Tech Support Forum - View Single Post - onlinegames.gen & heuri-e

**LYT4X** · 10-14-2007, 04:15 AM

Here is the Combofix log followed by hijackthis log:

ComboFix 07-10-14.1 - Administrator 2007-10-14 11:09:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1609 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 11:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 10:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 10:53 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-12 14:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-10-12 09:41 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-12 09:41 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-12 09:41 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-10-12 09:40 <DIR> d-------- C:\Program Files\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:40 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-10-12 09:35 164 --a------ C:\install.dat
2007-10-10 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 14:25 125,440 --a------ C:\WINDOWS\system32\zauowa.dll
2007-10-10 13:54 125,440 --a------ C:\WINDOWS\system32\ghowkw.dll
2007-10-10 13:50 125,440 --a------ C:\WINDOWS\system32\chrghj.dll
2007-10-10 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 11:23 125,440 --a------ C:\WINDOWS\system32\cfdvpa.dll
2007-10-10 11:19 125,440 --a------ C:\WINDOWS\system32\jielaz.dll
2007-10-10 10:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-10 10:10 125,440 --a------ C:\WINDOWS\system32\ykqkqs.dll
2007-10-10 10:05 125,440 --a------ C:\WINDOWS\system32\ehuxlg.dll
2007-10-10 09:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 13:47 124,416 --a------ C:\WINDOWS\system32\rrijtj.dll
2007-10-09 13:43 124,416 --a------ C:\WINDOWS\system32\sxwjyq.dll
2007-10-09 12:42 124,416 --a------ C:\WINDOWS\system32\ochtul.dll
2007-10-09 11:38 124,416 --a------ C:\WINDOWS\system32\qyeksq.dll
2007-10-09 10:37 124,416 --a------ C:\WINDOWS\system32\xbdooe.dll
2007-10-09 10:33 124,416 --a------ C:\WINDOWS\system32\nhcrgk.dll
2007-10-08 15:11 124,416 --a------ C:\WINDOWS\system32\fytxwo.dll
2007-10-08 10:19 34,304 --a------ C:\WINDOWS\system32\SHQ.DLL
2007-10-08 10:19 20 --a------ C:\WINDOWS\system32\mhsha1.dat
2007-10-05 16:13 124,416 --a------ C:\WINDOWS\system32\poaywc.dll
2007-09-17 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-09-15 15:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-15 15:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-15 15:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 13:46 --------- d-----w C:\Program Files\DesignPro
2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-09-19 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 15:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 15:19]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13:26 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-10-04 23:23]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 09:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-08-30 18:45:59]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=winforms.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
C:\Program Files\Aclient\AClntUsr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv]
C:\WINDOWS\AVPSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
C:\WINDOWS\cmdbcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
C:\WINDOWS\DbgHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect]
C:\WINDOWS\nkasnq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3]
C:\WINDOWS\Kvsc3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt]
C:\WINDOWS\msccrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
C:\WINDOWS\MsIMMs32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
C:\WINDOWS\MsPrint32D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv]
C:\WINDOWS\sbhqby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
C:\WINDOWS\upxdnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AClient"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Persistence"=C:\WINDOWS\system32\igfxpers.exe

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R2 CommSBEP;CommSBEP;C:\WINDOWS\system32\drivers\CommSBEP.sys
S2 1E3F603C;1E3F603C;C:\WINDOWS\system32\80FEE47E.EXE -k

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 11:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 11:11:39
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:10, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.belmont-coms.com/acatalog
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.compuserve.co.uk/search
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.belmont-coms.com
O15 - Trusted Zone: http://london.city-link.co.uk
O15 - Trusted Zone: http://www.city-link.co.uk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1180686731453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1180686695046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: winforms.dll
O23 - Service: 1E3F603C - Unknown owner - C:\WINDOWS\system32\80FEE47E.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7152 bytes

