hi alba sorry took my time doing the logs mate ive been busy with my family we have to be moved out of our house due to a minor earthquake in kent so im only getting home once ina while anyway comp seems to be running fine no pop ups yet so all is ok i hope just one question mate that media face prog that you asked me to delete is prog on a disk for doing labels for cd/dvd iive took it off my machine but i do need to work with it do you think it was causing trouble on pc or would it be ok to put back on when requred .once again thanks for your time and patience with me and my pc you guys are the dogs nuts thanks, jason.
logs as follows
KASPERSKY ONLINE SCANNER REPORT
Friday, May 04, 2007 8:48:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/05/2007
Kaspersky Anti-Virus database records: 313303
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
Scan Statistics
Total number of scanned objects 84412
Number of viruses found 8
Number of infected objects 61 / 0
Number of suspicious objects 0
Duration of the scan process 01:42:44
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2da227a583edda8c53554878b2f5b5a5_a770f220-b2b2-44b9-be70-7e52f2657847 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\tmpLog.txt Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Training archive - junk.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Training archive - legitimate.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\MailWasherPro\Trash.rot135 Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\cert8.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\history.dat Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\key3.db Object is locked skipped
C:\Documents and Settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\parent.lock Object is locked skipped
C:\Documents and Settings\jay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\jay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jay\My Documents\Incomplete\T-106814-_uncensored_ yellow haired girl 53.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\jay\ntuser.dat Object is locked skipped
C:\Documents and Settings\jay\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\jay\us.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe/data0012 Infected: Trojan.Win32.Inject.ba skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe Infected: Trojan.Win32.Inject.ba skipped
C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip ZIP: infected - 2 skipped
C:\Program Files\Fellowes\MediaFACE 4.0\MFHookManager.dll Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyxuv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fcccday.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hggdaya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hggecde.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifeebb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkhih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khfdbbx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhihf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjgg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnomkh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnopqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qomkljh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqroopq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqrssrq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtusppo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvstu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvustro.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqom.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuturs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yaywwxy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyxwt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010000.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010001.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010003.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010011.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010012.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010014.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010016.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010017.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010018.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP11\A0010029.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP12\change.log Object is locked skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP6\A0008594.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP9\A0009849.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.il skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi/Data1.cab/MFHookManager.dll Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi/Data1.cab Infected: not-a-virus:AdWare.Win32.WinAD.a skipped
C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi Embedded: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5B8278B2-4803-49C5-A4CA-D1007350BC84}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\us.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
L:\System Volume Information\_restore{C74EF268-A255-4A6B-BA1D-6FE542C8B088}\RP12\change.log Object is locked skipped
Scan process completed.
Deckard's System Scanner v20070426.43
Run by jay on 2007-05-08 at 19:42:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as jay.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:42:21, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\jay\Desktop\dss.exe
C:\DOCUME~1\jay\Desktop\jay.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.arsenal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.orange.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\oybguief.dll (file missing)
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Install5G] F:\Install.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...p=ZCxdm491YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1156852999468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) -
http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvurpno - wvurpno.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- Files created between 2007-04-08 and 2007-05-08 -----------------------------
2007-05-05 23:48:33 0 d-------- C:\WINDOWS\LastGood
2007-05-05 23:48:33 0 d-------- C:\WINDOWS\BDOSCAN8
2007-05-04 18:58:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 21:30:02 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-30 11:51:08 0 d-------- C:\Documents and Settings\jay\Application Data\STOPzilla!
2007-04-30 11:50:33 0 d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51:28 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28:26 0 dr-h----- C:\Documents and Settings\jay\Application Data\SecuROM
2007-04-23 22:20:20 0 d-------- C:\WINDOWS\Prefetch
2007-04-19 23:19:36 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-04-19 23:19:34 0 d-------- C:\Program Files\DVD Shrink
2007-04-19 13:07:36 0 d--hs---- C:\found.000
2007-04-15 12:14:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13:36 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13:08 0 d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12:16 0 d-------- C:\Documents and Settings\jay\Application Data\Lavasoft
2007-04-13 21:12:06 0 d-------- C:\Program Files\Lavasoft
2007-04-11 19:10:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
-- Find3M Report ---------------------------------------------------------------
2007-05-08 17:40:28 0 d-------- C:\Documents and Settings\jay\Application Data\MailWasherPro
2007-05-08 08:00:04 0 d-------- C:\Documents and Settings\jay\Application Data\AVG7
2007-05-05 23:41:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-05 23:41:35 0 d-------- C:\Program Files\Winamp
2007-05-05 23:15:56 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-05 23:15:56 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-20021102}.dat
2007-05-04 17:21:01 0 d-------- C:\Program Files\QuickPar
2007-05-04 17:20:57 0 d-------- C:\Program Files\QuickTime
2007-05-04 17:20:57 0 d-------- C:\Program Files\iTunes
2007-05-04 17:20:57 0 d-------- C:\Program Files\DAEMON Tools
2007-05-04 17:20:22 0 d-------- C:\Program Files\Google
2007-05-04 17:20:21 0 d-------- C:\Program Files\orange3
2007-05-03 12:48:00 0 d-------- C:\Documents and Settings\jay\Application Data\dvdcss
2007-05-03 12:47:00 0 d-------- C:\Documents and Settings\jay\Application Data\CopyToDvd
2007-05-02 12:39:35 0 d-------- C:\Program Files\eMule
2007-05-02 00:50:24 0 d-------- C:\Documents and Settings\jay\Application Data\UseNeXT
2007-04-29 08:54:54 0 d-------- C:\Program Files\Championship Manager 2007
2007-04-29 07:08:51 0 d-------- C:\Documents and Settings\jay\Application Data\Xfire
2007-04-29 07:08:30 0 d---s---- C:\Program Files\Xfire
2007-04-29 05:19:23 0 d-------- C:\Documents and Settings\jay\Application Data\uTorrent
2007-04-27 14:19:34 0 d-------- C:\Program Files\Electronic Arts
2007-04-25 17:30:27 99 --a------ C:\WINDOWS\È
2007-04-23 22:07:17 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 23:41:30 0 d-------- C:\Program Files\BitLord
2007-04-18 13:41:42 0 d-------- C:\Program Files\dvdSanta
2007-04-12 13:11:32 0 d-------- C:\Program Files\MSN Messenger
2007-04-11 10:34:17 0 d-------- C:\Program Files\UseNeXT
2007-04-08 18:14:53 0 d-------- C:\Program Files\THQ
2007-04-05 11:36:45 0 d-------- C:\Documents and Settings\jay\Application Data\Command & Conquer 3 Tiberium Wars Demo
2007-04-02 14:28:05 0 d-------- C:\Program Files\Codemasters
2007-03-27 17:16:30 0 d-------- C:\Program Files\Legends_1280x1024
2007-03-27 17:16:20 2309944 --a------ C:\WINDOWS\Legends_1280x1024.scr
2007-03-24 13:45:58 81920 --a------ C:\WINDOWS\system32\W32N50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-24 13:45:58 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-03-22 21:05:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-03-20 01:52:36 0 d-------- C:\Program Files\Multi_Media
2007-03-19 14:17:01 0 d-------- C:\Program Files\Motorola
2007-03-19 13:42:48 0 d-------- C:\Program Files\mobile PhoneTools
2007-03-19 13:15:41 0 d-------- C:\Program Files\LiveUpdate
2007-03-16 17
10 0 d-------- C:\Documents and Settings\jay\Application Data\ATI
2007-03-07 15:47:12 4096 --a------ C:\WINDOWS\system32\crash
2007-02-20 15:54:08 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ
http://www.arsenal.com/images/wallpa...12007_1280.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
-- End of Deckard's System Scanner: finished at 2007-05-08 at 19:43:01 ---------
"jay" - 07-05-08 19:53:53 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\jay\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))
2007-05-05 23:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-05 23:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-04 18:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-03 21:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-03 21:22 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-03 10:53 <DIR> d-------- C:\Deckard
2007-05-02 12:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-30 11:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\STOPzilla!
2007-04-30 11:50 <DIR> d-------- C:\Program Files\STOPzilla!
