Virus - Pros only pls
- Thread starter cohen
- Start date
cohen
New Member
ComboFix 08-08-14.05 - Graeme 2008-08-16 13:51:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1371 [GMT 10:00]
Running from: C:\Documents and Settings\Graeme\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt
C:\Documents and Settings\Alison\Cookies\alison@adtrgt[2].txt
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt
C:\Documents and Settings\Alison\Cookies\alison@myspace[2].txt
C:\Documents and Settings\Alison\Cookies\alison@revsci[2].txt
C:\Documents and Settings\Alison\Cookies\alison@serving-sys[1].txt
C:\Documents and Settings\Alison\Cookies\alison@statcounter[1].txt
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Graeme\Cookies\[email protected][2].txt
C:\Documents and Settings\Graeme\Cookies\[email protected][1].txt
C:\Documents and Settings\Graeme\Cookies\[email protected][2].txt
C:\Documents and Settings\Graeme\Cookies\graeme@safepctool[2].txt
C:\Program Files\AntiMalwareGuard
C:\WINDOWS\BM57335e99.txt
C:\WINDOWS\BM57335e99.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\byXPJDwU.dll
C:\WINDOWS\system32\cbXOeBQG.dll
C:\WINDOWS\system32\cgevldwl.dll
C:\WINDOWS\system32\cpldumjy.dll
C:\WINDOWS\system32\dlybqrqa.dll
C:\WINDOWS\system32\drivers\msliksurserv.sys
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\egwipcsh.dll
C:\WINDOWS\system32\gQXbaGgh.ini
C:\WINDOWS\system32\gQXbaGgh.ini2
C:\WINDOWS\system32\hgGabXQg.dll
C:\WINDOWS\system32\hgGyyaAS.dll
C:\WINDOWS\system32\lopnhgsy.dll
C:\WINDOWS\system32\lwdlvegc.ini
C:\WINDOWS\system32\msliksurcredo.dll
C:\WINDOWS\system32\msliksurdns.dll
C:\WINDOWS\system32\qykhlmxx.ini
C:\WINDOWS\system32\tdyvljay.dll
C:\WINDOWS\system32\uholhr.dll
C:\WINDOWS\system32\UwDJPXyb.ini
C:\WINDOWS\system32\UwDJPXyb.ini2
C:\WINDOWS\system32\xbummx.dll
C:\WINDOWS\system32\xxmlhkyq.dll
----- BITS: Possible infected sites -----
http://195.225.176.25
.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.
2008-08-14 21:38 . 2008-08-14 21:38 <DIR> d-------- C:\Program Files\MyExpressSearch
2008-08-14 21:04 . 2008-08-14 21:20 <DIR> d-------- C:\Program Files\SlySoft
2008-08-12 14:13 . 2008-08-12 14:13 <DIR> d-------- C:\Documents and Settings\Alison\Application Data\Ulead Systems
2008-07-27 13:27 . 2004-12-03 01:26 188,416 --a------ C:\WINDOWS\system32\PDRVINST.DLL
2008-07-27 13:27 . 2005-06-02 01:09 86,016 --a------ C:\WINDOWS\system32\BrWebIns.dll
2008-07-27 13:27 . 2005-06-02 01:08 69,632 --a------ C:\WINDOWS\system32\BRWEBUP.EXE
2008-07-27 13:27 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.BMP
2008-07-27 13:16 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll
2008-07-27 13:16 . 2005-12-13 10:53 38,912 --a------ C:\WINDOWS\system32\BrUsi06a.dll
2008-07-27 13:16 . 2008-07-27 13:27 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-07-27 13:14 . 2008-07-27 13:14 27,019 --a------ C:\WINDOWS\maxlink.ini
2008-07-21 22:11 . 2008-07-21 22:11 24,392 --------- C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-19 20:14 . 2008-07-20 14:30 <DIR> d-------- C:\Ic91
2008-07-19 17:27 . 2008-07-19 17:27 <DIR> d-------- C:\Documents and Settings\Graeme\Application Data\Audacity
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 03:41 --------- d-----w C:\Documents and Settings\Graeme\Application Data\MailWasherPro
2008-08-15 21:07 --------- d-----w C:\Documents and Settings\Alison\Application Data\MailWasherPro
2008-08-12 04:34 --------- d-----w C:\Documents and Settings\Alison\Application Data\DivX
2008-08-06 06:49 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-08-03 10:42 --------- d-----w C:\Program Files\XoftSpySE
2008-07-27 07:23 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-07-27 03:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 03:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-27 03:27 --------- d-----w C:\Program Files\Brother
2008-07-27 03:14 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-07-19 07:35 --------- d-----w C:\Program Files\Icom
2008-07-03 23:09 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 23:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-16 07:07 --------- d-----w C:\Program Files\LJZsoft
