Tech Support Forum - View Single Post

TheHua · 05-16-2008, 01:22 AM

Thanks Alba, certainly no need for any apologies, you're the ones providing the service to us and I am very much appreciative of it.

Please find the information as requested.

ComboFix 08-05-12.1 - HP_Owner 2008-05-16 17:01:07.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1031 [GMT 10:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gkoxtiss.ini
C:\WINDOWS\system32\gkoxtiss.tmp
C:\WINDOWS\system32\gkoxtiss.tmp2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oXaKRqss.ini
C:\WINDOWS\system32\oXaKRqss.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 16:45 . 2008-05-16 16:45 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-15 20:46 . 2008-05-15 20:46 <DIR> d-------- C:\Deckard
2008-05-12 17:58 . 2008-05-12 17:58 116,736 --a------ C:\WINDOWS\system32\ssitxokg.dll
2008-05-12 17:55 . 2008-05-12 17:55 2,048 --a------ C:\WINDOWS\system32\chcotewg.exe
2008-05-12 17:46 . 2008-05-12 17:46 126,976 --a------ C:\WINDOWS\system32\vbxpsmmj.dll
2008-05-12 17:42 . 2008-05-12 19:34 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-12 17:42 . 2008-05-12 19:34 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-12 17:41 . 2008-05-12 17:41 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-12 17:41 . 2008-05-16 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-12 17:41 . 2008-05-16 17:05 12,112,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-12 17:41 . 2008-05-16 17:04 166,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-12 17:41 . 2008-05-16 17:05 70,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-12 17:41 . 2008-05-16 17:04 10,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-12 17:40 . 2008-05-12 17:40 57,344 --a------ C:\WINDOWS\system32\geBqNhhe.dll
2008-05-12 17:37 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-12 15:44 . 2008-05-12 15:44 <DIR> d-------- C:\WINDOWS\system32\drivers\AU_Backup
2008-05-12 15:44 . 2007-10-06 16:38 12,358 --a------ C:\WINDOWS\system32\drivers\tmfilter.cat
2008-05-12 15:44 . 2008-01-10 11:44 10,533 --a------ C:\WINDOWS\system32\drivers\tmcomm.cat
2008-05-12 15:44 . 2007-09-17 14:41 3,418 --a------ C:\WINDOWS\system32\drivers\tmpreflt.inf
2008-05-12 15:44 . 2007-09-17 14:41 2,557 --a------ C:\WINDOWS\system32\drivers\tmxpflt.inf
2008-05-12 15:44 . 2007-09-17 14:31 2,518 --a------ C:\WINDOWS\system32\drivers\vsapint.inf
2008-05-12 15:44 . 2007-12-24 17:36 2,487 --a------ C:\WINDOWS\system32\drivers\tmcomm.inf
2008-05-12 15:42 . 2008-05-12 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-12 15:41 . 2008-05-12 16:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 13:08 . 2008-05-12 13:09 <DIR> d-------- C:\Program Files\Panda Security
2008-05-12 09:52 . 2008-05-12 09:52 4,302 --a------ C:\Documents and Settings\HP_Owner\combofix.txt
2008-05-12 07:53 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-12 07:53 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-12 07:53 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-12 07:53 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-12 07:53 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-12 07:53 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-12 07:53 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-12 07:53 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-12 07:53 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-12 07:53 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-12 07:51 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-12 07:50 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-12 07:49 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-05-12 07:48 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-12 07:47 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-12 07:46 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-12 07:45 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-12 07:44 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-05-12 07:43 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-12 07:42 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-05-12 07:41 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-12 07:40 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-05-12 07:39 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-05-12 07:38 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-12 07:37 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-12 07:36 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-05-12 07:35 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-05-12 07:34 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-05-12 07:33 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-12 07:32 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-05-12 07:31 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-12 07:30 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-12 07:29 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-05-12 07:28 . 