- d-----w C:\Program Files\Windows Live
2008-03-20 20:38:59 -------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-03-20 20:38:59 -------- d-----w C:\Program Files\SimpleDivX
2008-03-20 20:38:59 -------- d-----w C:\Program Files\Roku Radio Snooper
2008-03-20 20:38:53 -------- d-----w C:\Program Files\MP3 Remix
2008-03-20 20:38:46 -------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-20 20:38:46 -------- d-----w C:\Program Files\DivX
2008-03-20 20:38:46 -------- d-----w C:\Program Files\Common Files\Nullsoft
2008-03-20 20:38:43 -------- d-----w C:\Program Files\Common Files\aolshare
2008-03-20 20:38:39 -------- d-----w C:\Program Files\Apple Software Update
2008-03-20 20:38:39 -------- d-----w C:\Program Files\AOL 9.0
2008-03-19 15:14:57 -------- d-----w C:\Program Files\RogueRemover FREE
2008-03-17 18:51:41 -------- d-----w C:\Program Files\SpywareBlaster
2008-03-13 16:36:18 -------- d-----w C:\Program Files\IObit
2008-03-09 10:30:42 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\ZipGenius
2008-03-07 21:19:33 -------- d-----w C:\DOCUME~1\Graham\APPLIC~1\RipIt4Me
2008-02-28 19:36:48 -------- d-----w C:\Program Files\BitComet
2008-02-26 18:49:47 -------- d-----w C:\Program Files\GirlTech
2008-02-26 16:23:29 -------- d-----w C:\Program Files\i-Sound Pro
2008-02-19 19:56:54 13,568 -c--a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-02-16 09:50:47 -------- d-----w C:\Program Files\LimeWire
2008-02-01 11:11:10 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-18 14:43:49 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-06 10:37:16 60,416 -c--a-w C:\WINDOWS\ALCFDRTM.EXE
2008-01-04 21:59:04 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58:50 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58:42 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58:42 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57:22 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57:22 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:57:16 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57:14 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57:14 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57:14 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57:14 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57:14 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57:12 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57:10 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57:10 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57:10 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:56:48 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56:24 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-01 13:39:58 46 -c--a-w C:\WINDOWS\system32\DonationCoder_rokusnooper_InstallInfo.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-23 00:08 62080 --a------ C