2008-06-16 07:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\LJZsoft
2008-01-02 03:51 24,192 ----a-w C:\Documents and Settings\Graeme\usbsermptxp.sys
2008-01-02 03:51 22,768 ----a-w C:\Documents and Settings\Graeme\usbsermpt.sys
2007-12-28 10:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
------- Sigcheck -------
2007-09-11 14:16 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-03_16.24.17.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 10:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-08 10:41:09 764,346 ----a-w C:\WINDOWS\HSV E LS3 Uninstaller\unins000.exe
+ 2007-06-02 05:30:28 495,104 ----a-w C:\WINDOWS\HSV E LS3.exe
+ 2007-06-03 04:20:20 903,168 ----a-w C:\WINDOWS\HSV E LS3.scr
+ 2008-07-27 03:14:29 4,710 ----a-r C:\WINDOWS\Installer\{71C97545-E547-4A8B-B0C8-61FF853270AC}\ARPPRODUCTICON.exe
+ 2008-07-27 03:14:29 45,056 ----a-r C:\WINDOWS\Installer\{71C97545-E547-4A8B-B0C8-61FF853270AC}\PageViewer.exe
+ 2008-07-27 03:14:29 45,056 ----a-r C:\WINDOWS\Installer\{71C97545-E547-4A8B-B0C8-61FF853270AC}\PaperPort.exe
- 2007-09-24 04:15:38 287,934 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_10DFDBF74EE1202F60BF3E.exe
+ 2008-07-27 07:24:53 287,934 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_10DFDBF74EE1202F60BF3E.exe
- 2007-09-24 04:15:38 49,334 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_617B2A40B3B4A040544FBF.exe
+ 2008-07-27 07:24:53 49,334 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_617B2A40B3B4A040544FBF.exe
- 2007-09-24 04:15:38 287,934 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_A8ECBC43843B158A090304.exe
+ 2008-07-27 07:24:53 287,934 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_A8ECBC43843B158A090304.exe
- 2007-09-24 04:15:38 29,926 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_B6292947164A184CE3F10E.exe
+ 2008-07-27 07:24:53 29,926 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_B6292947164A184CE3F10E.exe
- 2007-09-24 04:15:38 49,334 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_BA38846593B66ABE12CF62.exe
+ 2008-07-27 07:24:53 49,334 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_BA38846593B66ABE12CF62.exe
- 2000-08-30 22:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-30 22:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2005-05-09 01:38:12 52,224 ----a-w C:\WINDOWS\system32\brinsstr.dll
+ 2006-02-16 08:49:00 52,736 ----a-w C:\WINDOWS\system32\brinsstr.dll
- 2008-06-02 09:12:16 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-07-03 23:09:09 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2006-03-03 01:30:12 61,440 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrScnDev.dll
+ 2004-10-15 02:50:20 15,295 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrScnUsb.sys
+ 2005-12-13 00:54:06 8,192 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrSti06a.dll
+ 2004-08-16 05:49:14 49,152 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrStiIf.dll
+ 2005-12-16 05:26:18 81,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrTwdLng.dll
+ 2006-03-03 01:31:02 118,784 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrTwds.dll
+ 2006-03-03 01:30:36 1,515,520 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrTwdScn.dll
+ 2006-03-03 01:31:36 122,880 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrTwdsUi.dll
+ 2005-12-13 00:53:32 38,912 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrUsi06a.dll
+ 2006-02-24 07:27:06 1,492,480 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrWia06a.dll
+ 2006-03-08 03:44:24 73,728 -c--a-w C:\WINDOWS\system32\DRVSTORE\brprbh71_6C73E71A512EF3CA8AA4DE9C1320D27D9FAAA9B0\bril06a.dll
+ 2006-04-05 08:20:36 1,687,722 -c--a-w C:\WINDOWS\system32\DRVSTORE\brprbh71_6C73E71A512EF3CA8AA4DE9C1320D27D9FAAA9B0\brio06a.dll
+ 2006-04-05 08:20:36 1,095,879 -c--a-w C:\WINDOWS\system32\DRVSTORE\brprbh71_6C73E71A512EF3CA8AA4DE9C1320D27D9FAAA9B0\briu06a.dll
+ 2005-06-15 17:03:00 101,888 -c--a-w C:\WINDOWS\system32\DRVSTORE\brprbh71_6C73E71A512EF3CA8AA4DE9C1320D27D9FAAA9B0\brqikmon.exe
+ 2006-10-13 07:02:44 109,360 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\1033\VX3000.dll
+ 2006-10-13 07:01:00 183,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\cVX3000.dll
