toggle menu
Icrontic
Categories
Discussions
Best of Icrontic
Sign In
·
Register
Sign In
·
Register
Categories
Discussions
Activity
Best of Icrontic
Sign In
·
Register
×
Home
›
Science & Tech
›
Spyware & Virus Removal
Discussion
BIG Problem[duplicate]
Title
Author
Category
(All)
Announcements
Gaming
Team Fortress 2
World of Warcraft
Minecraft
Civilization
Backlog of Shame
Science & Tech
Hardware
Internet & Media
Lifestyle
Movies & TV
Music
Style
Food & Drink
Fitness
Home & Auto
Community
Events
Trading Post
Folding@Home
search subcategories
search archived
Tags
What to search
discussions
comments
polls
Date within
1 day
3 days
1 week
2 weeks
1 month
2 months
6 months
1 year
of
Examples: Monday, today, last week, Mar 26, 3/26/04
Search
BIG Problem[duplicate]
«
1
2
»
Go
Comments
fish04
January 2007
edited January 2007
a LITTLE worried now, here are the logs:
AVG Scan:
AVG Anti-Spyware - Scan Report
+ Created at: 1:25:47 AM 1/7/2007
+ Scan result:
HKLM\SOFTWARE\iGlobalMedia -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\Installer -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\upgrades -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\blackjackdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\boardbabe -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\cashcruise -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\coolbananas -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\firedrake -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\flamingo -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\funkychicken -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\games -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldeneagle -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldengopher -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldenoasis -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\highlimitblackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\hotroller -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kangacash -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kenodll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kookakeno -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\letitride -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\magicmanslot -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\megaeuropeanroulette -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\metropolis -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\multiplayerblackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\multiplayerblackjackdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\nextgenvpdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\piggypayback -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\pokerdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\roulettedll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\safecrackerkeno -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\silvercity -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\slotsdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superfortunewheel -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superjoker -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\supermystic -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superstar -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\sweethawaii -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\tod -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vegasclub -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\videopokerdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerdw -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerjob -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerjp -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckitalia -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckitalia\casino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
C:\Program Files\Starware347\bin\Starware347.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{342E607B-09DD-1033-0919-030512200001}\Bar888.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063448.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063650.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063754.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sfc_os.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\bghtcbd.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065966.exe -> Downloader.Small.edu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063648.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063751.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063773.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0064934.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP326\A0066398.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP327\A0067391.sys -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\eitpgmoi.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msvcrl.dll -> Logger.Goldun.on : Cleaned with backup (quarantined).
C:\bhbn.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP328\A0067488.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\VundoFix Backups\winrkp32.dll.bad -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\omepavy.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\ydkdohw.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063559.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063562.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063752.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063774.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0064935.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP326\A0066399.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\ihnf.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
::Report end
ComboFix log:
Owner - 07-01-07 1:34:04.53 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\{342E607B-09DD-1033-0919-030512200001}
((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))
2007-01-06 23:37 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-06 22:53 857,802 ---hs---- C:\WINDOWS\system32\stvwa.bak2
