Unusual Browser Behavior

While running Opera 9.6 on my Windows XP SP3 machine, I had some odd things happen which makes me suspect I may have a virus:


When attempting to go to two websites I frequent, one came up with a text message (I am alive), and another, a picture of an oriental person with fists clenched. They didn't stay though, so I'm thinking there's something unusual going on with my pc. I've run bitdefender deep scans twice and it doesn't detect anything. (There are some unscanned files, belonging to some games, like Savage 2, which were overcompressed.)


Any ideas as to how to proceed? Thanks for the help.

Comments

  • While running Opera 9.6 on my Windows XP SP3 machine, I had some odd things happen which makes me suspect I may have a virus:


    When attempting to go to two websites I frequent, one came up with a text message (I am alive), and another, a picture of an oriental person with fists clenched. They didn't stay though, so I'm thinking there's something unusual going on with my pc. I've run bitdefender deep scans twice and it doesn't detect anything. (There are some unscanned files, belonging to some games, like Savage 2, which were overcompressed.)


    Any ideas as to how to proceed? Thanks for the help.


    Here's my HijackThis! Log:


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 1:06:04 AM, on 3/3/2009


    Platform: Windows XP SP3 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16791)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\Explorer.EXE


    C:\Program Files\Intel\Intel® Active Monitor\imontray.exe


    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe


    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE


    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe


    C:\WINDOWS\CTHELPER.EXE


    C:\Program Files\Winamp\winampa.exe


    C:\Program Files\iTunes\iTunesHelper.exe


    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    C:\Program Files\D-Link\DWA-160\AirNCFG.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe


    C:\Program Files\Common Files\Real\Update_OB\realsched.exe


    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe


    C:\Program Files\Bonjour\mDNSResponder.exe


    C:\WINDOWS\System32\CTsvcCDA.exe


    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe


    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE


    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


    C:\WINDOWS\system32\RioMSC.exe


    C:\Program Files\AIM6\aim6.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Winamp Remote\bin\OrbTray.exe


    C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe


    C:\Program Files\Curse\CurseClient.exe


    C:\Program Files\Steam\Steam.exe


    C:\Program Files\Logitech\SetPoint\SetPoint.exe


    C:\Program Files\Paltalk Messenger\paltalk.exe


    C:\Program Files\Viewpoint\Common\ViewpointService.exe


    C:\WINDOWS\System32\MsPMSPSv.exe


    C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe


    C:\Program Files\iPod\bin\iPodService.exe


    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe


    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE


    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe


    C:\Program Files\Winamp Remote\bin\Orb.exe


    C:\Program Files\AIM6\aolsoftware.exe


    C:\WINDOWS\system32\wuauclt.exe


    C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local


    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll


    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll


    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll


    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll


    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll


    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll


    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll


    O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe


    O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r


    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r


    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE


    O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"


    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE


    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE


    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"


    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe


    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"


    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE


    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe


    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun


    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"


    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE


    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background


    O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe


    O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent


    O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent


    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"


    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')


    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')


    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')


    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')


    O4 - Startup: dBpowerAMP.lnk.disabled


    O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe


    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe


    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe


    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe


    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll


    O15 - Trusted Zone: http://groups.msn.com


    O15 - Trusted Zone: http://www.prms.org


    O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/dom...o-ob-assets.cab


    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18...o-ob-assets.cab


    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.24/f...l-ob-assets.cab


    O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flin...r-ob-assets.cab


    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.0.1.28/slot...i-ob-assets.cab


    O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spa...s-ob-assets.cab


    O16 - DPF: Sweet Tooth TM by pogo - http://solitaire04.pogo.com/applet-5.8.4.1...h-ob-assets.cab


    O16 - DPF: Tank Hunter by pogo - http://playweb14.pogo.com/applet-6.0.1.28/...k-ob-assets.cab


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll


    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093076439718


    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab


    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab


    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab


    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab


    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab


    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab


    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab


    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab


    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab


    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)


    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll


    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe


    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe


    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe


    O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)


    O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)


    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe


    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe


    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


    O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe


    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe


    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe


    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


    --


    End of file - 15122 bytes

  • rootkit
    rootkit ✭✭✭

    Use this to clean up junk left by other AV product: http://www.grisoft.cz/filedir/util/avg_arm.../avgremover.exe


    After that...


    Please do this:


    Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.

  • Use this to clean up junk left by other AV product: http://www.grisoft.cz/filedir/util/avg_arm.../avgremover.exe


    After that...