10-14-2007, 04:15 AM	#5 (permalink)
LYT4X I helped the forums. Join Date: Oct 2007 Location: Scotland Posts: 33 OS: XP Pro SP2	Re: onlinegames.gen & heuri-e Here is the Combofix log followed by hijackthis log: ComboFix 07-10-14.1 - Administrator 2007-10-14 11:09:39.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1609 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-14 11:08 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-14 10:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-14 10:53 <DIR> d-------- C:\WINDOWS\LastGood 2007-10-12 14:16 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-10-12 09:41 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-10-12 09:41 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-10-12 09:41 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-10-12 09:41 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys 2007-10-12 09:40 <DIR> d-------- C:\Program Files\Webroot 2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot 2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot 2007-10-12 09:40 1,521,464 --a------ C:\WINDOWS\WRSetup.dll 2007-10-12 09:35 164 --a------ C:\install.dat 2007-10-10 19:09 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-10 14:25 125,440 --a------ C:\WINDOWS\system32\zauowa.dll 2007-10-10 13:54 125,440 --a------ C:\WINDOWS\system32\ghowkw.dll 2007-10-10 13:50 125,440 --a------ C:\WINDOWS\system32\chrghj.dll 2007-10-10 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-10 11:23 125,440 --a------ C:\WINDOWS\system32\cfdvpa.dll 2007-10-10 11:19 125,440 --a------ C:\WINDOWS\system32\jielaz.dll 2007-10-10 10:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2007-10-10 10:10 125,440 --a------ C:\WINDOWS\system32\ykqkqs.dll 2007-10-10 10:05 125,440 --a------ C:\WINDOWS\system32\ehuxlg.dll 2007-10-10 09:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-09 13:47 124,416 --a------ C:\WINDOWS\system32\rrijtj.dll 2007-10-09 13:43 124,416 --a------ C:\WINDOWS\system32\sxwjyq.dll 2007-10-09 12:42 124,416 --a------ C:\WINDOWS\system32\ochtul.dll 2007-10-09 11:38 124,416 --a------ C:\WINDOWS\system32\qyeksq.dll 2007-10-09 10:37 124,416 --a------ C:\WINDOWS\system32\xbdooe.dll 2007-10-09 10:33 124,416 --a------ C:\WINDOWS\system32\nhcrgk.dll 2007-10-08 15:11 124,416 --a------ C:\WINDOWS\system32\fytxwo.dll 2007-10-08 10:19 34,304 --a------ C:\WINDOWS\system32\SHQ.DLL 2007-10-08 10:19 20 --a------ C:\WINDOWS\system32\mhsha1.dat 2007-10-05 16:13 124,416 --a------ C:\WINDOWS\system32\poaywc.dll 2007-09-17 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON 2007-09-15 15:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-09-15 15:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-09-15 15:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-03 13:46 --------- d-----w C:\Program Files\DesignPro 2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailWasherPro 2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailWasherPro 2007-09-19 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 15:22] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 15:19] "RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13:26 C:\WINDOWS\RTHDCPL.EXE] "PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-10-04 23:23] "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 09:44] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-08-30 18:45:59] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=winforms.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv] C:\WINDOWS\AVPSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs] C:\WINDOWS\cmdbcs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32] C:\WINDOWS\DbgHlp32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect] C:\WINDOWS\nkasnq.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3] C:\WINDOWS\Kvsc3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds] C:\WINDOWS\mppds.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt] C:\WINDOWS\msccrt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32] C:\WINDOWS\MsIMMs32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D] C:\WINDOWS\MsPrint32D.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv] C:\WINDOWS\sbhqby.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd] C:\WINDOWS\upxdnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AClient"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "High Definition Audio Property Page Shortcut"=HDAShCut.exe "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "Persistence"=C:\WINDOWS\system32\igfxpers.exe R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS R2 CommSBEP;CommSBEP;C:\WINDOWS\system32\drivers\CommSBEP.sys S2 1E3F603C;1E3F603C;C:\WINDOWS\system32\80FEE47E.EXE -k [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 Pml Driver HPZ12 Net Driver HPZ12 . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 11:11:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-14 11:11:39 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:14:10, on 14/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.belmont-coms.com/acatalog R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.compuserve.co.uk/search O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.belmont-coms.com O15 - Trusted Zone: http://london.city-link.co.uk O15 - Trusted Zone: http://www.city-link.co.uk O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1180686731453 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1180686695046 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - AppInit_DLLs: winforms.dll O23 - Service: 1E3F603C - Unknown owner - C:\WINDOWS\system32\80FEE47E.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 7152 bytes