2007-01-05 22:53 852,023 ---hs---- C:\WINDOWS\system32\stvwa.bak1
2007-01-05 22:53 277,044 ---hs---- C:\WINDOWS\system32\awvts.dll
2007-01-05 22:42 <DIR> d
C:\VundoFix Backups
2007-01-04 19:39 <DIR> d
C:\avenger
2007-01-04 19:33 <DIR> d
C:\Rustbfix
2007-01-04 00:11 79,360 --a
C:\WINDOWS\system32\swxcacls.exe
2007-01-04 00:11 53,248 --a
C:\WINDOWS\system32\Process.exe
2007-01-04 00:11 51,200 --a
C:\WINDOWS\system32\dumphive.exe
2007-01-04 00:11 40,960 --a
C:\WINDOWS\system32\swsc.exe
2007-01-04 00:11 3,952 --a
C:\WINDOWS\system32\tmp.reg
2007-01-04 00:11 288,417 --a
C:\WINDOWS\system32\SrchSTS.exe
2007-01-04 00:11 135,168 --a
C:\WINDOWS\system32\swreg.exe
2007-01-04 00:06 2,416 --a
C:\GetPaths.vbs
2007-01-03 23:57 0 --a
C:\klnl.exe
2007-01-03 07:27 118,804 --a
C:\WINDOWS\system32\orxpcvap.dll
2007-01-02 23:37 <DIR> d
C:\Program Files\Common Files\Java
2007-01-02 22:29 81,684 --a
C:\WINDOWS\system32\fqtxuliu.dll
2007-01-02 21:29 81,684 --a
C:\WINDOWS\system32\ecdqkrfs.dll
2007-01-02 21:15 <DIR> d
C:\Program Files\Hijackthis
2007-01-01 21:26 <DIR> d
C:\WINDOWS\BDOSCAN8
2007-01-01 20:56 <DIR> d
C:\WINDOWS\system32\ActiveScan
2007-01-01 20:44 <DIR> d
C:\Program Files\SpywareBlaster
2007-01-01 20:41 81,684 --a
C:\WINDOWS\system32\lcspqnci.dll
2007-01-01 20:07 22,541 ---hs---- C:\WINDOWS\system32\urqonmn.dll
2006-12-31 14:35 81,684 --a
C:\WINDOWS\system32\jcaswhdp.dll
2006-12-31 12:13 81,684 --a
C:\WINDOWS\system32\viiqwhbx.dll
2006-12-31 01:37 68,888 --a
C:\WINDOWS\system32\xinput1_3.dll
2006-12-31 01:37 62,744 --a
C:\WINDOWS\system32\xinput1_2.dll
2006-12-31 01:37 3,426,072 --a
C:\WINDOWS\system32\d3dx9_32.dll
2006-12-31 01:37 251,672 --a
C:\WINDOWS\system32\xactengine2_5.dll
2006-12-31 01:37 237,848 --a
C:\WINDOWS\system32\xactengine2_4.dll
2006-12-31 01:37 236,824 --a
C:\WINDOWS\system32\xactengine2_3.dll
2006-12-31 01:37 2,414,360 --a
C:\WINDOWS\system32\d3dx9_31.dll
2006-12-31 01:37 2,297,552 --a
C:\WINDOWS\system32\d3dx9_26.dll
2006-12-31 01:37 15,128 --a
C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-31 01:35 <DIR> d--h
C:\WINDOWS\msdownld.tmp
2006-12-30 19:22 <DIR> d
C:\Documents and Settings\Owner\Application Data\MSNInstaller
2006-12-30 18:25 81,684 --a
C:\WINDOWS\system32\btrhyhyg.dll
2006-12-30 18:25 44,060 --a
C:\WINDOWS\system32\iiyhdxbr.dll
2006-12-30 18:19 22,541 ---hs---- C:\WINDOWS\system32\rqrpmnm.dll
2006-12-30 02:11 <DIR> d
C:\Program Files\Shockwave.com
2006-12-30 02:09 <DIR> d
C:\Program Files\ReflexiveArcade
2006-12-29 02:56 <DIR> d
C:\Program Files\IObit
2006-12-28 01:05 <DIR> d
C:\Documents and Settings\Owner\Application Data\funkitron
2006-12-23 01:24 <DIR> d
C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
2006-12-19 23:10 24,816 --a
C:\WINDOWS\system32\mdimon.dll
2006-12-19 23:08 <DIR> d
C:\Program Files\Microsoft ActiveSync
2006-12-19 23:07 <DIR> d
C:\Program Files\Microsoft.NET
2006-12-19 23:04 <DIR> dr-h
C:\MSOCache
2006-12-17 23:23 <DIR> d
C:\Program Files\Windows Media Connect 2
2006-12-17 23:22 <DIR> d
C:\WINDOWS\system32\LogFiles
2006-12-17 23:22 <DIR> d
C:\WINDOWS\system32\drivers\UMDF
2006-12-14 00:01 <DIR> d
C:\Documents and Settings\Owner\Application Data\Photodex
2006-12-11 22:20 <DIR> d
C:\Program Files\360Share Pro
2006-12-11 22:20 <DIR> d
C:\Documents and Settings\Owner\Application Data\LimeWire
2006-12-11 22:08 <DIR> d
C:\Documents and Settings\Owner\Application Data\Roxio
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-07 01:35
d
C:\Program Files\Common Files
2007-01-02 23:42
d
C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-01-02 23:37
d
C:\Program Files\Java
2007-01-01 19:18
d
C:\Program Files\Spybot - Search & Destroy
2006-12-31 13:52
d
C:\Documents and Settings\Owner\Application Data\Ahead
2006-12-31 02:26
d
C:\Program Files\Yahoo! Games
2006-12-30 19:22
d
C:\Program Files\MSN
2006-12-30 19:14
d
C:\Program Files\lx_cats
2006-12-30 18:51
d
C:\Program Files\Common Files\Adobe
2006-12-30 18:47
d
C:\Program Files\QuickTime
2006-12-30 18:21
d
C:\Program Files\Internet Explorer
2006-12-30 18:20
d
C:\Program Files\Download Express
2006-12-29 22:54
d
C:\Program Files\Bonjour
2006-12-21 23:15
d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-12-19 23:26
d
C:\Program Files\Common Files\Microsoft Shared
2006-12-19 23:08
d
C:\Program Files\Microsoft Office
2006-12-19 23:07
d
C:\Program Files\Common Files\System
2006-12-17 23:23
d
C:\Program Files\Windows Media Player
2006-12-17 03:01
d
C:\Program Files\Outlook Express
2006-12-11 22:14
d--h
C:\Program Files\InstallShield Installation Information
2006-12-08 18:33
d
C:\Program Files\Common Files\Kodak
2006-11-25 23:49
d
C:\Program Files\Photodex
2006-11-16 19:47 524288 --a
C:\WINDOWS\opuc.dll
2006-11-14 19:28
d
C:\Program Files\Snapshot Viewer
2006-11-14 19:27
d
C:\Program Files\microsoft frontpage
2006-11-14 19:22
d
C:\Program Files\Common Files\Designer
2006-11-07 23:06 679424 --a
C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a
C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280
C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688
C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752
C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a
C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a
C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736
C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a
C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a
C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a
C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a
C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a
C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a
C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a
C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a
C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a
C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a
C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a
C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a
C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a
C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a