2004-08-04 00:56 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-05-12 07:27 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-11 23:24 . 2008-05-12 21:47 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-11 18:10 . 2008-05-11 18:10 126,976 --a------ C:\WINDOWS\system32\bjtxaepu.dll
2008-05-11 15:38 . 2008-05-11 15:38 147,456 --a------ C:\Program Files\VundoFix.exe
2008-05-11 08:06 . 2008-05-11 08:09 <DIR> d-------- C:\KAV
2008-05-10 19:01 . 2008-05-10 19:01 57,344 --a------ C:\WINDOWS\system32\khfDwXoO.dll
2008-05-10 18:05 . 2008-05-10 18:05 57,344 --a------ C:\WINDOWS\system32\ljJYSLcd.dll
2008-05-10 17:49 . 2008-05-10 17:49 57,344 --a------ C:\WINDOWS\system32\rqRJAtuR.dll
2008-05-10 17:33 . 2008-05-10 17:33 123,392 --a------ C:\WINDOWS\system32\ubwtkogc.dll
2008-05-10 17:27 . 2008-05-10 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-10 17:27 . 2008-05-10 17:27 57,344 --a------ C:\WINDOWS\system32\rqRHyARl.dll
2008-05-10 11:50 . 2008-05-10 11:52 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Ventrilo
2008-05-10 10:57 . 2008-05-10 10:57 <DIR> d-------- C:\Program Files\Ventrilo
2008-05-10 00:43 . 2008-05-10 00:43 <DIR> d-------- C:\VundoFix Backups
2008-05-09 23:26 . 2008-05-09 23:26 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_67825.LOG
2008-05-09 23:26 . 2008-05-09 23:26 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_47471.LOG
2008-05-09 23:26 . 2008-05-09 23:26 0 --ah----- C:\Documents and Settings\HP_Owner\ntuser.dat_TU_26800.LOG
2008-05-09 19:37 . 2008-05-09 19:37 123,392 --a------ C:\WINDOWS\system32\oeawvplr.dll
2008-05-09 18:33 . 2008-05-09 18:33 <DIR> d-------- C:\Program Files\AVG
2008-05-09 18:33 . 2008-05-12 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-09 08:12 . 2008-05-16 16:57 109,871 --a------ C:\WINDOWS\BMbf4c1c71.xml
2008-05-08 23:23 . 2008-05-16 15:32 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-07 17:23 . 2008-05-09 22:22 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-07 15:12 . 2008-05-07 15:12 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Samsung
2008-05-07 15:08 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-07 15:07 . 2008-05-07 15:07 <DIR> d-------- C:\Program Files\Samsung
2008-05-07 15:07 . 2008-05-07 15:11 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-06 22:57 . 2008-05-06 22:57 <DIR> d-------- C:\WINDOWS\system32\Logs
2008-05-06 17:09 . 2008-05-06 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-05-06 17:06 . 2008-05-06 17:06 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-03 20:35 . 2008-05-03 20:35 <DIR> d-------- C:\Program Files\OLYMPUS
2008-05-03 19:26 . 2008-05-03 19:26 <DIR> d-------- C:\spoolerlogs
2008-05-03 11:41 . 2008-05-03 11:41 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-05-03 11:41 . 2008-05-03 11:41 <DIR> d-------- C:\DVDVideoSoft
2008-04-28 09:04 . 2008-04-28 09:04 331 --a------ C:\WINDOWS\doom3.ini
2008-04-25 00:04 . 2008-05-07 22:53 <DIR> d-------- C:\Program Files\ZAR
2008-04-24 23:28 . 2008-04-26 10:48 1,165,564 --a------ C:\Documents and Settings\HP_Owner\Application Data\NMM-MetaData.db
2008-04-24 23:20 . 2008-04-24 23:20 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-24 23:20 . 2008-04-24 23:20 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-24 23:11 . 2008-04-24 23:11 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-24 23:11 . 2008-05-06 17:05 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-24 23:09 . 2008-04-24 23:09 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-24 23:09 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-24 23:06 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-24 23:06 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-24 23:06 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-24 23:06 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-24 23:06 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-24 23:06 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-24 23:04 . 2008-05-06 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-24 10:00 . 2008-04-24 10:00 <DIR> d-------- C:\Program Files\spyware2