+ 2004-08-03 14:56:44 47,616 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\iyuv_32.dll
+ 2004-08-03 13:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\ks.sys
+ 2004-08-03 14:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\ksuser.dll
+ 2004-08-03 14:56:58 294,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\msh263.drv
+ 2004-08-03 14:56:46 17,408 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\msyuv.dll
+ 2001-08-17 12:36:34 8,192 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\tsbyuv.dll
+ 2004-08-03 14:56:48 53,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\vfwwdm32.dll
+ 2006-10-18 05:53:18 166,704 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\LCCoi121.dll
+ 2006-10-13 07:03:22 502,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\TwainUI.dll
+ 2006-10-13 07:03:10 473,904 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\vVX3000.dll
+ 2006-10-13 07:04:06 707,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\vVX3000.exe
+ 2006-10-13 07:04:30 1,966,384 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\VX3000.sys
+ 2004-08-03 13:08:00 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\drmk.sys
+ 2004-08-03 13:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\ks.sys
+ 2004-08-03 14:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\ksuser.dll
+ 2004-08-03 13:15:50 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\portcls.sys
+ 2004-08-03 13:08:04 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\stream.sys
+ 2004-08-03 13:07:56 59,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\USBAUDIO.sys
+ 2004-08-04 12:00:00 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\wdmaud.drv
+ 2006-03-08 03:44:24 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\bril06a.dll
- 2005-04-28 10:40:08 1,705,467 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brio05a.dll
+ 2005-06-04 04:31:40 1,705,467 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brio05a.dll
+ 2006-04-05 08:20:36 1,687,722 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brio06a.dll
- 2005-04-28 10:40:08 996,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\briu05a.dll
+ 2005-06-04 04:31:40 996,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\briu05a.dll
+ 2006-04-05 08:20:36 1,095,879 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\briu06a.dll
- 2002-06-29 03:01:00 100,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brqikmon.exe
+ 2005-06-15 17:03:00 101,888 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brqikmon.exe
+ 2006-03-08 03:44:24 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\brotherdcp_330c1daa\bril06a.dll
+ 2006-04-05 08:20:36 1,687,722 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\brotherdcp_330c1daa\brio06a.dll
+ 2006-04-05 08:20:36 1,095,879 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\brotherdcp_330c1daa\briu06a.dll
+ 2005-06-15 17:03:00 101,888 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\brotherdcp_330c1daa\brqikmon.exe
+ 2006-03-03 01:30:12 61,440 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrScnDev.dll
+ 2004-08-16 05:49:14 49,152 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrStiIf.dll
+ 2006-03-03 01:31:02 118,784 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrTwds.dll
+ 2006-03-03 01:30:36 1,515,520 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrTwdScn.dll
+ 2006-03-03 01:31:36 122,880 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrTwdsUi.dll
+ 2005-12-16 05:26:18 81,920 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Lang\BrTwdLng.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 17:04 707376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:09 1232152]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-05 05:59 45056]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58 61440]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
C:\Documents and Settings\Graeme\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2007-09-15 15:59:27 5661184]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\Alison\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2007-09-15 15:59:27 5661184]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"vidc.asv2"= asusasv2.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\SuperControl\\FT817con.exe"=