C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a
C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a
C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a
C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a
C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488
C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a
C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a
C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896
C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a
C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a
C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376
C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a
C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a
C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040
C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a
C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a
C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400
C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a
C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a
C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a
C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a
C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a
C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a
C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440
C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a
C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936
C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160
C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992
C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a
C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008
C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072
C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072
C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a
C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a
C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a
C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a
C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a
C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992
C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a
C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288
C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168
C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a
C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a
C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912
C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440
C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912
C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a
C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a
C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680
C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912
C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632
C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a
C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096
C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048
C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a
C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a
C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888
C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a
C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856
C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408
C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a
C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a
C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336
C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a
C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a
C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a
C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952
C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288
C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a
C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752
C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a
C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a
C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928
C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 06:35 142336 --a
C:\WINDOWS\system32\nwprovau.dll
2006-10-09 08:12 1343488 --a
C:\WINDOWS\system32\FreeImage.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~2\\data\\Xtras\\mssysmgr.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"TaskManager"="C:\\WINDOWS\\TaskMgr.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
"SSRunScript"="\"C:\\Program Files\\Support.com\\Charter\\bin\\SSRunScript.exe\" /script \"C:\\Program Files\\Support.com\\Charter\\vbs\\verifyconnection.vbs\" /args //b startupdelay"
"BCMSMMSG"="BCMSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
"AutoSys"="C:\\WINDOWS\\system32\\autosys.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\orxpcvap.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@="
;"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{E672B410-3580-435F-AD90-63D158E2F29C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=dword:ffffffff
"LinkResolveIgnoreLinkInfo"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"="C:\\WINDOWS\\csrss.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvts
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonmn
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpySE.job
Completion time: 07-01-07 1:36:59.51
C:\ComboFix.txt ... 07-01-07 01:36
Hijackthis Log:
Logfile of HijackThis v1.99.1
Scan saved at 1:32:33 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.charter.com/welcome/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\orxpcvap.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) -
http://makeover.ivillage.co.uk/save/makeover.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) -
https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) -
http://www.photodex.com/pxplay.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://flash.7sultans.com/7sultans/FlashAX.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
«
1
2
»
Go
This discussion has been closed.