2008-04-24 09:39 . 2008-04-24 09:39 <DIR> d-------- C:\Program Files\spyware
2008-04-24 08:27 . 2008-04-24 08:27 <DIR> d-------- C:\Program Files\DiskInternals
2008-04-24 08:27 . 2008-04-24 08:27 <DIR> d-------- C:\Program Files\Data Doctor Recovery Digital Camera (Demo)
2008-04-24 08:27 . 2008-04-24 08:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2008-04-24 08:27 . 2008-04-24 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-23 22:21 . 2008-05-12 22:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-23 22:21 . 2008-05-13 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 22:05 . 2008-03-19 15:52 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-04-23 21:45 . 2008-05-12 07:16 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-23 19:27 . 2008-04-24 08:27 <DIR> d-------- C:\Program Files\ParetoLogic
2008-04-23 19:27 . 2008-04-24 08:27 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-04-23 19:27 . 2008-04-24 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-04-23 19:13 . 2008-04-23 22:22 224 --a------ C:\WINDOWS\system32\9B13A86D.plf
2008-04-23 16:39 . 2008-04-23 16:39 <DIR> d-------- C:\Program Files\CardRecovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 06:22 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Ahead
2008-05-16 04:42 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\CopyToDvd
2008-05-14 07:41 --------- d-----w C:\Program Files\Dulux WeatherShield WeatherDesk
2008-05-12 08:41 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2008-05-12 07:37 --------- d-----w C:\Program Files\Java
2008-05-12 06:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 05:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 21:55 --------- d-----w C:\Program Files\Google
2008-05-11 21:15 --------- d-----w C:\Program Files\U.R.Celeb
2008-05-10 10:58 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-05-09 10:14 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2008-05-09 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-08 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-07 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\sxmrehaz
2008-05-07 05:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 07:15 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Nokia
2008-05-06 07:06 --------- d-----w C:\Program Files\Nokia
2008-05-06 06:15 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Xfire
2008-05-04 23:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Hoyle Puzzle and Board Games
2008-05-03 10:08 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\TmpRecentIcons
2008-04-26 01:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\PC Suite
2008-04-24 21:58 --------- d-----w C:\Program Files\Moyea
2008-04-24 21:58 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Moyea
2008-04-24 13:02 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\DataLayer
2008-04-23 22:27 --------- d-----w C:\Program Files\Picasa2
2008-04-23 06:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-23 01:31 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\1clickPro
2008-04-19 21:55 --------- d-----w C:\Program Files\LimeWire
2008-04-14 02:44 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-04-11 15:52 --------- d-----w C:\Program Files\iTunes
2008-04-09 23:31 --------- d-----w C:\Program Files\MYORingtones
2008-04-02 19:30 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Vso
2008-03-30 00:18 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-29 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-28 12:30 --------- d-----w C:\Program Files\QuickTime
2008-03-25 19:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-22 20:53 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-22 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-22 20:49 --------- d-----w C:\Program Files\Autodesk
2008-03-21 07:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\1ClickDVDCopy
2008-02-23 03:27 540,186 ----a-w C:\DVD43_4-0-0_Setup.exe
2008-02-09 00:21 22,328 ----a-w C:\Documents and Settings\HP_Owner\Application Data\PnkBstrK.sys
2007-08-17 23:30 87,608 ----a-w C:\Documents and Settings\HP_Owner\Application Data\inst.exe
2007-08-17 23:30 47,360 ----a-w C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys
2006-12-29 23:46 24,192 ----a-w C:\Documents and Settings\HP_Owner\usbsermptxp.sys
2006-12-29 23:46 22,768 ----a-w C:\Documents and Settings\HP_Owner\usbsermpt.sys
2006-12-05 06:02 2,387,683 ----a-w C:\Program Files\dulux_weatherdesk.exe
2005-08-10 08:30 5,632 -csha-w C:\Program Files\Thumbs.db