"C:\\Program Files\\Ubisoft\\Surf's Up\\System\\surfsupgame.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Vision\\NeroVision.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:09]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-03-24 09:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:09]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 17:01]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-03-24 09:24]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-03-24 09:25]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-03-24 09:23]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-03-24 09:21]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-03-24 09:22]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S2 KC180;IRXpress USB IrDA Device;C:\WINDOWS\system32\Drivers\kcirusb.sys [2001-10-04 09:23]
S3 KCIRDA;%KCIRDA.ServiceDesc%;C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2001-10-04 09:23]
S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-02-08 09:40]
S3 WFIOCTL;WFIOCTL;-C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d2650fd-e182-11dc-b2bb-001558425557}]
\Shell\AutoRun\command - E:\
.
Contents of the 'Scheduled Tasks' folder
2008-08-15 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
2008-08-15 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-54006d05 - C:\WINDOWS\system32\cgevldwl.dll
HKLM-Run-BM57335e99 - C:\WINDOWS\system32\egwipcsh.dll
HKLM-Run-NvCplDaemon - -RUNDLL32.EXE
HKLM-Run-NvMediaCenter - -RUNDLL32.EXE
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Graeme\Application Data\Mozilla\Firefox\Profiles\74prjrrq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.aanet.com.au
FF -: plugin - C:\Documents and Settings\Graeme\Application Data\Mozilla\plugins\npCtxCAO.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 14:02:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="-\"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]
"ImagePath"="-\"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Microsoft Office Groove Audit Service]
"ImagePath"="-\"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]
"ImagePath"="-\"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv]
"ImagePath"="-\"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="-\"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc]
"ImagePath"="-\"C:\Program Files\MSN Messenger\usnsvc.exe\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE
.
**************************************************************************
.
Completion time: 2008-08-16 14:09:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 04:09:29
ComboFix2.txt 2008-06-03 06:24:32
Pre-Run: 30,709,518,336 bytes free
Post-Run: 30,755,921,920 bytes free
319
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1371 [GMT 10:00]
Running from: C:\Documents and Settings\Graeme\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt
C:\Documents and Settings\Alison\Cookies\alison@adtrgt[2].txt
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt
C:\Documents and Settings\Alison\Cookies\[email protected][2].txt
C:\Documents and Settings\Alison\Cookies\alison@myspace[2].txt
C:\Documents and Settings\Alison\Cookies\alison@revsci[2].txt
C:\Documents and Settings\Alison\Cookies\alison@serving-sys[1].txt
C:\Documents and Settings\Alison\Cookies\alison@statcounter[1].txt
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt
C:\Documents and Settings\Alison\Cookies\[email protected][1].txt
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Graeme\Cookies\[email protected][2].txt
C:\Documents and Settings\Graeme\Cookies\[email protected][1].txt
C:\Documents and Settings\Graeme\Cookies\[email protected][2].txt
C:\Documents and Settings\Graeme\Cookies\graeme@safepctool[2].txt
C:\Program Files\AntiMalwareGuard
C:\WINDOWS\BM57335e99.txt
C:\WINDOWS\BM57335e99.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\byXPJDwU.dll
C:\WINDOWS\system32\cbXOeBQG.dll
C:\WINDOWS\system32\cgevldwl.dll
C:\WINDOWS\system32\cpldumjy.dll
C:\WINDOWS\system32\dlybqrqa.dll
C:\WINDOWS\system32\drivers\msliksurserv.sys
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\egwipcsh.dll
C:\WINDOWS\system32\gQXbaGgh.ini
C:\WINDOWS\system32\gQXbaGgh.ini2
C:\WINDOWS\system32\hgGabXQg.dll
C:\WINDOWS\system32\hgGyyaAS.dll
C:\WINDOWS\system32\lopnhgsy.dll
C:\WINDOWS\system32\lwdlvegc.ini
C:\WINDOWS\system32\msliksurcredo.dll
C:\WINDOWS\system32\msliksurdns.dll
C:\WINDOWS\system32\qykhlmxx.ini
C:\WINDOWS\system32\tdyvljay.dll
C:\WINDOWS\system32\uholhr.dll
C:\WINDOWS\system32\UwDJPXyb.ini
C:\WINDOWS\system32\UwDJPXyb.ini2
C:\WINDOWS\system32\xbummx.dll
C:\WINDOWS\system32\xxmlhkyq.dll
----- BITS: Possible infected sites -----
http://195.225.176.25
.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.
2008-08-14 21:38 . 2008-08-14 21:38 <DIR> d-------- C:\Program Files\MyExpressSearch
2008-08-14 21:04 . 2008-08-14 21:20 <DIR> d-------- C:\Program Files\SlySoft
2008-08-12 14:13 . 2008-08-12 14:13 <DIR> d-------- C:\Documents and Settings\Alison\Application Data\Ulead Systems
2008-07-27 13:27 . 2004-12-03 01:26 188,416 --a------ C:\WINDOWS\system32\PDRVINST.DLL
2008-07-27 13:27 . 2005-06-02 01:09 86,016 --a------ C:\WINDOWS\system32\BrWebIns.dll
2008-07-27 13:27 . 2005-06-02 01:08 69,632 --a------ C:\WINDOWS\system32\BRWEBUP.EXE
2008-07-27 13:27 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.BMP
2008-07-27 13:16 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll
2008-07-27 13:16 . 2005-12-13 10:53 38,912 --a------ C:\WINDOWS\system32\BrUsi06a.dll
2008-07-27 13:16 . 2008-07-27 13:27 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-07-27 13:14 . 2008-07-27 13:14 27,019 --a------ C:\WINDOWS\maxlink.ini
2008-07-21 22:11 . 2008-07-21 22:11 24,392 --------- C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-19 20:14 . 2008-07-20 14:30 <DIR> d-------- C:\Ic91
2008-07-19 17:27 . 2008-07-19 17:27 <DIR> d-------- C:\Documents and Settings\Graeme\Application Data\Audacity
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 03:41 --------- d-----w C:\Documents and Settings\Graeme\Application Data\MailWasherPro
2008-08-15 21:07 --------- d-----w C:\Documents and Settings\Alison\Application Data\MailWasherPro
2008-08-12 04:34 --------- d-----w C:\Documents and Settings\Alison\Application Data\DivX
2008-08-06 06:49 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-08-03 10:42 --------- d-----w C:\Program Files\XoftSpySE
2008-07-27 07:23 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-07-27 03:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 03:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-27 03:27 --------- d-----w C:\Program Files\Brother
2008-07-27 03:14 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-07-19 07:35 --------- d-----w C:\Program Files\Icom
2008-07-03 23:09 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 23:09 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-16 07:07 --------- d-----w C:\Program Files\LJZsoft
2008-06-16 07:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\LJZsoft
2008-01-02 03:51 24,192 ----a-w C:\Documents and Settings\Graeme\usbsermptxp.sys
2008-01-02 03:51 22,768 ----a-w C:\Documents and Settings\Graeme\usbsermpt.sys
2007-12-28 10:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
------- Sigcheck -------
2007-09-11 14:16 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-03_16.24.17.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 10:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-08 10:41:09 764,346 ----a-w C:\WINDOWS\HSV E LS3 Uninstaller\unins000.exe
+ 2007-06-02 05:30:28 495,104 ----a-w C:\WINDOWS\HSV E LS3.exe
+ 2007-06-03 04:20:20 903,168 ----a-w C:\WINDOWS\HSV E LS3.scr
+ 2008-07-27 03:14:29 4,710 ----a-r C:\WINDOWS\Installer\{71C97545-E547-4A8B-B0C8-61FF853270AC}\ARPPRODUCTICON.exe
+ 2008-07-27 03:14:29 45,056 ----a-r C:\WINDOWS\Installer\{71C97545-E547-4A8B-B0C8-61FF853270AC}\PageViewer.exe
+ 2008-07-27 03:14:29 45,056 ----a-r C:\WINDOWS\Installer\{71C97545-E547-4A8B-B0C8-61FF853270AC}\PaperPort.exe
- 2007-09-24 04:15:38 287,934 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_10DFDBF74EE1202F60BF3E.exe
+ 2008-07-27 07:24:53 287,934 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_10DFDBF74EE1202F60BF3E.exe
- 2007-09-24 04:15:38 49,334 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_617B2A40B3B4A040544FBF.exe
+ 2008-07-27 07:24:53 49,334 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_617B2A40B3B4A040544FBF.exe
- 2007-09-24 04:15:38 287,934 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_A8ECBC43843B158A090304.exe
+ 2008-07-27 07:24:53 287,934 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_A8ECBC43843B158A090304.exe
- 2007-09-24 04:15:38 29,926 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_B6292947164A184CE3F10E.exe
+ 2008-07-27 07:24:53 29,926 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_B6292947164A184CE3F10E.exe
- 2007-09-24 04:15:38 49,334 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_BA38846593B66ABE12CF62.exe
+ 2008-07-27 07:24:53 49,334 ----a-r C:\WINDOWS\Installer\{8CFC7570-DD90-486E-A239-E31D455BDE93}\_BA38846593B66ABE12CF62.exe
- 2000-08-30 22:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-30 22:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2005-05-09 01:38:12 52,224 ----a-w C:\WINDOWS\system32\brinsstr.dll
+ 2006-02-16 08:49:00 52,736 ----a-w C:\WINDOWS\system32\brinsstr.dll
- 2008-06-02 09:12:16 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-07-03 23:09:09 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2006-03-03 01:30:12 61,440 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrScnDev.dll
+ 2004-10-15 02:50:20 15,295 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrScnUsb.sys
+ 2005-12-13 00:54:06 8,192 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrSti06a.dll
+ 2004-08-16 05:49:14 49,152 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrStiIf.dll
+ 2005-12-16 05:26:18 81,920 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrTwdLng.dll
+ 2006-03-03 01:31:02 118,784 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrTwds.dll
+ 2006-03-03 01:30:36 1,515,520 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrTwdScn.dll
+ 2006-03-03 01:31:36 122,880 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrTwdsUi.dll
+ 2005-12-13 00:53:32 38,912 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrUsi06a.dll
+ 2006-02-24 07:27:06 1,492,480 -c--a-w C:\WINDOWS\system32\DRVSTORE\brimbh71_FEA8E9DE8121EC6F03A04D5EF23B90C2F9176DC9\BrWia06a.dll
+ 2006-03-08 03:44:24 73,728 -c--a-w C:\WINDOWS\system32\DRVSTORE\brprbh71_6C73E71A512EF3CA8AA4DE9C1320D27D9FAAA9B0\bril06a.dll
+ 2006-04-05 08:20:36 1,687,722 -c--a-w C:\WINDOWS\system32\DRVSTORE\brprbh71_6C73E71A512EF3CA8AA4DE9C1320D27D9FAAA9B0\brio06a.dll
+ 2006-04-05 08:20:36 1,095,879 -c--a-w C:\WINDOWS\system32\DRVSTORE\brprbh71_6C73E71A512EF3CA8AA4DE9C1320D27D9FAAA9B0\briu06a.dll
+ 2005-06-15 17:03:00 101,888 -c--a-w C:\WINDOWS\system32\DRVSTORE\brprbh71_6C73E71A512EF3CA8AA4DE9C1320D27D9FAAA9B0\brqikmon.exe
+ 2006-10-13 07:02:44 109,360 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\1033\VX3000.dll
+ 2006-10-13 07:01:00 183,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\cVX3000.dll
+ 2004-08-03 14:56:44 47,616 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\iyuv_32.dll
+ 2004-08-03 13:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\ks.sys
+ 2004-08-03 14:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\ksuser.dll
+ 2004-08-03 14:56:58 294,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\msh263.drv
+ 2004-08-03 14:56:46 17,408 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\msyuv.dll
+ 2001-08-17 12:36:34 8,192 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\tsbyuv.dll
+ 2004-08-03 14:56:48 53,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\vfwwdm32.dll
+ 2006-10-18 05:53:18 166,704 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\LCCoi121.dll
+ 2006-10-13 07:03:22 502,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\TwainUI.dll
+ 2006-10-13 07:03:10 473,904 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\vVX3000.dll
+ 2006-10-13 07:04:06 707,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\vVX3000.exe
+ 2006-10-13 07:04:30 1,966,384 ----a-w C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\VX3000.sys
+ 2004-08-03 13:08:00 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\drmk.sys
+ 2004-08-03 13:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\ks.sys