Comments
AVG Scan:
AVG Anti-Spyware - Scan Report
+ Created at: 1:25:47 AM 1/7/2007
+ Scan result:
HKLM\SOFTWARE\iGlobalMedia -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\Installer -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\upgrades -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\blackjackdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\boardbabe -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\cashcruise -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\coolbananas -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\firedrake -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\flamingo -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\funkychicken -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\games -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldeneagle -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldengopher -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldenoasis -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\highlimitblackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\hotroller -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kangacash -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kenodll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kookakeno -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\letitride -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\magicmanslot -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\megaeuropeanroulette -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\metropolis -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\multiplayerblackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\multiplayerblackjackdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\nextgenvpdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\piggypayback -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\pokerdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\roulettedll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\safecrackerkeno -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\silvercity -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\slotsdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superfortunewheel -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superjoker -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\supermystic -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superstar -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\sweethawaii -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\tod -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vegasclub -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\videopokerdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerdw -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerjob -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerjp -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckitalia -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckitalia\casino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
C:\Program Files\Starware347\bin\Starware347.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{342E607B-09DD-1033-0919-030512200001}\Bar888.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063448.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063650.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063754.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sfc_os.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\bghtcbd.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065966.exe -> Downloader.Small.edu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063648.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063751.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063773.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0064934.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP326\A0066398.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP327\A0067391.sys -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\eitpgmoi.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msvcrl.dll -> Logger.Goldun.on : Cleaned with backup (quarantined).
C:\bhbn.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP328\A0067488.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\VundoFix Backups\winrkp32.dll.bad -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\omepavy.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\ydkdohw.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063559.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063562.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063752.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063774.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0064935.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP326\A0066399.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\ihnf.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
::Report end
ComboFix log:
Owner - 07-01-07 1:34:04.53 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\{342E607B-09DD-1033-0919-030512200001}
((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))
2007-01-06 23:37 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-06 22:53 857,802 ---hs---- C:\WINDOWS\system32\stvwa.bak2
2007-01-05 22:53 852,023 ---hs---- C:\WINDOWS\system32\stvwa.bak1
2007-01-05 22:53 277,044 ---hs---- C:\WINDOWS\system32\awvts.dll
2007-01-05 22:42 <DIR> d
C:\VundoFix Backups
2007-01-04 19:39 <DIR> d
C:\avenger
2007-01-04 19:33 <DIR> d
C:\Rustbfix
2007-01-04 00:11 79,360 --a
C:\WINDOWS\system32\swxcacls.exe
2007-01-04 00:11 53,248 --a
C:\WINDOWS\system32\Process.exe
2007-01-04 00:11 51,200 --a