2005-06-20 23:29 483,435 -c--a-w C:\Program Files\defs.ref
2005-02-04 21:48 184 ----a-w C:\Program Files\Shortcut to CD Drive.lnk
2002-05-02 16:42 56,731 -c--a-w C:\Program Files\Patch_PSViews.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{933C4637-13DA-4AD2-953E-D13A6D8A78F6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 15:40 731136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 22:13 385024]
"BMbf4c1c71"="C:\WINDOWS\system32\vbxpsmmj.dll" [2008-05-12 17:46 126976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-06-08 14:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"iPlusAgent2"="C:\Program Files\iriver\iriver plus 2\iAgent2.exe"
"Acme.PCHButton"=C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"AlcWzrd"=ALCWZRD.EXE
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AlcxMonitor"=ALCXMNTR.EXE
"SoundMan"=SOUNDMAN.EXE
"Alcmtr"=ALCMTR.EXE
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"AGRSMMSG"=AGRSMMSG.exe
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"Acrobat Assistant 8.0"="V:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"BMbf4c1c71"=Rundll32.exe "C:\WINDOWS\system32\bjtxaepu.dll",s
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\NETGEAR\\WG111 Configuration Utility\\WG111CFG.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"V:\\Program Files\\uTorrent\\utorrent.exe"=
"V:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"V:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"V:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"V:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"V:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"V:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"V:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"V:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Documents and Settings\\HP_Owner\\Desktop\\UrbanTerror\\ioUrbanTerror.exe"=
"V:\\Program Files\\urban terror\\UrbanTerror\\ioUrbanTerror.exe"=
"C:\\Documents and Settings\\HP_Owner\\Desktop\\UrbanTerror\\ioUrTded.exe"=
"V:\\Program Files\\Xfire\\xfire.exe"=
"V:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"V:\\KAV\\Kaspersky Anti-Virus 7.0.1.325\\english\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 10:43]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 22:00]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-23 20:34]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-27 18:49]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 gkmixern;gkmixern;C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 16:53]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3b70e8e-21ea-11da-a881-806d6172696f}]
\shell\play\command - "C:\Program Files\InterVideo\Home Theater\IHT.exe" -DVD %L

.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 07:15:23 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-09 13:10:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 08:00:01 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\rundll32.exe@
"2008-05-12 14:33:50 C:\WINDOWS\Tasks\ParetoLogic Update Version2.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 17:05:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vbxpsmmj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
V:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-16 17:16:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 07:16:05
ComboFix2.txt 2008-05-12 03:00:55

Pre-Run: 85,801,140,224 bytes free
Post-Run: 85,777,539,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=XOD5Q4
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

364 --- E O F --- 2008-05-16 03:51:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:21 PM, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
V:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.conduit.com/Results.as...ctid=CT1472949
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {933C4637-13DA-4AD2-953E-D13A6D8A78F6} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - V:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - V:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMbf4c1c71] Rundll32.exe "C:\WINDOWS\system32\vbxpsmmj.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com.au/cabs/QOLCheck.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1210500615406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab55762.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - V:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9137 bytes

Thanks again and please let me know if yourequire any further information.

