Kindly check my hijack this log

onerytk · #1 30-08-08, 14:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:36, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqste08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\DOCUME~1\JOHNKE~1\LOCALS~1\Temp\nsa83C8.tmp\ns8 3C9.tmp
C:\DOCUME~1\JOHNKE~1\LOCALS~1\Temp\nsd83E5.tmp\ns8 3E6.tmp
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\JOHNKE~1\LOCALS~1\Temp\nso83EE.tmp\ns8 3EF.tmp
C:\DOCUME~1\JOHNKE~1\LOCALS~1\Temp\nsn8498.tmp\ns8 499.tmp
C:\DOCUME~1\JOHNKE~1\LOCALS~1\Temp\nsr84E4.tmp\ns8 4E5.tmp
C:\DOCUME~1\JOHNKE~1\LOCALS~1\Temp\nsu850B.tmp\ns8 50F.tmp
C:\Program Files\AnswersThatWork\Troubleshooter\UltimateTroub leshooter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John Kearns\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {29f0230f-a825-44d0-b98f-a044b7592cff} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GrooveShellExtension s.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [New Application] C:\Program Files\TrojanHunter 4.7\THGuard.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.es
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvant...cab/tvants.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://upload.divshare.com/scripts/u...eUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download...1.3/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/v...l/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2F0D09B-DCD6-47ED-8B97-458C6015B7CC}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GrooveSystemServices .dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll,c:\progra~1\google\google~1\goec62~1. dll,c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXPService - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13251 bytes

I seem to be getting a number of ns****.tmp files running when I check my processes tab in windows task manager,and I do not not know what they are or where they have come from.Many thanks.

Joe_London · #2 30-08-08, 17:50

Hi onerytk,

1. Download ComboFix.exe using either of these links:

Link 1
Link 3
Double click on combofix.exe to run the programme & then follow the prompts.

It will create a new system restore point and registry backup.

You will be asked to type 1 (One) and then "enter" to run the programe.

Your firewall may seek permission to allow the programme to run. Check the "Remember" checkbox and click yes
When finished, it will produce a log for you. Save the log then copy and post it back here with a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Joe

onerytk · #3 30-08-08, 21:50

Hi Joe
Many thanks for help I hope this is what is required

ComboFix 08-08-30.01 - John Kearns 2008-08-30 22:12:38.1 - NTFSx86
Running from: C:\Documents and Settings\John Kearns\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\test.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\eWebControl.dll
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\url(2)(2)(3).dll

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.

2008-08-30 16:17 . 2008-08-30 16:19 <DIR> d-------- C:\Program Files\Hide IP NG
2008-08-30 13:35 . 2008-08-30 13:35 <DIR> d-------- C:\MxDownload
2008-08-30 13:35 . 2008-08-30 13:35 0 --a------ C:\WINDOWS\system32\cid_store.dat
2008-08-30 13:34 . 2008-08-30 18:32 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\MxBoost
2008-08-30 13:33 . 2008-08-30 13:34 <DIR> d-------- C:\Program Files\Maxthon2
2008-08-30 13:19 . 2008-08-30 13:19 <DIR> d-------- C:\Program Files\Veetle
2008-08-30 13:19 . 2008-08-30 13:19 48,396 --a------ C:\WINDOWS\UninstVeetleTVPlayer.exe
2008-08-28 13:27 . 2008-08-29 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-24 21:38 . 2008-08-24 21:38 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-24 15:48 . 2008-08-24 15:48 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 15:48 . 2008-08-24 15:48 <DIR> d-------- C:\ConvertTemp
2008-08-24 15:46 . 2008-08-24 15:47 <DIR> d-------- C:\Program Files\NOS
2008-08-22 09:46 . 0 C:\WINDOWS\system32\Y;Y;
2008-08-16 23:34 . 2008-08-24 15:45 <DIR> d-------- C:\Program Files\DigiMode
2008-08-15 23:29 . 2008-08-15 23:29 <DIR> d-------- C:\Program Files\SDP Multimedia
2008-08-15 21:44 . 2008-08-24 15:47 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-15 21:42 . 2008-08-15 21:42 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1
2008-08-15 17:12 . 2008-08-15 17:12 <DIR> d-------- C:\Program Files\Secunia
2008-08-15 16:25 . 2008-08-24 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-14 11:06 . 2008-08-14 11:21 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-10 09:36 . 2008-08-10 09:37 <DIR> d-------- C:\Program Files\MP3 Remix
2008-08-10 09:36 . 2008-08-10 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MP3 Remix
2008-08-08 17:58 . 2008-08-08 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-08 17:53 . 2008-08-08 17:53 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-08 17:44 . 2008-08-08 18:35 165,244 --a------ C:\WINDOWS\hpoins28.dat
2008-08-08 17:44 . 2008-05-12 21:12 796 --------- C:\WINDOWS\hpomdl28.dat
2008-08-08 16:22 . 2008-08-08 18:50 141,136 --a------ C:\WINDOWS\hpoins14.dat
2008-08-08 16:22 . 2007-09-20 03:14 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-08-08 11:52 . 2008-08-08 11:52 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\HP
2008-08-05 22:53 . 2008-08-05 22:54 <DIR> d-------- C:\Program Files\honestech Video Editor 7.0
2008-08-05 12:09 . 2008-08-05 12:09 230,454 --a------ C:\WINDOWS\0000.bmp
2008-08-05 11:39 . 2008-08-05 11:39 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\Yahoo!
2008-08-05 11:39 . 2008-08-05 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-04 16:24 . 2008-08-04 17:47 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\IObit
2008-08-04 16:24 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-08-04 16:23 . 2008-08-04 16:23 <DIR> d-------- C:\Program Files\IObit
2008-08-03 22:29 . 2008-08-03 22:29 <DIR> d-------- C:\Hide IP NG
2008-08-03 22:02 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-03 22:02 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-03 22:02 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-03 22:02 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-03 20:21 . 2008-08-04 17:42 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-02 19:33 . 2008-08-02 19:33 <DIR> d-------- C:\Program Files\Seamless
2008-08-01 14:50 . 2008-08-01 14:59 <DIR> d-------- C:\Movavi files
2008-08-01 14:45 . 2008-08-02 20:56 <DIR> d-------- C:\Program Files\Aplus Video Joiner
2008-08-01 13:02 . 2008-08-01 13:02 <DIR> d-------- C:\Documents and Settings\John Kearns\LocalLow
2008-08-01 13:02 . 2008-08-01 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-07-31 13:16 . 2008-07-31 14:43 23 --a------ C:\Documents and Settings\John Kearns\jagex_runescape_preferences.dat
2008-07-31 13:15 . 2008-07-31 13:15 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-30 00:26 . 2008-08-03 09:14 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\tor
2008-07-30 00:24 . 2008-07-30 00:25 <DIR> d-------- C:\Program Files\Vidalia Bundle
2008-07-30 00:24 . 2008-08-03 10:03 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\Vidalia
2008-07-28 14:22 . 1998-05-11 20:01 240,944 --a------ C:\WINDOWS\system32\RICHED.DLL
2008-07-26 11:01 . 2008-07-29 11:51 <DIR> d-------- C:\Program Files\PCPitstop
2008-07-24 18:15 . 2008-07-24 19:03 <DIR> dr------- C:\My Movie Files
2008-07-22 19:07 . 2008-07-22 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-22 19:05 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-22 19:05 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-07-22 19:04 . 2008-07-22 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-22 19:04 . 2007-03-30 17:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-07-22 19:04 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-07-22 19:04 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-07-22 19:03 . 2007-03-17 18:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-07-22 19:03 . 2007-03-17 18:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-07-22 19:03 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-07-22 19:03 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-07-22 19:03 . 2007-03-17 18:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-07-22 19:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-22 19:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-22 17:02 . 2008-08-08 15:06 141,021 --------- C:\WINDOWS\hpoins14.dat.temp