C:\WINDOWS\system32\dumphive.exe
2007-01-04 00:11 40,960 --a
C:\WINDOWS\system32\swsc.exe
2007-01-04 00:11 3,952 --a
C:\WINDOWS\system32\tmp.reg
2007-01-04 00:11 288,417 --a
C:\WINDOWS\system32\SrchSTS.exe
2007-01-04 00:11 135,168 --a
C:\WINDOWS\system32\swreg.exe
2007-01-04 00:06 2,416 --a
C:\GetPaths.vbs
2007-01-03 23:57 0 --a
C:\klnl.exe
2007-01-03 07:27 118,804 --a
C:\WINDOWS\system32\orxpcvap.dll
2007-01-02 23:37 <DIR> d
C:\Program Files\Common Files\Java
2007-01-02 22:29 81,684 --a
C:\WINDOWS\system32\fqtxuliu.dll
2007-01-02 21:29 81,684 --a
C:\WINDOWS\system32\ecdqkrfs.dll
2007-01-02 21:15 <DIR> d
C:\Program Files\Hijackthis
2007-01-01 21:26 <DIR> d
C:\WINDOWS\BDOSCAN8
2007-01-01 20:56 <DIR> d
C:\WINDOWS\system32\ActiveScan
2007-01-01 20:44 <DIR> d
C:\Program Files\SpywareBlaster
2007-01-01 20:41 81,684 --a
C:\WINDOWS\system32\lcspqnci.dll
2007-01-01 20:07 22,541 ---hs---- C:\WINDOWS\system32\urqonmn.dll
2006-12-31 14:35 81,684 --a
C:\WINDOWS\system32\jcaswhdp.dll
2006-12-31 12:13 81,684 --a
C:\WINDOWS\system32\viiqwhbx.dll
2006-12-31 01:37 68,888 --a
C:\WINDOWS\system32\xinput1_3.dll
2006-12-31 01:37 62,744 --a
C:\WINDOWS\system32\xinput1_2.dll
2006-12-31 01:37 3,426,072 --a
C:\WINDOWS\system32\d3dx9_32.dll
2006-12-31 01:37 251,672 --a
C:\WINDOWS\system32\xactengine2_5.dll
2006-12-31 01:37 237,848 --a
C:\WINDOWS\system32\xactengine2_4.dll
2006-12-31 01:37 236,824 --a
C:\WINDOWS\system32\xactengine2_3.dll
2006-12-31 01:37 2,414,360 --a
C:\WINDOWS\system32\d3dx9_31.dll
2006-12-31 01:37 2,297,552 --a
C:\WINDOWS\system32\d3dx9_26.dll
2006-12-31 01:37 15,128 --a
C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-31 01:35 <DIR> d--h
C:\WINDOWS\msdownld.tmp
2006-12-30 19:22 <DIR> d
C:\Documents and Settings\Owner\Application Data\MSNInstaller
2006-12-30 18:25 81,684 --a
C:\WINDOWS\system32\btrhyhyg.dll
2006-12-30 18:25 44,060 --a
C:\WINDOWS\system32\iiyhdxbr.dll
2006-12-30 18:19 22,541 ---hs---- C:\WINDOWS\system32\rqrpmnm.dll
2006-12-30 02:11 <DIR> d
C:\Program Files\Shockwave.com
2006-12-30 02:09 <DIR> d
C:\Program Files\ReflexiveArcade
2006-12-29 02:56 <DIR> d
C:\Program Files\IObit
2006-12-28 01:05 <DIR> d
C:\Documents and Settings\Owner\Application Data\funkitron
2006-12-23 01:24 <DIR> d
C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
2006-12-19 23:10 24,816 --a
C:\WINDOWS\system32\mdimon.dll
2006-12-19 23:08 <DIR> d
C:\Program Files\Microsoft ActiveSync
2006-12-19 23:07 <DIR> d
C:\Program Files\Microsoft.NET
2006-12-19 23:04 <DIR> dr-h
C:\MSOCache
2006-12-17 23:23 <DIR> d
C:\Program Files\Windows Media Connect 2
2006-12-17 23:22 <DIR> d
C:\WINDOWS\system32\LogFiles
2006-12-17 23:22 <DIR> d
C:\WINDOWS\system32\drivers\UMDF
2006-12-14 00:01 <DIR> d
C:\Documents and Settings\Owner\Application Data\Photodex
2006-12-11 22:20 <DIR> d
C:\Program Files\360Share Pro
2006-12-11 22:20 <DIR> d
C:\Documents and Settings\Owner\Application Data\LimeWire
2006-12-11 22:08 <DIR> d
C:\Documents and Settings\Owner\Application Data\Roxio
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-07 01:35
d
C:\Program Files\Common Files
2007-01-02 23:42
d
C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-01-02 23:37
d
C:\Program Files\Java
2007-01-01 19:18
d
C:\Program Files\Spybot - Search & Destroy
2006-12-31 13:52
d
C:\Documents and Settings\Owner\Application Data\Ahead
2006-12-31 02:26
d
C:\Program Files\Yahoo! Games
2006-12-30 19:22
d
C:\Program Files\MSN
2006-12-30 19:14
d
C:\Program Files\lx_cats
2006-12-30 18:51
d
C:\Program Files\Common Files\Adobe
2006-12-30 18:47
d
C:\Program Files\QuickTime
2006-12-30 18:21
d
C:\Program Files\Internet Explorer
2006-12-30 18:20
d
C:\Program Files\Download Express
2006-12-29 22:54
d
C:\Program Files\Bonjour
2006-12-21 23:15
d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-12-19 23:26
d
C:\Program Files\Common Files\Microsoft Shared
2006-12-19 23:08
d
C:\Program Files\Microsoft Office
2006-12-19 23:07
d
C:\Program Files\Common Files\System
2006-12-17 23:23
d
C:\Program Files\Windows Media Player
2006-12-17 03:01
d
C:\Program Files\Outlook Express
2006-12-11 22:14
d--h
C:\Program Files\InstallShield Installation Information
2006-12-08 18:33
d
C:\Program Files\Common Files\Kodak
2006-11-25 23:49
d
C:\Program Files\Photodex
2006-11-16 19:47 524288 --a
C:\WINDOWS\opuc.dll
2006-11-14 19:28
d
C:\Program Files\Snapshot Viewer
2006-11-14 19:27
d
C:\Program Files\microsoft frontpage
2006-11-14 19:22
d
C:\Program Files\Common Files\Designer
2006-11-07 23:06 679424 --a
C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a
C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280
C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688
C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752
C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a
C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a
C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736
C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a
C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a
C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a
C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a
C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a
C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a
C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a
C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a
C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a
C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a
C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a
C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a
C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a
C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a