05-16-2008, 01:22 AM	#3 (permalink)
TheHua Registered User Join Date: May 2008 Posts: 5 OS: xp serv pack 2	Re: Virtumonde/Vundo/Trojan infection Thanks Alba, certainly no need for any apologies, you're the ones providing the service to us and I am very much appreciative of it. Please find the information as requested. ComboFix 08-05-12.1 - HP_Owner 2008-05-16 17:01:07.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1031 [GMT 10:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\gkoxtiss.ini C:\WINDOWS\system32\gkoxtiss.tmp C:\WINDOWS\system32\gkoxtiss.tmp2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\oXaKRqss.ini C:\WINDOWS\system32\oXaKRqss.ini2 . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-16 16:45 . 2008-05-16 16:45 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-05-15 20:46 . 2008-05-15 20:46 <DIR> d-------- C:\Deckard 2008-05-12 17:58 . 2008-05-12 17:58 116,736 --a------ C:\WINDOWS\system32\ssitxokg.dll 2008-05-12 17:55 . 2008-05-12 17:55 2,048 --a------ C:\WINDOWS\system32\chcotewg.exe 2008-05-12 17:46 . 2008-05-12 17:46 126,976 --a------ C:\WINDOWS\system32\vbxpsmmj.dll 2008-05-12 17:42 . 2008-05-12 19:34 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-12 17:42 . 2008-05-12 19:34 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-12 17:41 . 2008-05-12 17:41 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-05-12 17:41 . 2008-05-16 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-12 17:41 . 2008-05-16 17:05 12,112,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-12 17:41 . 2008-05-16 17:04 166,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-12 17:41 . 2008-05-16 17:05 70,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-12 17:41 . 2008-05-16 17:04 10,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-12 17:40 . 2008-05-12 17:40 57,344 --a------ C:\WINDOWS\system32\geBqNhhe.dll 2008-05-12 17:37 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-12 15:44 . 2008-05-12 15:44 <DIR> d-------- C:\WINDOWS\system32\drivers\AU_Backup 2008-05-12 15:44 . 2007-10-06 16:38 12,358 --a------ C:\WINDOWS\system32\drivers\tmfilter.cat 2008-05-12 15:44 . 2008-01-10 11:44 10,533 --a------ C:\WINDOWS\system32\drivers\tmcomm.cat 2008-05-12 15:44 . 2007-09-17 14:41 3,418 --a------ C:\WINDOWS\system32\drivers\tmpreflt.inf 2008-05-12 15:44 . 2007-09-17 14:41 2,557 --a------ C:\WINDOWS\system32\drivers\tmxpflt.inf 2008-05-12 15:44 . 2007-09-17 14:31 2,518 --a------ C:\WINDOWS\system32\drivers\vsapint.inf 2008-05-12 15:44 . 2007-12-24 17:36 2,487 --a------ C:\WINDOWS\system32\drivers\tmcomm.inf 2008-05-12 15:42 . 2008-05-12 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-05-12 15:41 . 2008-05-12 16:50 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 13:08 . 2008-05-12 13:09 <DIR> d-------- C:\Program Files\Panda Security 2008-05-12 09:52 . 2008-05-12 09:52 4,302 --a------ C:\Documents and Settings\HP_Owner\combofix.txt 2008-05-12 07:53 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-05-12 07:53 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe 2008-05-12 07:53 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-05-12 07:53 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-05-12 07:53 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys 2008-05-12 07:53 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-05-12 07:53 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2008-05-12 07:53 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys 2008-05-12 07:53 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll 2008-05-12 07:53 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2008-05-12 07:51 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-05-12 07:50 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-05-12 07:49 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll 2008-05-12 07:48 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll 2008-05-12 07:47 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-05-12 07:46 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys 2008-05-12 07:45 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-05-12 07:44 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-05-12 07:43 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-05-12 07:42 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll 2008-05-12 07:41 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-05-12 07:40 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2008-05-12 07:39 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys 2008-05-12 07:38 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll 2008-05-12 07:37 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys 2008-05-12 07:36 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll 2008-05-12 07:35 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys 2008-05-12 07:34 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys 2008-05-12 07:33 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-05-12 07:32 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys 2008-05-12 07:31 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-05-12 07:30 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys 2008-05-12 07:29 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-05-12 07:28 . 2004-08-04 00:56 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll 2008-05-12 07:27 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll 2008-05-11 23:24 . 2008-05-12 21:47 <DIR> d-------- C:\Program Files\CleanUp! 2008-05-11 18:10 . 2008-05-11 18:10 126,976 --a------ C:\WINDOWS\system32\bjtxaepu.dll 2008-05-11 15:38 . 2008-05-11 15:38 147,456 --a------ C:\Program Files\VundoFix.exe 2008-05-11 08:06 . 2008-05-11 08:09 <DIR> d-------- C:\KAV 2008-05-10 19:01 . 2008-05-10 19:01 57,344 --a------ C:\WINDOWS\system32\khfDwXoO.dll 2008-05-10 18:05 . 2008-05-10 18:05 57,344 --a------ C:\WINDOWS\system32\ljJYSLcd.dll 2008-05-10 17:49 . 2008-05-10 17:49 57,344 --a------ C:\WINDOWS\system32\rqRJAtuR.dll 2008-05-10 17:33 . 2008-05-10 17:33 123,392 --a------ C:\WINDOWS\system32\ubwtkogc.dll 2008-05-10 17:27 . 2008-05-10 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-10 17:27 . 2008-05-10 17:27 57,344 --a------ C:\WINDOWS\system32\rqRHyARl.dll 2008-05-10 11:50 . 2008-05-10 11:52 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Ventrilo 2008-05-10 10:57 . 2008-05-10 10:57 <DIR> d-------- C:\Program Files\Ventrilo 2008-05-10 00:43 . 2008-05-10 00:43 <DIR> d-------- C:\VundoFix Backups 2008-05-09 23:26 . 2008-05-09 23:26 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_67825.LOG 2008-05-09 23:26 . 2008-05-09 23:26 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_47471.LOG 2008-05-09 23:26 . 2008-05-09 23:26 0 --ah----- C:\Documents and Settings\HP_Owner\ntuser.dat_TU_26800.LOG 2008-05-09 19:37 . 2008-05-09 19:37 123,392 --a------ C:\WINDOWS\system32\oeawvplr.dll 2008-05-09 18:33 . 2008-05-09 18:33 <DIR> d-------- C:\Program Files\AVG 2008-05-09 18:33 . 2008-05-12 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-05-09 08:12 . 2008-05-16 16:57 109,871 --a------ C:\WINDOWS\BMbf4c1c71.xml 2008-05-08 23:23 . 2008-05-16 15:32 2,148 --a------ C:\WINDOWS\system32\wpa.dbl 2008-05-07 17:23 . 2008-05-09 22:22 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-05-07 15:12 . 2008-05-07 15:12 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Samsung 2008-05-07 15:08 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-05-07 15:07 . 2008-05-07 15:07 <DIR> d-------- C:\Program Files\Samsung 2008-05-07 15:07 . 2008-05-07 15:11 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-05-06 22:57 . 2008-05-06 22:57 <DIR> d-------- C:\WINDOWS\system32\Logs 2008-05-06 17:09 . 2008-05-06 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-05-06 17:06 . 2008-05-06 17:06 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-05-03 20:35 . 2008-05-03 20:35 <DIR> d-------- C:\Program Files\OLYMPUS 2008-05-03 19:26 . 2008-05-03 19:26 <DIR> d-------- C:\spoolerlogs 2008-05-03 11:41 . 2008-05-03 11:41 <DIR> d-------- C:\Program Files\DVDVideoSoft 2008-05-03 11:41 . 2008-05-03 11:41 <DIR> d-------- C:\DVDVideoSoft 2008-04-28 09:04 . 2008-04-28 09:04 331 --a------ C:\WINDOWS\doom3.ini 2008-04-25 00:04 . 2008-05-07 22:53 <DIR> d-------- C:\Program Files\ZAR 2008-04-24 23:28 . 2008-04-26 10:48 1,165,564 --a------ C:\Documents and Settings\HP_Owner\Application Data\NMM-MetaData.db 2008-04-24 23:20 . 2008-04-24 23:20 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-24 23:20 . 2008-04-24 23:20 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-24 23:11 . 2008-04-24 23:11 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-04-24 23:11 . 2008-05-06 17:05 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-04-24 23:09 . 2008-04-24 23:09 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-04-24 23:09 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-04-24 23:06 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-24 23:06 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-04-24 23:06 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-04-24 23:06 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-24 23:06 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-04-24 23:06 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-24 23:04 . 2008-05-06 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-04-24 10:00 . 2008-04-24 10:00 <DIR> d-------- C:\Program Files\spyware2 2008-04-24 09:39 . 2008-04-24 09:39 <DIR> d-------- C:\Program Files\spyware 2008-04-24 08:27 . 2008-04-24 08:27 <DIR> d-------- C:\Program Files\DiskInternals 2008-04-24 08:27 . 2008-04-24 08:27 <DIR> d-------- C:\Program Files\Data Doctor Recovery Digital Camera (Demo) 2008-04-24 08:27 . 2008-04-24 08:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\PC Tools 2008-04-24 08:27 . 2008-04-24 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-04-23 22:21 . 2008-05-12 22:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-23 22:21 . 2008-05-13 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-23 22:05 . 2008-03-19 15:52 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL 2008-04-23 21:45 . 2008-05-12 07:16 <DIR> d-------- C:\Program Files\XoftSpySE 2008-04-23 19:27 . 2008-04-24 08:27 <DIR> d-------- C:\Program Files\ParetoLogic 2008-04-23 19:27 . 2008-04-24 08:27 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic 2008-04-23 19:27 . 2008-04-24 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic 2008-04-23 19:13 . 2008-04-23 22:22 224 --a------ C:\WINDOWS\system32\9B13A86D.plf 2008-04-23 16:39 . 2008-04-23 16:39 <DIR> d-------- C:\Program Files\CardRecovery . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 06:22 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Ahead 2008-05-16 04:42 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\CopyToDvd 2008-05-14 07:41 --------- d-----w C:\Program Files\Dulux WeatherShield WeatherDesk 2008-05-12 08:41 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\uTorrent 2008-05-12 07:37 --------- d-----w C:\Program Files\Java 2008-05-12 06:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-12 05:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-11 21:55 --------- d-----w C:\Program Files\Google 2008-05-11 21:15 --------- d-----w C:\Program Files\U.R.Celeb 2008-05-10 10:58 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-05-09 10:14 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT 2008-05-09 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-05-08 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-05-07 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\sxmrehaz 2008-05-07 05:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-06 07:15 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Nokia 2008-05-06 07:06 --------- d-----w C:\Program Files\Nokia 2008-05-06 06:15 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Xfire 2008-05-04 23:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Hoyle Puzzle and Board Games 2008-05-03 10:08 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\TmpRecentIcons 2008-04-26 01:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\PC Suite 2008-04-24 21:58 --------- d-----w C:\Program Files\Moyea 2008-04-24 21:58 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Moyea 2008-04-24 13:02 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\DataLayer 2008-04-23 22:27 --------- d-----w C:\Program Files\Picasa2 2008-04-23 06:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-04-23 01:31 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\1clickPro 2008-04-19 21:55 --------- d-----w C:\Program Files\LimeWire 2008-04-14 02:44 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire 2008-04-11 15:52 --------- d-----w C:\Program Files\iTunes 2008-04-09 23:31 --------- d-----w C:\Program Files\MYORingtones 2008-04-02 19:30 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Vso 2008-03-30 00:18 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-03-29 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-03-28 12:30 --------- d-----w C:\Program Files\QuickTime 2008-03-25 19:53 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-03-22 20:53 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-03-22 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-03-22 20:49 --------- d-----w C:\Program Files\Autodesk 2008-03-21 07:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\1ClickDVDCopy 2008-02-23 03:27 540,186 ----a-w C:\DVD43_4-0-0_Setup.exe 2008-02-09 00:21 22,328 ----a-w C:\Documents and Settings\HP_Owner\Application Data\PnkBstrK.sys 2007-08-17 23:30 87,608 ----a-w C:\Documents and Settings\HP_Owner\Application Data\inst.exe 2007-08-17 23:30 47,360 ----a-w C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys 2006-12-29 23:46 24,192 ----a-w C:\Documents and Settings\HP_Owner\usbsermptxp.sys 2006-12-29 23:46 22,768 ----a-w C:\Documents and Settings\HP_Owner\usbsermpt.sys 2006-12-05 06:02 2,387,683 ----a-w C:\Program Files\dulux_weatherdesk.exe 2005-08-10 08:30 5,632 -csha-w C:\Program Files\Thumbs.db 2005-06-20 23:29 483,435 -c--a-w C:\Program Files\defs.ref 2005-02-04 21:48 184 ----a-w C:\Program Files\Shortcut to CD Drive.lnk 2002-05-02 16:42 56,731 -c--a-w C:\Program Files\Patch_PSViews.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{933C4637-13DA-4AD2-953E-D13A6D8A78F6}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 15:40 731136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 22:13 385024] "BMbf4c1c71"="C:\WINDOWS\system32\vbxpsmmj.dll" [2008-05-12 17:46 126976] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-06-08 14:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "iPlusAgent2"="C:\Program Files\iriver\iriver plus 2\iAgent2.exe" "Acme.PCHButton"=C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "AlcWzrd"=ALCWZRD.EXE "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" "HPHmon06"=C:\WINDOWS\system32\hphmon06.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "AlcxMonitor"=ALCXMNTR.EXE "SoundMan"=SOUNDMAN.EXE "Alcmtr"=ALCMTR.EXE "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE "AGRSMMSG"=AGRSMMSG.exe "WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE "Acrobat Assistant 8.0"="V:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe" "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM "BMbf4c1c71"=Rundll32.exe "C:\WINDOWS\system32\bjtxaepu.dll",s "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\NETGEAR\\WG111 Configuration Utility\\WG111CFG.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "V:\\Program Files\\uTorrent\\utorrent.exe"= "V:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"= "V:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"= "V:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "V:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "V:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"= "V:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "V:\\Program Files\\Autodesk\\backburner\\manager.exe"= "V:\\Program Files\\Autodesk\\backburner\\server.exe"= "C:\\Documents and Settings\\HP_Owner\\Desktop\\UrbanTerror\\ioUrbanTerror.exe"= "V:\\Program Files\\urban terror\\UrbanTerror\\ioUrbanTerror.exe"= "C:\\Documents and Settings\\HP_Owner\\Desktop\\UrbanTerror\\ioUrTded.exe"= "V:\\Program Files\\Xfire\\xfire.exe"= "V:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"= "V:\\KAV\\Kaspersky Anti-Virus 7.0.1.325\\english\\setup.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 10:43] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 22:00] R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-23 20:34] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-27 18:49] S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [] S3 gkmixern;gkmixern;C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 16:53] S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57] S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3b70e8e-21ea-11da-a881-806d6172696f}] \shell\play\command - "C:\Program Files\InterVideo\Home Theater\IHT.exe" -DVD %L . Contents of the 'Scheduled Tasks' folder "2008-05-16 07:15:23 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-05-09 13:10:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-15 08:00:01 C:\WINDOWS\Tasks\ParetoLogic Registration.job" - C:\WINDOWS\system32\rundll32.exe@ "2008-05-12 14:33:50 C:\WINDOWS\Tasks\ParetoLogic Update Version2.job" - C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 17:05:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\vbxpsmmj.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe V:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-05-16 17:16:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-16 07:16:05 ComboFix2.txt 2008-05-12 03:00:55 Pre-Run: 85,801,140,224 bytes free Post-Run: 85,777,539,072 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=XOD5Q4 C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 364 --- E O F --- 2008-05-16 03:51:22 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:20:21 PM, on 16/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe V:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.conduit.com/Results.as...ctid=CT1472949 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {933C4637-13DA-4AD2-953E-D13A6D8A78F6} - (no file) O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - V:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - V:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BMbf4c1c71] Rundll32.exe "C:\WINDOWS\system32\vbxpsmmj.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com.au/cabs/QOLCheck.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1210500615406 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab55762.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - V:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9137 bytes Thanks again and please let me know if yourequire any further information.