2007-04-27 14:51 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-27 14:28 <DIR> dr-h----- C:\DOCUME~1\jay\APPLIC~1\SecuROM
2007-04-26 15:58 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-23 22:20 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-23 21:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-23 21:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-19 23:19 <DIR> d-------- C:\Program Files\DVD Shrink
2007-04-19 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-19 13:07 <DIR> d--hs---- C:\found.000
2007-04-15 12:14 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 12:13 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-13 21:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-13 21:12 <DIR> d-------- C:\DOCUME~1\jay\APPLIC~1\Lavasoft
2007-04-11 19:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-08 18:30 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-08 18:29 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-08 18:29 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-08 18:29 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-08 18:29 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-08 17:40 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\mailwasherpro
2007-05-05 23:41 -------- d--h----- C:\Program Files\installshield installation information
2007-05-05 23:41 -------- d-------- C:\Program Files\winamp
2007-05-05 23:15 384 --a------ C:\WINDOWS\system32\dvcstatebkp-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-05 23:15 384 --a------ C:\WINDOWS\system32\dvcstate-{00000001-00000000-0000000a-00001102-00000004-20021102}.dat
2007-05-04 17:21 -------- d-------- C:\Program Files\quickpar
2007-05-04 17:20 -------- d-------- C:\Program Files\quicktime
2007-05-04 17:20 -------- d-------- C:\Program Files\orange3
2007-05-04 17:20 -------- d-------- C:\Program Files\itunes
2007-05-04 17:20 -------- d-------- C:\Program Files\google
2007-05-04 17:20 -------- d-------- C:\Program Files\daemon tools
2007-05-03 12:48 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\dvdcss
2007-05-03 12:47 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\copytodvd
2007-05-02 12:39 -------- d-------- C:\Program Files\emule
2007-05-02 00:50 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\usenext
2007-04-29 08:54 -------- d-------- C:\Program Files\championship manager 2007
2007-04-29 07:08 -------- d---s---- C:\Program Files\xfire
2007-04-29 07:08 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\xfire
2007-04-29 05:19 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\utorrent
2007-04-27 14:19 -------- d-------- C:\Program Files\electronic arts
2007-04-26 17:39 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-23 22:07 23392 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-18 13:41 -------- d-------- C:\Program Files\dvdsanta
2007-04-12 13:11 -------- d-------- C:\Program Files\msn messenger
2007-04-11 10:34 -------- d-------- C:\Program Files\usenext
2007-04-08 18:44 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-04-08 18:14 -------- d-------- C:\Program Files\thq
2007-04-05 11:36 -------- d-------- C:\DOCUME~1\jay\APPLIC~1\command & conquer 3 tiberium wars demo
2007-04-02 14:28 -------- d-------- C:\Program Files\codemasters
2007-03-27 17:16 2309944 --a------ C:\WINDOWS\legends_1280x1024.scr
2007-03-27 17:16 -------- d-------- C:\Program Files\legends_1280x1024
2007-03-24 13:45 81920 --a------ C:\WINDOWS\system32\w32n50.dll
2007-03-24 13:45 17134 --a------ C:\WINDOWS\system32\pcandis5.sys
2007-03-22 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-03-20 01:52 -------- d-------- C:\Program Files\multi_media
2007-03-19 14:17 -------- d-------- C:\Program Files\motorola
2007-03-19 13:42 -------- d-------- C:\Program Files\mobile phonetools
2007-03-19 13:15 -------- d-------- C:\Program Files\liveupdate
2007-03-15 02:58 315392 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-03-15 02:57 267776 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 02:57 1986560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-03-15 02:55 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 02:50 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 02:50 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-03-15 02:50 122880 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 02:50 114688 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-03-15 02:49 114688 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 02:48 450560 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 02:47 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-03-15 02:40 2820544 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-03-15 02:29 1315712 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 02:19 5402624 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-15 02:16 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-15 02:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-15 02:10 356352 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-03-06 23:04 143676 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-20 15:54 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\oybguief.dll [x]
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} C:\PROGRA~1\orange3\orange3.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{E3215F20-3212-11D6-9F8B-00D0B743919D} C:\WINDOWS\system32\StopzillaBHO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CTxfiHlp"="CTXFIHLP.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Install5G"="F:\\Install.exe"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ
http://www.arsenal.com/images/wallpa...12007_1280.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurpno
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
"path"="C:\\Documents and Settings\\jay\\Start Menu\\Programs\\Startup\\Fujitsu Dial-Up PPP Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Fujitsu Dial-Up PPP Connection.lnkStartup"
"location"="Startup"
"command"=" "
"item"="Fujitsu Dial-Up PPP Connection"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouchUSB\\Dragdiag.exe\" /icon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-05-08 19:57:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-08 19:57:35
C:\ComboFix-quarantined-files.txt ... 07-05-08 19:57
C:\ComboFix2.txt ... 07-05-05 22:29
C:\ComboFix3.txt ... 07-05-05 22:26