C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a
C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a
C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a
C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a
C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488
C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a
C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a
C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896
C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a
C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a
C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376
C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a
C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a
C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040
C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a
C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a
C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400
C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a
C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a
C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a
C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a
C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a
C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a
C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440
C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a
C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936
C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160
C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992
C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a
C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008
C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072
C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072
C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a
C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a
C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a
C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a
C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a
C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992
C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a
C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288
C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168
C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a
C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a
C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912
C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440
C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912
C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a
C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a
C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680
C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912
C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632
C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a
C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096
C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048
C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a
C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a
C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888
C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a
C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856
C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408
C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a
C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a
C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336
C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a
C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a
C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a
C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952
C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288
C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a
C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752
C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a
C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a
C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928
C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 06:35 142336 --a
C:\WINDOWS\system32\nwprovau.dll
2006-10-09 08:12 1343488 --a
C:\WINDOWS\system32\FreeImage.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~2\\data\\Xtras\\mssysmgr.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"TaskManager"="C:\\WINDOWS\\TaskMgr.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
"SSRunScript"="\"C:\\Program Files\\Support.com\\Charter\\bin\\SSRunScript.exe\" /script \"C:\\Program Files\\Support.com\\Charter\\vbs\\verifyconnection.vbs\" /args //b startupdelay"
"BCMSMMSG"="BCMSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
"AutoSys"="C:\\WINDOWS\\system32\\autosys.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\orxpcvap.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{E672B410-3580-435F-AD90-63D158E2F29C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=dword:ffffffff
"LinkResolveIgnoreLinkInfo"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"="C:\\WINDOWS\\csrss.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvts
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonmn
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpySE.job
Completion time: 07-01-07 1:36:59.51
C:\ComboFix.txt ... 07-01-07 01:36
Hijackthis Log:
Logfile of HijackThis v1.99.1
Scan saved at 1:32:33 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.charter.com/welcome/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\orxpcvap.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe