Tech Support Forum - View Single Post

jooools · 08-07-2007, 11:00 AM

Thanks - here's the logs

ComboFix 07-08-07.6 - "Julian" 2007-08-07 17:49:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.150 [GMT 1:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\dmadON2.dll

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 16:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-04 12:35 24,128 --a------ C:\WINDOWS\system32\W40Ld5e6.exe
2007-07-18 20:31 <DIR> d-------- C:\Program Files\Vstplugins
2007-07-18 20:13 <DIR> d--hs---- C:\found.000
2007-07-18 20:06 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-07-18 18:08 <DIR> d-------- C:\Program Files\Garden Planner
2007-07-17 21:14 <DIR> d-------- C:\Program Files\Xvid

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 17:52 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000002-80401102}.dat
2007-08-07 17:52 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000C-00001102-00000002-80401102}.dat
2007-08-07 16:59 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\uTorrent
2007-08-06 17:19 --------- d-------- C:\Program Files\Trend Micro
2007-07-31 20:40 --------- d-------- C:\Program Files\eMule
2007-07-22 13:22 --------- d-------- C:\Program Files\IrfanView
2007-07-22 09:32 1852 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-18 20:34 --------- d-------- C:\Program Files\Sony
2007-07-18 18:18 248 --a------ C:\Program Files\Garden Plannerini.xml
2007-07-04 17:50 --------- d-------- C:\Program Files\iZotope
2007-07-04 17:50 --------- d-------- C:\Program Files\Common Files\iZotope
2007-07-04 17:50 --------- d-------- C:\Program Files\Common Files\Digidesign
2007-07-04 16:57 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\Publish Providers
2007-07-04 16:54 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\Sony
2007-07-04 16:48 --------- d-------- C:\Program Files\Sony Setup
2007-06-30 21:59 5 --a------ C:\WINDOWS\system32\system1.dat
2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-26 20:42 --------- d-------- C:\Program Files\easetech
2007-04-24 20:12 36248 --a------ C:\DOCUME~1\Julian\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-02-22 22:26 177152 --a------ C:\Program Files\utorrent.exe
2006-10-08 19:02 892928 --a------ C:\Program Files\GSpot.exe
2006-10-02 23:59 137 --a------ C:\Program Files\exportformat.txt
2006-10-01 22:47 95008 -ra------ C:\Program Files\GSpot26.dat
2006-09-29 08:29 3615 -ra------ C:\Program Files\license.txt
2006-09-28 17:22 91265 --a------ C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 17:22 49149 --a------ C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 17:21 41996 --a------ C:\Program Files\dxdllreg_x86.cab
2006-09-28 17:21 183321 --a------ C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 17:21 1413862 --a------ C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 17:21 138977 --a------ C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 17:21 1128177 --a------ C:\Program Files\OCT2006_d3dx9_31_x86.cab
2006-09-28 16:55 976020 --------- C:\Program Files\BDAXP.cab
2006-09-28 16:55 917318 --------- C:\Program Files\Apr2006_MDX1_x86.cab
2006-09-28 16:55 88102 --------- C:\Program Files\AUG2006_xinput_x64.cab
2006-09-28 16:55 87989 --------- C:\Program Files\Apr2006_xinput_x64.cab
2006-09-28 16:55 86925 --------- C:\Program Files\Oct2005_xinput_x64.cab
2006-09-28 16:55 82374 --a------ C:\Program Files\dxupdate.cab
2006-09-28 16:55 74520 --a------ C:\Program Files\DSETUP.dll
2006-09-28 16:55 703080 --------- C:\Program Files\BDA.cab
2006-09-28 16:55 484632 --a------ C:\Program Files\DXSETUP.exe
2006-09-28 16:55 47018 --------- C:\Program Files\AUG2006_xinput_x86.cab
2006-09-28 16:55 46898 --------- C:\Program Files\Apr2006_xinput_x86.cab
2006-09-28 16:55 46247 --------- C:\Program Files\Oct2005_xinput_x86.cab
2006-09-28 16:55 4163518 --------- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 16:55 2248984 --a------ C:\Program Files\dsetup32.dll
2006-09-28 16:55 183863 --------- C:\Program Files\AUG2006_XACT_x64.cab
2006-09-28 16:55 181745 --------- C:\Program Files\JUN2006_XACT_x64.cab
2006-09-28 16:55 180021 --------- C:\Program Files\Apr2006_xact_x64.cab
2006-09-28 16:55 179247 --------- C:\Program Files\Feb2006_xact_x64.cab
2006-09-28 16:55 15493481 --------- C:\Program Files\DirectX.cab
2006-09-28 16:55 1398718 --------- C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-09-28 16:55 138195 --------- C:\Program Files\AUG2006_XACT_x86.cab
2006-09-28 16:55 1363684 --------- C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-09-28 16:55 1358864 --------- C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-09-28 16:55 1351430 --------- C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-09-28 16:55 1348242 --------- C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-09-28 16:55 134631 --------- C:\Program Files\JUN2006_XACT_x86.cab
2006-09-28 16:55 133991 --------- C:\Program Files\Apr2006_xact_x86.cab
2006-09-28 16:55 1336890 --------- C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-09-28 16:55 133297 --------- C:\Program Files\Feb2006_xact_x86.cab
2006-09-28 16:55 13265040 --------- C:\Program Files\dxnt.cab
2006-09-28 16:55 1248387 --------- C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-09-28 16:55 1156363 --------- C:\Program Files\BDANT.cab
2006-09-28 16:55 1116109 --------- C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-09-28 16:55 1085608 --------- C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-09-28 16:55 1080344 --------- C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-09-28 16:55 1079850 --------- C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-09-28 16:55 1078532 --------- C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-09-28 16:55 1065813 --------- C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-09-28 16:55 1014113 --------- C:\Program Files\Feb2005_d3dx9_24_x86.cab
2006-08-12 15:51 757760 --a------ C:\Program Files\VirtualDub.exe
2006-08-12 15:51 120235 --a------ C:\Program Files\VirtualDub.vdi
2006-08-12 15:50 7738 --a------ C:\Program Files\vdub.exe
2006-08-12 15:50 16384 --a------ C:\Program Files\auxsetup.exe
2006-08-12 15:49 7168 --a------ C:\Program Files\vdremote.dll
2006-08-12 15:49 7168 --a------ C:\Program Files\vdicmdrv.dll
2006-08-12 15:49 5120 --a------ C:\Program Files\vdsvrlnk.dll
2006-08-12 15:49 210421 --a------ C:\Program Files\VirtualDub.chm
2006-04-14 12:21 5632 --ahs---- C:\Program Files\Thumbs.db
2005-12-19 23:52 18321 --a------ C:\Program Files\copying
2005-12-05 19:28 916806 --------- C:\Program Files\Dec2005_MDX1_x86.cab
2005-12-05 19:28 3673932 --------- C:\Program Files\Dec2005_MDX1_x86_Archive.cab
2005-10-12 16:30 55296 --a------ C:\Program Files\sis-usbdetect.exe
2005-10-11 17:33 559776 --a------ C:\Program Files\GoogleToolbarInstaller.exe
2005-10-07 08:25 2855080 --a------ C:\Program Files\aawsepersonal.exe
2005-09-15 21:23 9346664 --a------ C:\Program Files\zlsSetup_60_667_000.exe
2005-07-23 10:36 2995547 --a------ C:\Program Files\everesthome200.exe
2005-07-22 18:07 1440768 --a------ C:\Program Files\Windows System Information.exe
2005-07-08 18:54 315624 --a------ C:\Program Files\dxwebsetup.exe
2005-03-23 21:17 899414 --a------ C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2005-03-23 11:34 31607334 --a------ C:\Program Files\Nero-6.6.0.8a.exe
2005-03-23 11:27 133764 --a------ C:\Program Files\15.03.Nero.v6.6.0.8a.zip
2005-03-08 14:54 2152448 --a------ C:\Program Files\loader8400x.iso
2005-02-23 20:33 2593456 --a------ C:\Program Files\DVD-Author.exe
2005-02-17 22:49 1628816 --a------ C:\Program Files\xscsetup.exe
2005-02-11 23:47 6670952 --a------ C:\Program Files\zlsSetup_55_062_011.exe
2005-02-10 03:30 5065321 --a--c--- C:\Program Files\Ashampoo Burning Studio v5.0.2.rar
2005-02-05 17:38 2062665 --a------ C:\Program Files\spywareguardsetup.exe
2005-02-05 14:26 1425786 --a------ C:\Program Files\(APP) Cool Mp3 Splitter 1.2 + crack (splits full albums int.zip
2006-01-26 05:49:40 104 --sh--r C:\WINDOWS\system32\B724F8875B.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:23, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\W40Ld5e6.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Pictures - {C7486E80-B111-4768-995E-23CF307346FC} - C:\Program Files\UnH Solutions\Flash and Pics Control\FPCButton.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3AC8F5-5AD6-45CE-B1C0-2B755F730150}: NameServer = 192.168.0.1,87.86.189.16
O20 - AppInit_DLLs: c:\windows\system32\awvwwxy.dll
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 4724 bytes

08-07-2007, 11:00 AM	#3 (permalink)
jooools Registered User Join Date: Feb 2005 Posts: 69 OS: Vista Home Premium	Re: Browser Hijacked Thanks - here's the logs ComboFix 07-08-07.6 - "Julian" 2007-08-07 17:49:21.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.150 [GMT 1:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\dmadON2.dll ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 ))))))))))))))))))))))))))))))) 2007-08-07 16:58 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-04 12:35 24,128 --a------ C:\WINDOWS\system32\W40Ld5e6.exe 2007-07-18 20:31 <DIR> d-------- C:\Program Files\Vstplugins 2007-07-18 20:13 <DIR> d--hs---- C:\found.000 2007-07-18 20:06 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-07-18 18:08 <DIR> d-------- C:\Program Files\Garden Planner 2007-07-17 21:14 <DIR> d-------- C:\Program Files\Xvid (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 17:52 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000002-80401102}.dat 2007-08-07 17:52 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000C-00001102-00000002-80401102}.dat 2007-08-07 16:59 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\uTorrent 2007-08-06 17:19 --------- d-------- C:\Program Files\Trend Micro 2007-07-31 20:40 --------- d-------- C:\Program Files\eMule 2007-07-22 13:22 --------- d-------- C:\Program Files\IrfanView 2007-07-22 09:32 1852 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-07-18 20:34 --------- d-------- C:\Program Files\Sony 2007-07-18 18:18 248 --a------ C:\Program Files\Garden Plannerini.xml 2007-07-04 17:50 --------- d-------- C:\Program Files\iZotope 2007-07-04 17:50 --------- d-------- C:\Program Files\Common Files\iZotope 2007-07-04 17:50 --------- d-------- C:\Program Files\Common Files\Digidesign 2007-07-04 16:57 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\Publish Providers 2007-07-04 16:54 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\Sony 2007-07-04 16:48 --------- d-------- C:\Program Files\Sony Setup 2007-06-30 21:59 5 --a------ C:\WINDOWS\system32\system1.dat 2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-26 20:42 --------- d-------- C:\Program Files\easetech 2007-04-24 20:12 36248 --a------ C:\DOCUME~1\Julian\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-02-22 22:26 177152 --a------ C:\Program Files\utorrent.exe 2006-10-08 19:02 892928 --a------ C:\Program Files\GSpot.exe 2006-10-02 23:59 137 --a------ C:\Program Files\exportformat.txt 2006-10-01 22:47 95008 -ra------ C:\Program Files\GSpot26.dat 2006-09-29 08:29 3615 -ra------ C:\Program Files\license.txt 2006-09-28 17:22 91265 --a------ C:\Program Files\OCT2006_xinput_x64.cab 2006-09-28 17:22 49149 --a------ C:\Program Files\OCT2006_xinput_x86.cab 2006-09-28 17:21 41996 --a------ C:\Program Files\dxdllreg_x86.cab 2006-09-28 17:21 183321 --a------ C:\Program Files\OCT2006_XACT_x64.cab 2006-09-28 17:21 1413862 --a------ C:\Program Files\OCT2006_d3dx9_31_x64.cab 2006-09-28 17:21 138977 --a------ C:\Program Files\OCT2006_XACT_x86.cab 2006-09-28 17:21 1128177 --a------ C:\Program Files\OCT2006_d3dx9_31_x86.cab 2006-09-28 16:55 976020 --------- C:\Program Files\BDAXP.cab 2006-09-28 16:55 917318 --------- C:\Program Files\Apr2006_MDX1_x86.cab 2006-09-28 16:55 88102 --------- C:\Program Files\AUG2006_xinput_x64.cab 2006-09-28 16:55 87989 --------- C:\Program Files\Apr2006_xinput_x64.cab 2006-09-28 16:55 86925 --------- C:\Program Files\Oct2005_xinput_x64.cab 2006-09-28 16:55 82374 --a------ C:\Program Files\dxupdate.cab 2006-09-28 16:55 74520 --a------ C:\Program Files\DSETUP.dll 2006-09-28 16:55 703080 --------- C:\Program Files\BDA.cab 2006-09-28 16:55 484632 --a------ C:\Program Files\DXSETUP.exe 2006-09-28 16:55 47018 --------- C:\Program Files\AUG2006_xinput_x86.cab 2006-09-28 16:55 46898 --------- C:\Program Files\Apr2006_xinput_x86.cab 2006-09-28 16:55 46247 --------- C:\Program Files\Oct2005_xinput_x86.cab 2006-09-28 16:55 4163518 --------- C:\Program Files\Apr2006_MDX1_x86_Archive.cab 2006-09-28 16:55 2248984 --a------ C:\Program Files\dsetup32.dll 2006-09-28 16:55 183863 --------- C:\Program Files\AUG2006_XACT_x64.cab 2006-09-28 16:55 181745 --------- C:\Program Files\JUN2006_XACT_x64.cab 2006-09-28 16:55 180021 --------- C:\Program Files\Apr2006_xact_x64.cab 2006-09-28 16:55 179247 --------- C:\Program Files\Feb2006_xact_x64.cab 2006-09-28 16:55 15493481 --------- C:\Program Files\DirectX.cab 2006-09-28 16:55 1398718 --------- C:\Program Files\Apr2006_d3dx9_30_x64.cab 2006-09-28 16:55 138195 --------- C:\Program Files\AUG2006_XACT_x86.cab 2006-09-28 16:55 1363684 --------- C:\Program Files\Feb2006_d3dx9_29_x64.cab 2006-09-28 16:55 1358864 --------- C:\Program Files\Dec2005_d3dx9_28_x64.cab 2006-09-28 16:55 1351430 --------- C:\Program Files\Aug2005_d3dx9_27_x64.cab 2006-09-28 16:55 1348242 --------- C:\Program Files\Apr2005_d3dx9_25_x64.cab 2006-09-28 16:55 134631 --------- C:\Program Files\JUN2006_XACT_x86.cab 2006-09-28 16:55 133991 --------- C:\Program Files\Apr2006_xact_x86.cab 2006-09-28 16:55 1336890 --------- C:\Program Files\Jun2005_d3dx9_26_x64.cab 2006-09-28 16:55 133297 --------- C:\Program Files\Feb2006_xact_x86.cab 2006-09-28 16:55 13265040 --------- C:\Program Files\dxnt.cab 2006-09-28 16:55 1248387 --------- C:\Program Files\Feb2005_d3dx9_24_x64.cab 2006-09-28 16:55 1156363 --------- C:\Program Files\BDANT.cab 2006-09-28 16:55 1116109 --------- C:\Program Files\Apr2006_d3dx9_30_x86.cab 2006-09-28 16:55 1085608 --------- C:\Program Files\Feb2006_d3dx9_29_x86.cab 2006-09-28 16:55 1080344 --------- C:\Program Files\Dec2005_d3dx9_28_x86.cab 2006-09-28 16:55 1079850 --------- C:\Program Files\Apr2005_d3dx9_25_x86.cab 2006-09-28 16:55 1078532 --------- C:\Program Files\Aug2005_d3dx9_27_x86.cab 2006-09-28 16:55 1065813 --------- C:\Program Files\Jun2005_d3dx9_26_x86.cab 2006-09-28 16:55 1014113 --------- C:\Program Files\Feb2005_d3dx9_24_x86.cab 2006-08-12 15:51 757760 --a------ C:\Program Files\VirtualDub.exe 2006-08-12 15:51 120235 --a------ C:\Program Files\VirtualDub.vdi 2006-08-12 15:50 7738 --a------ C:\Program Files\vdub.exe 2006-08-12 15:50 16384 --a------ C:\Program Files\auxsetup.exe 2006-08-12 15:49 7168 --a------ C:\Program Files\vdremote.dll 2006-08-12 15:49 7168 --a------ C:\Program Files\vdicmdrv.dll 2006-08-12 15:49 5120 --a------ C:\Program Files\vdsvrlnk.dll 2006-08-12 15:49 210421 --a------ C:\Program Files\VirtualDub.chm 2006-04-14 12:21 5632 --ahs---- C:\Program Files\Thumbs.db 2005-12-19 23:52 18321 --a------ C:\Program Files\copying 2005-12-05 19:28 916806 --------- C:\Program Files\Dec2005_MDX1_x86.cab 2005-12-05 19:28 3673932 --------- C:\Program Files\Dec2005_MDX1_x86_Archive.cab 2005-10-12 16:30 55296 --a------ C:\Program Files\sis-usbdetect.exe 2005-10-11 17:33 559776 --a------ C:\Program Files\GoogleToolbarInstaller.exe 2005-10-07 08:25 2855080 --a------ C:\Program Files\aawsepersonal.exe 2005-09-15 21:23 9346664 --a------ C:\Program Files\zlsSetup_60_667_000.exe 2005-07-23 10:36 2995547 --a------ C:\Program Files\everesthome200.exe 2005-07-22 18:07 1440768 --a------ C:\Program Files\Windows System Information.exe 2005-07-08 18:54 315624 --a------ C:\Program Files\dxwebsetup.exe 2005-03-23 21:17 899414 --a------ C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe 2005-03-23 11:34 31607334 --a------ C:\Program Files\Nero-6.6.0.8a.exe 2005-03-23 11:27 133764 --a------ C:\Program Files\15.03.Nero.v6.6.0.8a.zip 2005-03-08 14:54 2152448 --a------ C:\Program Files\loader8400x.iso 2005-02-23 20:33 2593456 --a------ C:\Program Files\DVD-Author.exe 2005-02-17 22:49 1628816 --a------ C:\Program Files\xscsetup.exe 2005-02-11 23:47 6670952 --a------ C:\Program Files\zlsSetup_55_062_011.exe 2005-02-10 03:30 5065321 --a--c--- C:\Program Files\Ashampoo Burning Studio v5.0.2.rar 2005-02-05 17:38 2062665 --a------ C:\Program Files\spywareguardsetup.exe 2005-02-05 14:26 1425786 --a------ C:\Program Files\(APP) Cool Mp3 Splitter 1.2 + crack (splits full albums int.zip 2006-01-26 05:49:40 104 --sh--r C:\WINDOWS\system32\B724F8875B.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:00:23, on 07/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\IE New Window Maximizer\iemaximizer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\W40Ld5e6.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Pictures - {C7486E80-B111-4768-995E-23CF307346FC} - C:\Program Files\UnH Solutions\Flash and Pics Control\FPCButton.dll (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3AC8F5-5AD6-45CE-B1C0-2B755F730150}: NameServer = 192.168.0.1,87.86.189.16 O20 - AppInit_DLLs: c:\windows\system32\awvwwxy.dll O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 4724 bytes