2008-07-22 17:02 . 2007-09-20 03:14 2,000 --------- C:\WINDOWS\hpomdl14.dat.temp
2008-07-22 16:43 . 2008-08-08 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Program Files\Common Files\HP
2008-07-22 16:41 . 2008-07-22 16:41 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-22 16:39 . 2008-08-08 17:58 <DIR> d-------- C:\Program Files\HP
2008-07-22 08:44 . 2008-08-02 17:13 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\Cabos
2008-07-22 08:43 . 2008-07-22 08:43 <DIR> d-------- C:\Program Files\Cabos
2008-07-21 00:29 . 2008-07-21 00:29 <DIR> d-------- C:\Program Files\Fotosizer
2008-07-20 10:08 . 2008-07-22 11:22 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-20 10:02 . 2008-07-20 10:02 <DIR> d-------- C:\Program Files\PicLensIE
2008-07-20 09:10 . 2008-07-20 09:10 <DIR> d-------- C:\Documents and Settings\Abbey Kearns.VERDEPINO\Application Data\WinPatrol
2008-07-19 17:00 . 2008-08-30 16:17 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\Hide IP NG
2008-07-18 12:32 . 2008-07-18 12:32 <DIR> d-------- C:\Program Files\MIKSOFT
2008-07-18 11:48 . 2008-07-18 16:15 <DIR> d-------- C:\Program Files\3GP Player
2008-07-17 23:52 . 2008-08-04 17:04 <DIR> d-------- C:\Program Files\Password Manager Deluxe
2008-07-17 23:52 . 2008-07-17 23:52 <DIR> d-------- C:\Documents and Settings\John Kearns\Application Data\Kristanix Software
2008-07-17 23:52 . 2008-07-17 23:52 <DIR> d-------- C:\Backup
2008-07-17 23:52 . 2008-07-17 23:52 23 --a------ C:\WINDOWS\system32\krx220.dat
2008-07-17 00:48 . 2008-07-17 00:59 <DIR> d-------- C:\Program Files\Proxy Switcher Standard
2008-07-16 15:06 . 2008-07-16 15:46 <DIR> d-------- C:\Program Files\Lx_cats
2008-07-16 15:05 . 2008-07-17 21:24 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-07-16 15:05 . 2008-07-16 15:32 275 --a------ C:\lxcffire.csv
2008-07-16 15:05 . 2008-07-16 15:05 0 --a------ C:\lxcffire.000
2008-07-15 16:28 . 2008-07-16 09:43 <DIR> d-------- C:\Program Files\ExplorerXP
2008-07-15 12:57 . 2008-07-24 20:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-09 18:32 . 2008-07-09 18:32 <DIR> d-------- C:\Program Files\Common Files\Cadsoft
2008-07-09 18:31 . 2008-07-09 18:31 <DIR> d-------- C:\Program Files\IMSIDesign
2008-07-09 18:31 . 2008-07-09 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IMSIDesign
2008-07-09 05:04 . 2008-07-09 05:04 <DIR> d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-09 05:03 . 2008-07-09 05:03 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-01 22:03 . 2008-07-01 22:03 <DIR> d-------- C:\CCProxy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-30 14:32 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\uTorrent
2008-08-30 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-28 22:40 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\ImgBurn
2008-08-24 13:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-24 13:44 --------- d-----w C:\Program Files\Bit Che
2008-08-20 17:12 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\Skype
2008-08-15 14:59 --------- d-----w C:\Program Files\Java
2008-08-15 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-06 08:23 --------- d-----w C:\Program Files\ComfortKeyboard
2008-08-05 20:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 21:03 --------- d-----w C:\Program Files\Yahoo!
2008-08-04 20:13 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-04 20:09 --------- d-----w C:\Program Files\ESET
2008-08-04 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-04 16:36 --------- d-----w C:\Program Files\Intel
2008-08-04 16:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-04 15:18 --------- d-----w C:\Program Files\TVAnts
2008-08-04 15:18 --------- d-----w C:\Program Files\OpenExpert
2008-08-04 15:18 --------- d-----w C:\Program Files\LimeWire
2008-08-04 15:18 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\FEP
2008-08-04 15:18 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\Azureus
2008-08-04 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-04 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MVTLogs
2008-08-04 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-08-04 15:04 --------- d-----w C:\Program Files\Spy Cleaner Gold
2008-08-04 15:04 --------- d-----w C:\Program Files\NetScream
2008-08-04 15:04 --------- d-----w C:\Program Files\ModemTest
2008-08-04 15:04 --------- d-----w C:\Program Files\Modem Helper
2008-08-04 15:04 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-08-04 15:04 --------- d-----w C:\Program Files\MagicISO
2008-08-04 15:04 --------- d-----w C:\Program Files\MagicDisc
2008-08-04 15:04 --------- d-----w C:\Program Files\ImageBadger
2008-08-04 15:04 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\Sylpheed
2008-08-04 15:04 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\ProspectorV5
2008-08-04 15:04 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\BitTorrent
2008-08-04 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-08-03 14:02 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\skypePM
2008-08-02 15:02 --------- d-----w C:\Program Files\Ashampoo
2008-08-01 11:02 --------- d-----w C:\Program Files\TVUPlayer
2008-08-01 10:42 --------- d-----w C:\Program Files\Google
2008-08-01 06:54 --------- d-----w C:\Program Files\MediaJoin
2008-07-29 09:45 --------- d-----w C:\Program Files\URLSnooper2
2008-07-29 09:43 --------- d-----w C:\Program Files\RS audials
2008-07-29 09:38 --------- d-----w C:\Program Files\InAlbum 3 Deluxe
2008-07-28 16:43 --------- d-----w C:\Program Files\Opera
2008-07-25 17:43 --------- d-----w C:\Program Files\Kontiki
2008-07-25 17:30 --------- d-----w C:\Program Files\Bonjour
2008-07-25 17:29 --------- d-----w C:\Program Files\Apple Software Update
2008-07-25 17:13 --------- d-----w C:\Program Files\SmartDraw 2008
2008-07-25 17:12 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-07-25 17:11 --------- d-----w C:\Program Files\WinMPG VideoConvert
2008-07-25 16:54 --------- d-----w C:\Program Files\The Rosetta Stone
2008-07-25 16:51 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\ppstream
2008-07-19 22:21 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\Apple Computer
2008-07-19 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-18 21:04 --------- d-----w C:\Program Files\QuickTime
2008-07-18 21:01 --------- d-----w C:\Program Files\iTunes
2008-07-18 21:00 --------- d-----w C:\Program Files\iPod
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-08 13:45 --------- d--h--w C:\Documents and Settings\John Kearns\Application Data\InAlbumTemp
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 21:58 --------- d-----w C:\Program Files\EMCO Malware Destroyer
2008-07-01 20:31 --------- d-----w C:\Documents and Settings\John Kearns\Application Data\Ashampoo
2008-06-30 13:03 --------- d-----w C:\Program Files\Word Search Deluxe
2008-06-27 13:15 259,584 ----a-w C:\WINDOWS\system32\xtsupermenuhook.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 14:30 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
2007-10-01 07:51 1,138 --sh--w C:\WINDOWS\lcfep5b.drv
2006-11-25 13:45 88 --sh--r C:\WINDOWS\system32\C33E00BCB7.sys
2008-01-10 16:35 3,454 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-18 08:07 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
2008-05-18 08:07 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-05-18 08:07 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"New Application"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-09-05 13:55 523264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 13:33 271936]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42 1404928]
"OFFICEKB"="C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe" [2007-03-18 19:44 387584]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-02-18 20:57 949376]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2006-08-27 19:57 958464]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-06-23 11:13 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 09:01 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
"vidc.dvsd"= pdvcodec.dll
"msacm.ac3filter"= ac3filter.acm
"VIDC.MJPG"= pvmjpg21.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2008-02-27 18:56 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostSurf Reminder]
--a------ 2005-08-15 00:32 82037 C:\Program Files\GhostSurf Platinum\Privacy Control Center.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2008-02-27 18:56 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"AgenteADSL_15"=C:\Program Files\Telefonica\KitAIM\AimExDll.exe AimGestA.dll 7
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\IS USPM.exe -startup
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe"
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled]
"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\AV-CLS\\WGET.EXE"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"<NO NAME>"= "C:\\Program Files\\PPStream\\PPStream.exe" "C:\\Program Files\\PPStream\\PPStream.exe
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Zattoo\\Zattoo2.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\SmartHide\\2\\SmartHide.exe"=
"C:\\Program Files\\SmartHide\\SmartHide.exe"=
"C:\\CCProxy\\CCProxy.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Labtec\\Desktop\\V5.1\\KBDAP32A.EXE"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownload Server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"20747:TCP"= 20747:TCP:BitComet 20747 TCP
"20747:UDP"= 20747:UDP:BitComet 20747 UDP
"58970:TCP"= 58970:TCP:Pando P2P TCP Listening Port
"58970:UDP"= 58970:UDP:Pando P2P UDP Listening Port

R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys [2003-05-11 16:20]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2007-11-22 18:17]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-09-14 05:01]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 07:00]
R3 tap0801;Smarthide TAP driver;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-10-12 15:07]
S3 CachemanXPService;CachemanXPService;C:\PROGRA~1\CA CHEM~1\CachemanXP.exe [2008-03-03 22:39]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-14 21:40]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 10:31]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-02-29 23:24]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-30 C:\WINDOWS\Tasks\AWC Update.job
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.exe []

2008-08-30 C:\WINDOWS\Tasks\AWC Update.job
- C:\Program Files\IObit\Advanced WindowsCare 3 Beta\ [2008-08-24 15:53]

2008-08-30 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-08-30 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-05-14 17:04]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{29f0230f-a825-44d0-b98f-a044b7592cff} - (no file)
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\John Kearns\Application Data\Mozilla\Firefox\Profiles\6rtk0nnf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=...e=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://uk.yahoo.com/index_narrow.html
FF -: plugin - C:\Documents and Settings\John Kearns\Application Data\Mozilla\Firefox\Profiles\6rtk0nnf.default\ext ensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
FF -: plugin - C:\Documents and Settings\John Kearns\Application Data\Mozilla\Firefox\Profiles\6rtk0nnf.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp07074039.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npagent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dl l
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 22:25:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Labtec\Desktop\V5.1\mouse32a.exe
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE
C:\WINDOWS\system32\dwwin.exe
.
************************************************** ************************
.
Completion time: 2008-08-30 22:36:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 20:36:20
ComboFix2.txt 2007-01-22 20:21:45

Pre-Run: 4,931,682,304 bytes free
Post-Run: 5,959,118,848 bytes free

430 --- E O F --- 2008-08-30 03:10:53
And my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:59, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\John Kearns\Desktop\HiJackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GrooveShellExtension s.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [New Application] C:\Program Files\TrojanHunter 4.7\THGuard.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.es
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvant...cab/tvants.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://upload.divshare.com/scripts/u...eUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download...1.3/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/v...l/installer.exe
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2F0D09B-DCD6-47ED-8B97-458C6015B7CC}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GrooveSystemServices .dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXPService - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12249 bytes

Joe_London · #4 31-08-08, 09:47

Thanks for that.

Open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.

I'm unfamiliar with this organisation, can you tell me about it please?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

Joe.

onerytk · #5 31-08-08, 10:19

Thanks again Joe
Just a bit of background info I live in Spain and cannot access UK sites or UK programs such as zattoo when you are required to have a UK ip address,I have therefore tried various proxy programs to enable me to get through to these sites.However my knowledge is somwhat basic and I really dont know what the reg key you pointed out is.Here is the list of my programs requested.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
3D Groove Playback Engine
3GP Player 2008
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Acronis*True*Image*Home
Ad-Aware SE v1.06r1
Adobe Acrobat 8.1.2 Professional
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Disk Cleaner
Advanced WindowsCare 3 Beta
Agente ADSL USB
All Media Fixer 8.1
AMCap
AnyReader 2.0
Ashampoo Burning Studio 8.02
Ashampoo Movie Shrink & Burn 2
Ashampoo WinOptimizer 5.05
Autoplay Repair 2.2.1
AVG Anti-Rootkit Free
BBC iPlayer Download Manager
Belarc Advisor 7.2
Bit Che
Cabos
CCProxy 6.61
CircleSurround II Plugin for Windows Media Player
CloneCD
CoffeeCup Visual Site Designer
Combined Community Codec Pack 2008-01-24
Comfort Keyboard 2.0
Conexant D850 56K V.9x DFVc Modem
dBpoweramp Music Converter
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
DigiMode Toolbar
Digital Line Detect
Diskeeper 2007 Pro Premier
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DriverMax 4
East-Tec Backup 2008 2.0
Easy Video Downloader v. 1.4.1
EMCO Malware Destroyer
Eraser
Eraser
Error Messages for Windows
EVEREST Home Edition v2.20
Fotosizer 1.17
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
GhostSurf 2007 Platinum
Glary Utilities 2.4
GOM Player
Google Talk (remove only)
HD Tune 2.53
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
honestech Video Editor
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 11.0
HP Deskjet All-In-One Software 9.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Print Diagnostic Utility
HP Product Detection
HP Solution Center 11.0
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 13.0.42.0
Invisible IP Map
IrfanView (remove only)
ISOBURN 1.7
iTunes
IZArc 3.5 beta 3
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 3
Java(TM) 6 Update 7
KillProcess 2.42
Labtec Desktop V5.1
Magic ISO Maker v5.4 (build 0247)
MagicDisc 2.6.93
Map Button (Windows Live Toolbar)
Maxthon2 Browser (remove only)
MCU
MediaJoin
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft ActiveX Control Pad
Microsoft AutoRoute 2007
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 7.0
Modem Helper
ModemTest V1.3
MOVAVI VideoSuite 3.5
Mozilla Firefox (2.0.0.16)
MP3 Player Utilities 3.13
MP3 Player Utilities 3.68
MP3 Remix for Windows Media Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multiple Image Resizer .NET
Nero OEM
NetWaiting
Nikon FotoShare
Nikon Message Center
NOD32 antivirus system
NOD32 FiX v2.1
OLYMPUS Master
Online Radio Tuner Standard Edition
OpenExpert 1.40
Opera
Opera 9.24
Opera 9.51
Paint.NET v3.22
Panda ActiveScan
PC Wizard 2008.1.84
PDF Settings
PicLens for Internet Explorer
PictureProject
Plato Video Joiner 4.33
Power Video Converter 1.5.52
PowerISO
Privoxy 3.0.6
Proxy Finder Enterprise Edition
ProxySwitcher Standard
Radio Station
RealPlayer
Registry Repair Wizard
RogueRemover 1.12
SAMSUNG Mobile Composite Device Software
Samsung PC Studio 3
Screenshot Captor 2.37.03
SDP Downloader
Secunia PSI (RC3)
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SmartHide 2.1.121
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
SopCast 3.0.0
SpeedTouch USB Software
Spy Cleaner Gold 9.5 Full Version
Spybot - Search & Destroy
Spyware Doctor 6.0
System TuneUp
Table Tennis Pro V2 Lite (V2.32)
The Off By One Web Browser
The Ultimate Troubleshooter
TMPGEnc Plus 2.5
TMPGEnc Plus 2.5
Tor 0.1.2.19
Total Video Converter 2.41
Tracks Eraser Pro v7.0
TrojanHunter 4.7
TuneUp Utilities 2008
TurboFLOORPLAN Landscape & Deck
TVAnts 1.0
TVUPlayer 2.3.7.1
Ultra QuickTime Converter 2.2.0723
UnderCoverXP 1.14
Unlocker 1.8.5
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb955433)
Update for Windows XP (KB932716)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
URL Helper
VCDCutter
VCDEasy
Veetle TV Player 0.9.6
Veetle TV Player 0.9.6
Veoh Player
Vidalia 0.0.16
VideoLAN VLC media player 0.8.6i
Vimicro USB PC Camera (ZC0301PLH)
Virtools 3D Life Player
Volume Balancer 1.7
WinAVI Video Converter
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Resource Kit Tools - SubInAcl.exe
WinPatrol
WinPcap 4.1 beta2
WinRAR archiver
WinZip
WM Recorder 12.0
Word Search Deluxe
Xilisoft Video Converter 3
XoftSpySE
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar
Zattoo 3.1.1 Beta

Joe_London · #6 31-08-08, 12:30

I've had a look at the plimus website and it appears to be some sort of business application. Is this PC used for business?

Joe.

onerytk · #7 31-08-08, 14:34

Hi Joe
No the pc is my home pc and not used for business purposes,except to check emails etc

Joe_London · #8 31-08-08, 19:14

Thanks for that information.

It looks as if Combofix may have removed the culprits causing the original issue. perhaps you would let me know.

You appear to have installed some anti-malware programmes Listed in SpywareWarrior's rogue's list.

Spy Cleaner Gold 9.5
XoftSpySE

I can't find any definitive information on this one either although their site is not approved by site advisor:
EMCO Malware Destroyer
Unless you're sure they're OK I recommend uninstalling all of them via the add/remove utility in the control panel. Its always best to stick with the tried and tested programmes.

Also uninstall this old java update:
Java(TM) 6 Update 3

Open Hijackthis, take another scan and place a checkmark next to these entries.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe

The next lines marked blue are restrictions. If you didn't set them yourself or have them set by a software program such as Spybot Search and Destroy then click the check-box on the left. If you intentionally set the restrictions, then leave them alone.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Close all open Windows except Hijackthis and click on "fix Checked".
Reboot the computer.

Download CCleaner from here to clean temp files from your computer.
Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location.
Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
Click Run Cleaner to run the program.
Caution: Uncheck the 'Issues' tab as it's not necessary for the purpose of this fix.
After it has completed it's process, click Exit.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.<ul type="square">[*]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.[*]If an update is found, it will download and install the latest version.[*]Once the program has loaded, select "Perform Quick Scan", then click Scan.[*]The scan may take some time to finish,so please be patient.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Make sure that everything is checked, and click Remove Selected.[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.[*]Copy&Paste the entire report in your next reply.[/list]Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Post the following:

A new Hijackthis log
Another Uninstall List.
The Malbytes log.

This may not remove all the infections present. It is important that you post back and complete the fix.

Please post in this thread for further review and evaluation.
Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running.

Joe.

onerytk · #9 01-09-08, 09:46

Hello again Joe
Firstly here are the logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:28, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John Kearns\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [New Application] C:\Program Files\TrojanHunter 4.7\THGuard.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.es
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvant...cab/tvants.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://upload.divshare.com/scripts/u...eUploader4.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download...1.3/ttinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/...x/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2F0D09B-DCD6-47ED-8B97-458C6015B7CC}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXPService - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11403 bytes
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
3D Groove Playback Engine
3GP Player 2008
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Acronis True Image Home
Ad-Aware SE v1.06r1
Adobe Acrobat 8.1.2 Professional
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Disk Cleaner
Advanced WindowsCare 3 Beta
Agente ADSL USB
All Media Fixer 8.1
AMCap
AnyReader 2.0
Ashampoo Burning Studio 8.02
Ashampoo Movie Shrink & Burn 2
Ashampoo WinOptimizer 5.05
Autoplay Repair 2.2.1
AVG Anti-Rootkit Free
BBC iPlayer Download Manager
Belarc Advisor 7.2
Bit Che
Cabos
CCleaner (remove only)
CCProxy 6.61
CircleSurround II Plugin for Windows Media Player
CloneCD
CoffeeCup Visual Site Designer
Combined Community Codec Pack 2008-01-24
Comfort Keyboard 2.0
Conexant D850 56K V.9x DFVc Modem
dBpoweramp Music Converter
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
DigiMode Toolbar
Digital Line Detect
Diskeeper 2007 Pro Premier
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DriverMax 4
East-Tec Backup 2008 2.0
Easy Video Downloader v. 1.4.1
Eraser
Eraser
Error Messages for Windows
EVEREST Home Edition v2.20
Fotosizer 1.17
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
GhostSurf 2007 Platinum
Glary Utilities 2.4
GOM Player
Google Talk (remove only)
HD Tune 2.53
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
honestech Video Editor
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 11.0
HP Deskjet All-In-One Software 9.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Print Diagnostic Utility
HP Product Detection
HP Solution Center 11.0
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections 13.0.42.0
Invisible IP Map
IrfanView (remove only)
ISOBURN 1.7
iTunes
IZArc 3.5 beta 3
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 3
Java(TM) 6 Update 7
KillProcess 2.42
Labtec Desktop V5.1
Magic ISO Maker v5.4 (build 0247)
MagicDisc 2.6.93
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Maxthon2 Browser (remove only)
MCU
MediaJoin
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft ActiveX Control Pad
Microsoft AutoRoute 2007
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 7.0
Modem Helper
ModemTest V1.3
MOVAVI VideoSuite 3.5
Mozilla Firefox (2.0.0.16)
MP3 Player Utilities 3.13
MP3 Player Utilities 3.68
MP3 Remix for Windows Media Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multiple Image Resizer .NET
Nero OEM
NetWaiting
Nikon FotoShare
Nikon Message Center
NOD32 antivirus system
NOD32 FiX v2.1
OLYMPUS Master
Online Radio Tuner Standard Edition
OpenExpert 1.40
Opera
Opera 9.24
Opera 9.51
Paint.NET v3.22
Panda ActiveScan
PC Wizard 2008.1.84
PDF Settings
PicLens for Internet Explorer
PictureProject
Plato Video Joiner 4.33
Power Video Converter 1.5.52
PowerISO
Privoxy 3.0.6
Proxy Finder Enterprise Edition
ProxySwitcher Standard
Radio Station
RealPlayer
Registry Repair Wizard
RogueRemover 1.12
SAMSUNG Mobile Composite Device Software
Samsung PC Studio 3
Screenshot Captor 2.37.03
SDP Downloader
Secunia PSI (RC3)
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
SmartHide 2.1.121
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
SopCast 3.0.0
SpeedTouch USB Software
Spybot - Search & Destroy
Spyware Doctor 6.0
System TuneUp
The Off By One Web Browser
The Ultimate Troubleshooter
TMPGEnc Plus 2.5
TMPGEnc Plus 2.5
Tor 0.1.2.19
Total Video Converter 2.41
Tracks Eraser Pro v7.0
TrojanHunter 4.7
TuneUp Utilities 2008
TurboFLOORPLAN Landscape & Deck
TVAnts 1.0
TVUPlayer 2.3.7.1
Ultra QuickTime Converter 2.2.0723
UnderCoverXP 1.14
Unlocker 1.8.5
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb955433)
Update for Windows XP (KB932716)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
URL Helper
VCDCutter
VCDEasy
Veetle TV Player 0.9.6
Veetle TV Player 0.9.6
Veoh Player
Vidalia 0.0.16
VideoLAN VLC media player 0.8.6i
Vimicro USB PC Camera (ZC0301PLH)
Virtools 3D Life Player
Volume Balancer 1.7
WinAVI Video Converter
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Resource Kit Tools - SubInAcl.exe
WinPatrol
WinPcap 4.1 beta2
WinRAR archiver
WinZip
WM Recorder 12.0
Word Search Deluxe
Xilisoft Video Converter 3
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar
Zattoo 3.1.1 Beta

Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2

22:35:03 31/08/2008
mbam-log-08-31-2008 (22-35-03).txt

Scan type: Quick Scan
Objects scanned: 59713
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> Not selected for removal.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Just a few obsevations and comments if I may,firstly it does indeed look like combofix has cured the problem of the temp files.Secondly I could not find
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u in the hijackthis log.Thirdly could not uninstall Java(TM) 6 Update 3 as i get Windows message "This action is only valid for products currently installed" and fourthly should I do anything about this key that you previously noticed
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
The pc is working but does seem different and seems to be struggling to connect to certain sites eg yahoo but this could be just coincidental I suppose.Anyway many thanks once again.

Joe_London · #10 01-09-08, 14:30

I hadn't noticed before but you are running Hijackthis from your Desktop which is wrong. Please uninstall the current version, you can reinstall it again later if we need it.

[ QUOTE ]

it does indeed look like combofix has cured the problem of the temp files.

[/ QUOTE ]
Thats good.

Looking at the malwarebytes report you will need to run it again to remove this:
[ QUOTE ]

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> Not selected for removal.

[/ QUOTE ]
make sure you enable the removal of this entry please and then post a new report.
[ QUOTE ]

Secondly I could not find
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u in the hijackthis log.

[/ QUOTE ]
Combofix may have removed it. No problem there.
[ QUOTE ]

Thirdly could not uninstall Java(TM) 6 Update 3 as i get Windows message "This action is only valid for products currently installed"

[/ QUOTE ]
You should try re-installing Hijackthis correctly and use that to remove this entry. Here are the full install instructions.

Download HJTInstall.exe to your desktop.<ul type="square">[*]Double-click HJTInstall.exe icon on your desktop to start the installation.
[*]By default it will install to C:\Program Files\Trend Micro\Hijack This. [/list]
Open Hijackthis,
Misc Tools Section| Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Highlight the entry below and then click "delete this entry".

Java(TM) 6 Update 3

[ QUOTE ]

and fourthly should I do anything about this key that you previously noticed
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

[/ QUOTE ]
Not at this point because its not dangerous and I'm not completely in the picture regarding your Internet connection.
[ QUOTE ]

The pc is working but does seem different and seems to be struggling to connect to certain sites eg yahoo but this could be just coincidental I suppose.Anyway many thanks once again.

[/ QUOTE ]
It seems to me you would need to do a complete review of the system as you appear to have an enormous amount of programmes on there. Also you have a lot of stuff running and all of this uses up resources and slows the computer speed down. A lot of the stuff seems to relate to computer tweaks etc which may or may not be required, only you can say.
As I said above I'm not fully in the picture regarding your Internet connection either.
I also recommend a review of your securities.

Let me know if you need any advice regarding the above reviews.

Copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad*

Copy and paste all the text in the quotebox below into it:

[ QUOTE ]

KillAll::

ADS::
C:\windows\system32

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
"C:\\Program Files\\EMCO Malware Destroyer\\MalwareDestroyer.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"20747:TCP"=-
"20747:UDP"=-
"58970:TCP"=-
"58970:UDP"=-

[/ QUOTE ]

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

If the image isn't visible Click Here to view.

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This reactivates Combofix. Again follow the prompts.

It will create another System restore point.

When finished, it shall produce a log for you at C:\ComboFix.txt

Copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Post the following:

Another Uninstall List.
The Malwarebytes log.
The Combofix log

This may not remove all the infections present. It is important that you post back and complete the fix.

Please post in this thread for further review and evaluation.
Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running.

Joe.

Webuser.co.uk

Web User Alerts

Web User Network

Site Policies

Magazine Subscription

Contacts

Search