+ 2004-08-03 14:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\ksuser.dll
+ 2004-08-03 13:15:50 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\portcls.sys
+ 2004-08-03 13:08:04 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\stream.sys
+ 2004-08-03 13:07:56 59,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\USBAUDIO.sys
+ 2004-08-04 12:00:00 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\wdmaud.drv
+ 2006-03-08 03:44:24 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\bril06a.dll
- 2005-04-28 10:40:08 1,705,467 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brio05a.dll
+ 2005-06-04 04:31:40 1,705,467 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brio05a.dll
+ 2006-04-05 08:20:36 1,687,722 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brio06a.dll
- 2005-04-28 10:40:08 996,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\briu05a.dll
+ 2005-06-04 04:31:40 996,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\briu05a.dll
+ 2006-04-05 08:20:36 1,095,879 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\briu06a.dll
- 2002-06-29 03:01:00 100,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brqikmon.exe
+ 2005-06-15 17:03:00 101,888 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\brqikmon.exe
+ 2006-03-08 03:44:24 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\brotherdcp_330c1daa\bril06a.dll
+ 2006-04-05 08:20:36 1,687,722 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\brotherdcp_330c1daa\brio06a.dll
+ 2006-04-05 08:20:36 1,095,879 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\brotherdcp_330c1daa\briu06a.dll
+ 2005-06-15 17:03:00 101,888 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\brotherdcp_330c1daa\brqikmon.exe
+ 2006-03-03 01:30:12 61,440 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrScnDev.dll
+ 2004-08-16 05:49:14 49,152 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrStiIf.dll
+ 2006-03-03 01:31:02 118,784 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrTwds.dll
+ 2006-03-03 01:30:36 1,515,520 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrTwdScn.dll
+ 2006-03-03 01:31:36 122,880 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Common\BrTwdsUi.dll
+ 2005-12-16 05:26:18 81,920 ----a-w C:\WINDOWS\twain_32\BrMfSc0a\Lang\BrTwdLng.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 17:04 707376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:09 1232152]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-05 05:59 45056]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58 61440]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
C:\Documents and Settings\Graeme\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2007-09-15 15:59:27 5661184]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\Alison\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2007-09-15 15:59:27 5661184]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"vidc.asv2"= asusasv2.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\SuperControl\\FT817con.exe"=
"C:\\Program Files\\Ubisoft\\Surf's Up\\System\\surfsupgame.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Vision\\NeroVision.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:09]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-03-24 09:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:09]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 17:01]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-03-24 09:24]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-03-24 09:25]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-03-24 09:23]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-03-24 09:21]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-03-24 09:22]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S2 KC180;IRXpress USB IrDA Device;C:\WINDOWS\system32\Drivers\kcirusb.sys [2001-10-04 09:23]
S3 KCIRDA;%KCIRDA.ServiceDesc%;C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2001-10-04 09:23]
S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-02-08 09:40]
S3 WFIOCTL;WFIOCTL;-C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d2650fd-e182-11dc-b2bb-001558425557}]
\Shell\AutoRun\command - E:\
.
Contents of the 'Scheduled Tasks' folder
2008-08-15 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
2008-08-15 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-54006d05 - C:\WINDOWS\system32\cgevldwl.dll
HKLM-Run-BM57335e99 - C:\WINDOWS\system32\egwipcsh.dll
HKLM-Run-NvCplDaemon - -RUNDLL32.EXE
HKLM-Run-NvMediaCenter - -RUNDLL32.EXE
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Graeme\Application Data\Mozilla\Firefox\Profiles\74prjrrq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.aanet.com.au
FF -: plugin - C:\Documents and Settings\Graeme\Application Data\Mozilla\plugins\npCtxCAO.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 14:02:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="-\"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]
"ImagePath"="-\"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Microsoft Office Groove Audit Service]
"ImagePath"="-\"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]
"ImagePath"="-\"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv]
"ImagePath"="-\"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="-\"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc]
"ImagePath"="-\"C:\Program Files\MSN Messenger\usnsvc.exe\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE
.
**************************************************************************
.
Completion time: 2008-08-16 14:09:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 04:09:29
ComboFix2.txt 2008-06-03 06:24:32
Pre-Run: 30,709,518,336 bytes free
Post-Run: 30,755,921,920 bytes free
319
cohen
New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:58, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Graeme\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aanet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aanet.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://58.161.81.113/WinWebPush.cab
O16 - DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} (CCAOControl Object) - https://go.colesgroup.com.au/CitrixLogonPoint/SRA/EPAClient/CitrixCAO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EC0403E0-9158-4CF8-A2B6-3C62C3B9B6B7} (CCAOControl Object) - https://go.colesgroup.com.au/CitrixLogonPoint/SRA/EPAClient/EPAClient.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A259244C-296A-4FE6-95DD-39B00E8A6099}: NameServer = 192.168.1.1,192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.1.1 192.168.1.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (file missing)
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - -"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - -C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
--
End of file - 8170 bytes
Scan saved at 14:14:58, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Graeme\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aanet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aanet.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://58.161.81.113/WinWebPush.cab
O16 - DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} (CCAOControl Object) - https://go.colesgroup.com.au/CitrixLogonPoint/SRA/EPAClient/CitrixCAO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EC0403E0-9158-4CF8-A2B6-3C62C3B9B6B7} (CCAOControl Object) - https://go.colesgroup.com.au/CitrixLogonPoint/SRA/EPAClient/EPAClient.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A259244C-296A-4FE6-95DD-39B00E8A6099}: NameServer = 192.168.1.1,192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.1.1 192.168.1.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (file missing)
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - -"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - -C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
--
End of file - 8170 bytes
cohen
New Member
Well the pop ups have stopped..... and AVG resident wasn't working and then rebooted the PC and it on now.... so everything is back to normal.
Thanks a lot ceewi1