    Please do this:


    Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.


    Not sure if you meant the HijackThis! Log or the combofix, but here's both... A few notes: I did run the avg cleanup as instructed, but Combofix indicated it was still running. Don't know how that is, since I ran the cleanup tool. Also, I couldn't find a way to shut off bitdefender, which is why that is on also. After the machine reboot (when combofix was done), I was being redirected to a different site that I go to when I typed in http://www.bitdefender.com. In the meantime, I deleted the ANIO service from my and rebooted, and fortunately can access this site again. Thanks for the help so far, it's greatly appreciated. What do I need to do next?


    ComboFix 09-03-02.03 - Tom 2009-03-03 10:30:20.1 - NTFSx86


    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.328 [GMT -5:00]


    Running from: c:\documents and settings\Tom\My Documents\ComboFix.exe


    AV: AVG Anti-Virus *On-access scanning enabled* (Updated)


    AV: BitDefender Antivirus *On-access scanning enabled* (Updated)


    FW: BitDefender Firewall *enabled*


    * Created a new restore point


    * Resident AV is active


    .


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    c:\windows\system32\drivers\npf.sys


    c:\windows\system32\packet.dll


    c:\windows\system32\pthreadVC.dll


    c:\windows\system32\wanpacket.dll


    c:\windows\system32\wpcap.dll


    .


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    -------\Legacy_NPF


    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))


    .


    2009-03-03 04:13 . 2009-03-03 04:12 410,984 --a------ c:\windows\system32\deploytk.dll


    2009-03-03 04:08 . 2009-03-03 04:08 <DIR> d-------- c:\program files\OpenOffice.org 3


    2009-03-03 04:08 . 2009-03-03 04:08 <DIR> d-------- c:\program files\JRE


    2009-03-03 04:08 . 2009-03-03 04:12 73,728 --a------ c:\windows\system32\javacpl.cpl


    2009-03-03 04:07 . 2009-03-03 04:07 <DIR> d-------- c:\program files\Common Files\Java


    2009-03-03 03:33 . 2009-03-03 03:34 <DIR> d-------- C:\95ba8a54bb2df11e0125ac140aee


    2009-03-03 03:32 . 2009-03-03 03:50 <DIR> d-------- c:\windows\SxsCaPendDel


    2009-03-03 02:40 . 2009-03-03 02:46 <DIR> d-------- c:\program files\Free Easy Burner


    2009-03-03 02:40 . 2005-03-11 18:37 1,986,560 --a------ c:\windows\system32\AudFile.dll


    2009-03-03 02:40 . 2005-02-24 13:11 1,212,416 --a------ c:\windows\system32\AudioInfos.dll


    2009-03-03 02:40 . 2005-02-24 12:51 348,160 --a------ c:\windows\system32\WMAFile.dll


    2009-03-03 02:40 . 2003-08-07 13:01 237,568 --a------ c:\windows\system32\lame_enc.dll


    2009-03-03 02:40 . 2006-11-18 11:38 200,704 --a------ c:\windows\system32\vbalExpBar6.ocx


    2009-03-03 02:40 . 1998-07-12 22:00 141,312 --a------ c:\windows\system32\MSCMCFR.DLL


    2009-03-03 02:40 . 2000-10-01 18:00 119,568 --a------ c:\windows\system32\VB6FR.DLL


    2009-03-03 02:40 . 2005-01-10 13:54 116,296 --a------ c:\windows\system32\NCTWMAProfiles.prx


    2009-03-03 02:40 . 1998-07-13 17:53 44,544 --a------ c:\windows\system32\GIF89.DLL


    2009-03-03 02:40 . 2003-01-26 12:41 40,960 --a------ c:\windows\system32\SSubTmr6.dll


    2009-03-03 02:40 . 1998-07-12 18:00 32,768 --a------ c:\windows\system32\CMDLGFR.DLL


    2009-03-03 02:40 . 1998-07-12 22:00 15,360 --a------ c:\windows\system32\inetfr.DLL


    2009-03-03 02:03 . 2009-03-03 02:32 <DIR> d-------- c:\program files\ophcrack


    2009-03-01 00:59 . 2009-03-01 00:59 <DIR> d-------- c:\program files\Trend Micro


    2009-03-01 00:43 . 2009-03-03 10:46 121 --a------ c:\windows\bdagent.INI


    2009-03-01 00:38 . 2009-03-03 10:43 81,984 --a------ c:\windows\system32\bdod.bin


    2009-03-01 00:31 . 2009-03-01 00:31 850 --a------ c:\windows\system32\ProductTweaks.xml


    2009-03-01 00:31 . 2009-03-01 00:31 385 --a------ c:\windows\system32\user_gensett.xml


    2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- c:\windows\system32\logs


    2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- c:\documents and settings\Tom\Application Data\BitDefender


    2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- C:\Binaries


    2009-03-01 00:26 . 2009-03-01 00:26 <DIR> d-------- c:\program files\BitDefender


    2009-03-01 00:26 . 2009-03-01 00:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender


    2009-03-01 00:23 . 2009-03-01 00:26 <DIR> d-------- c:\program files\Common Files\BitDefender


    2009-02-28 20:00 . 2009-02-28 20:00 <DIR> d-------- C:\371b55ff094ed4c4597742838c0f3a3f


    2009-02-25 11:15 . 2009-02-25 11:15 <DIR> d-------- c:\program files\Common Files\xing shared


    2009-02-24 20:56 . 2009-02-24 20:56 <DIR> d-------- c:\program files\Opera


    2009-02-24 19:56 . 2009-02-24 19:56 <DIR> d-------- c:\program files\Common Files\Logitech


    2009-02-24 19:56 . 2009-02-24 19:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI


    2009-02-24 17:19 . 2009-02-24 17:53 3,284 --a------ c:\windows\system32\ANIWZCS{80E169A8-AB69-47D7-866F-03F0733D1AF3}


    2009-02-24 17:17 . 2009-03-03 10:44 7 --a------ c:\windows\system32\ANIWZCSUSERNAME


    2009-02-24 17:05 . 2009-02-24 17:05 <DIR> d-------- c:\program files\ANI


    2009-02-24 17:00 . 2009-02-24 17:00 <DIR> d-------- c:\program files\D-Link


    2009-02-24 17:00 . 2008-01-31 22:15 560,896 --a------ c:\windows\system32\drivers\rt2870.sys


    2009-02-24 16:40 . 2009-02-24 16:40 <DIR> d-------- c:\documents and settings\Tom\Application Data\Logitech


    2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf


    2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf


    2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf


    2009-02-24 16:37 . 2009-02-24 16:37 <DIR> d-------- c:\program files\Logitech


    2009-02-24 16:37 . 2009-02-24 16:40 <DIR> d-------- c:\program files\Common Files\Logishrd


    2009-02-24 16:37 . 2009-02-24 16:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech


    2009-02-24 16:37 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll


    2009-02-24 16:37 . 2008-05-02 02:39 170,512 --a------ c:\windows\system32\kemutb.dll


    2009-02-24 16:37 . 2008-05-02 02:39 145,936 --a------ c:\windows\system32\KemUtil.dll


    2009-02-24 16:37 . 2008-05-02 02:40 117,264 --a------ c:\windows\system32\KemWnd.dll


    2009-02-24 16:37 . 2008-05-02 02:40 84,496 --a------ c:\windows\system32\KemXML.dll


    2009-02-24 16:36 . 2009-02-24 16:36 <DIR> d-------- c:\documents and settings\Tom\Application Data\InstallShield


    2009-02-24 16:36 . 2009-02-24 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd


    2009-02-24 16:17 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll


    2009-02-24 16:17 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll


    2009-02-24 16:17 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys


    2009-02-24 16:17 . 2008-04-13 14:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys


    2009-02-03 23:13 . 2009-02-03 23:13 121,808 --a------ c:\windows\system32\ativvaxx.cap


    2009-02-03 21:43 . 2009-02-03 21:43 45,056 --a------ c:\windows\system32\aticalrt.dll


    2009-02-03 21:42 . 2009-02-03 21:42 45,056 --a------ c:\windows\system32\aticalcl.dll


    2009-02-03 21:40 . 2009-02-03 21:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll


    2009-02-03 17:03 . 2009-02-03 17:03 104,328 --a------ c:\windows\system32\drivers\bdfndisf.sys


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2009-03-03 15:48 --------- d-----w c:\program files\BOINC


    2009-03-03 15:45 --------- d-----w c:\program files\Steam


    2009-03-03 09:12 --------- d-----w c:\program files\Java


    2009-03-02 21:08 --------- d-----w c:\program files\Winamp Remote


    2009-03-02 04:09 913,453 ----a-w c:\windows\system32\drivers\fwdrv.err


    2009-03-01 16:07 --------- d-----w c:\program files\Microsoft Silverlight


    2009-03-01 05:24 --------- d-----w c:\program files\Lavasoft


    2009-03-01 05:24 --------- d-----w c:\documents and settings\Tom\Application Data\Lavasoft


    2009-02-25 19:44 --------- d-----w c:\program files\Paltalk Messenger


    2009-02-25 16:15 --------- d-----w c:\program files\Common Files\Real


    2009-02-25 02:25 --------- d-----w c:\program files\RealRhapsody


    2009-02-25 01:40 --------- d-----w c:\program files\World of Warcraft


    2009-02-25 01:22 --------- d-----w c:\program files\ATI


    2009-02-25 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8


    2009-02-25 00:20 --------- d-----w c:\program files\ATI Technologies


    2009-02-24 22:05 --------- d--h--w c:\program files\InstallShield Installation Information


    2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys


    2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll


    2003-12-20 00:36 40,960 ----a-w c:\program files\Uninstall_CDS.exe


    2008-12-16 22:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll


    2008-08-31 14:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]


    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]


    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]


    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]


    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]


    "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]


    "Radio365Agent"="c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe" [2008-05-13 884736]


    "CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]


    "Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2004-03-10 32768]


    "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]


    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]


    "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]


    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]


    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]


    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]


    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]


    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]


    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]


    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]


    "D-Link D-Link Xtreme N Dual Band DWA-160 "="c:\program files\D-Link\DWA-160\AirNCFG.exe" [2008-03-21 1675264]


    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]


    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-25 198160]


    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376]


    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]


    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 136600]


    "CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]


    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]


    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]


    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]


    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]


    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]


    c:\documents and settings\Cyndy\Start Menu\Programs\Startup\


    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-10-30 2303056]


    c:\documents and settings\Tom\Start Menu\Programs\Startup\


    dBpowerAMP.lnk.disabled [2004-08-14 728]


    c:\documents and settings\All Users\Start Menu\Programs\Startup\


    BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2007-11-13 4141056]


    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-24 805392]


    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]


    PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]


    2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]


    "msacm.l3acm"= l3codecp.acm


    "msacm.g723"= g723.acm


    "vidc.I263"= I263_32.drv


    "MSVideo"= ucdvfw.dll


    "VIDC.D263"= xl_x263dec.dll


    "VIDC.YV12"= xl_yv12.dll


    "VIDC.XJPG"= camfc.dll


    "vidc.3IV2"= 3ivxVfWCodec_dec.dll


    "msacm.avis"= ff_acm.acm


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]


    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]


    @=""


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]


    "RemoteCenter"=c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE


    "Shareaza"="c:\program files\Shareaza\Shareaza.exe" -tray


    "Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet


    "AIM"=c:\progra~1\AIM\aim.exe -cnetwait.odl


    "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]


    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime


    "ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe


    "B'sCLiP"=c:\progra~1\B'SCLI~1\Win2K\BSCLIP.exe


    "iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe


    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime


    "ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe


    "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


    "%windir%\\system32\\sessmgr.exe"=


    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=


    "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth \\game.dat"=


    "c:\\Program Files\\Shareaza\\Shareaza.exe"=


    "c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=


    "c:\\Program Files\\Xfire\\Xfire.exe"=


    "c:\\Program Files\\AIM\\aim.exe"=


    "c:\\WINDOWS\\system32\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=


    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=


    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=


    "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=


    "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=


    "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=


    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=


    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=


    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=


    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=


    "c:\\Program Files\\Curse\\CurseClient.exe"=


    "c:\\Program Files\\AIM6\\aim6.exe"=


    "c:\\Program Files\\iTunes\\iTunes.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\sacred gold\\Sacred.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war demo\\medieval2.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\stubbs the zombie\\Stubbs.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\painkiller gold edition\\Bin\\Painkiller.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"=


    "c:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\Tqit.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\help.htm"=


    "c:\\Program Files\\Steam\\steamapps\\common\\sid meier's railroads demo\\RailRoadsDemo.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=


    "c:\\Program Files\\Steam\\steamapps\\common\\the movies demo\\moviesdemo_drm.exe"=


    "c:\\Program Files\\Steam\\steamapps\\common\\painkiller gold edition\\Bin\\Editor\\PainEditor.exe"=


    "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=


    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping


    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]


    "AllowInboundEchoRequest"= 1 (0x1)


    R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-06-02 9344]


    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]


    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-19 24652]


    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]


    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-03 104328]


    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]


    S3 pfsvgae;pfsvgae;\??\c:\docume~1\Tom\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\Tom\LOCALS~1\Temp\pfsvgae.sys [?]


    S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-02-24 560896]


    S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2004-07-24 899980]


    S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2004-06-02 394496]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]


    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc


    bdx REG_MULTI_SZ scan


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]


    \Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe


    \Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe


    .


    Contents of the 'Scheduled Tasks' folder


    2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job


    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]


    .


    - - - - ORPHANS REMOVED - - - -


    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe


    Notify-avgrsstarter - avgrsstx.dll


    .


    ------- Supplementary Scan -------


    .


    uStart Page = about:blank


    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8


    uInternet Settings,ProxyOverride = *.local


    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s


    IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html


    Trusted Zone: aol.com\free


    Trusted Zone: msn.com\groups


    Trusted Zone: prms.org\www


    Trusted Zone: yahoo.com\filetransfer.msg


    Trusted Zone: yahoo.com\launch


    DPF: Dominoes by pogo - hxxp://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab


    DPF: Fortune Bingo by pogo - hxxp://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab


    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab


    DPF: Payday FreeCell by pogo - hxxp://freecell.pogo.com/applet-5.8.4.24/freecell/freecell-ob-assets.cab


    DPF: Phlinx by pogo - hxxp://game4.pogo.com/applet-6.0.1.28/flinger/flinger-ob-assets.cab


    DPF: SciFi Slots by pogo - hxxp://scifi.pogo.com/applet-6.0.1.28/slots/scifi-ob-assets.cab


    DPF: Spades by pogo - hxxp://spades.pogo.com/applet-5.8.4.24/spades/spades-ob-assets.cab


    DPF: Sweet Tooth TM by pogo - hxxp://solitaire04.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab


    DPF: Tank Hunter by pogo - hxxp://playweb14.pogo.com/applet-6.0.1.28/tank/tank-ob-assets.cab


    FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\w1dud3nf.default\


    FF - prefs.js: browser.startup.homepage - hxxp://beeradvocate.com/forum/|http://www.good-music-guide.com/community/index.php|http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1033&_lang=EN|http://www.berkshirerecordoutlet.com/|http://www.beeryard.com/|http://www.recipezaar.com/|http://training.fitness.com/|http://www.buzzen.com/chat/find.php?cat=PR|http://192.168.1.1/cgi-bin/webcm?getpage=../html/index_real.html&var:conname=connection0&var:contype=pppoe|http://thenightbreed.guildlaunch.com/forums/index.php?gid=4190|about:blank


    FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll


    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll


    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll


    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPGWrap.dll


    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll


    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll


    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll


    .


    **************************************************************************


    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2009-03-03 10:45:07


    Windows 5.1.2600 Service Pack 3 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    scan completed successfully


    hidden files: 0


    **************************************************************************


    .


    --------------------- DLLs Loaded Under Running Processes ---------------------


    - - - - - - - > 'winlogon.exe'(1176)


    c:\windows\system32\Ati2evxx.dll


    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll


    c:\program files\common files\logishrd\bluetooth\LBTServ.dll


    - - - - - - - > 'explorer.exe'(2372)


    c:\program files\Logitech\SetPoint\lgscroll.dll


    .


    ------------------------ Other Running Processes ------------------------


    .


    c:\windows\system32\ati2evxx.exe


    c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    c:\program files\BitDefender\BitDefender 2009\vsserv.exe


    c:\windows\system32\ati2evxx.exe


    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    c:\program files\Bonjour\mDNSResponder.exe


    c:\windows\system32\CTSVCCDA.EXE


    c:\program files\Executive Software\DiskeeperLite\DKService.exe


    c:\program files\Java\jre6\bin\jqs.exe


    c:\windows\system32\RioMSC.exe


    c:\windows\system32\MsPMSPSv.exe


    c:\program files\Intel\Intel® Active Monitor\imonNT.exe


    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe


    c:\program files\Live365\Radio365\Radio365TrayAgent.exe


    c:\program files\BitDefender\BitDefender 2009\seccenter.exe


    c:\program files\iPod\bin\iPodService.exe


    c:\program files\BOINC\boinc.exe


    c:\program files\Winamp Remote\bin\Orb.exe


    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe


    c:\program files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe


    c:\program files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe


    c:\program files\AIM6\aolsoftware.exe


    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


    .


    **************************************************************************


    .


    Completion time: 2009-03-03 10:59:22 - machine was rebooted


    ComboFix-quarantined-files.txt 2009-03-03 15:59:12


    Pre-Run: 51,236,401,152 bytes free


    Post-Run: 54,077,530,112 bytes free


    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe


    [boot loader]


    timeout=2


    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS


    [operating systems]


    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn


    354 --- E O F --- 2009-03-03 08:01:23


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 11:25:25 AM, on 3/3/2009


    Platform: Windows XP SP3 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16791)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\Explorer.EXE


    C:\Program Files\Intel\Intel® Active Monitor\imontray.exe


    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe


    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE


    C:\WINDOWS\CTHELPER.EXE


    C:\Program Files\Winamp\winampa.exe


    C:\Program Files\iTunes\iTunesHelper.exe


    C:\Program Files\D-Link\DWA-160\AirNCFG.exe


    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe


    C:\Program Files\Common Files\Real\Update_OB\realsched.exe


    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe


    C:\Program Files\Java\jre6\bin\jusched.exe


    C:\Program Files\Unlocker\UnlockerAssistant.exe


    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE


    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


    C:\Program Files\AIM6\aim6.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Winamp Remote\bin\OrbTray.exe


    C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe


    C:\Program Files\Curse\CurseClient.exe


    C:\Program Files\Steam\Steam.exe


    C:\Program Files\BOINC\boincmgr.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Program Files\Bonjour\mDNSResponder.exe


    C:\WINDOWS\System32\CTsvcCDA.exe


    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe


    C:\Program Files\Logitech\SetPoint\SetPoint.exe


    C:\Program Files\Java\jre6\bin\jqs.exe


    C:\Program Files\BOINC\boinc.exe


    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe


    C:\Program Files\Paltalk Messenger\paltalk.exe


    C:\WINDOWS\system32\RioMSC.exe


    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE


    C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe


    C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe


    C:\Program Files\Winamp Remote\bin\Orb.exe


    C:\Program Files\Viewpoint\Common\ViewpointService.exe


    C:\WINDOWS\System32\MsPMSPSv.exe


    C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe


    C:\Program Files\iPod\bin\iPodService.exe


    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe


    C:\WINDOWS\system32\wuauclt.exe


    C:\Program Files\Opera\opera.exe


    C:\Program Files\AIM6\aolsoftware.exe


    C:\WINDOWS\system32\wuauclt.exe


    C:\WINDOWS\system32\NOTEPAD.EXE


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local


    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll


    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll


    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll


    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll


    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll


    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll


    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll


    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll


    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll


    O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe


    O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r


    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r


    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE


    O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE


    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE


    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE


    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"


    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"


    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE


    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe


    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun


    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"


    O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"


    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE


    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background


    O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe


    O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent


    O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent


    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')


    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')


    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')


    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')


    O4 - Startup: dBpowerAMP.lnk.disabled


    O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe


    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe


    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe


    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html


    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll


    O15 - Trusted Zone: http://groups.msn.com


    O15 - Trusted Zone: http://www.prms.org


    O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/dom...o-ob-assets.cab


    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18...o-ob-assets.cab


    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.24/f...l-ob-assets.cab


    O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flin...r-ob-assets.cab


    O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.0.1.28/slot...i-ob-assets.cab


    O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spa...s-ob-assets.cab


    O16 - DPF: Sweet Tooth TM by pogo - http://solitaire04.pogo.com/applet-5.8.4.1...h-ob-assets.cab


    O16 - DPF: Tank Hunter by pogo - http://playweb14.pogo.com/applet-6.0.1.28/...k-ob-assets.cab


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll


    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093076439718


    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab


    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab


    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab


    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab


    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab


    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab


    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab


    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab


    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab


    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)


    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)


    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe


    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe


    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe


    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe


    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


    O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe


    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe


    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe


    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


    --


    End of file - 15082 bytes

  • rootkit
    rootkit ✭✭✭
    edited March 2009

    Please pack the folder(s) in an archive, protected with the password infected.


    Attach the archive in your next post here.(if it's too big, upload it on www.rapidshare.com or other server and leave here the download link).




    C:\Qoobox



    Did you restart your PC after runnig the other AV product removal tool ?


    Download CCleaner and clean up you registry :)

  • I've tried uploading .zip and .rar but was told I was not permitted to upload that type of file...?


    Incidentally, just tried the PC now, and it's still doing odd redirects and blocking URLs. Any ideas?

  • rootkit
    rootkit ✭✭✭

    Upload the file on www.rapidshare.com or other server and leave here the download link.

  • What you have is malware and most antivirus programs cant remove it .


    there is a free version of that program it has helped me remove many types of maleware in just a click. Give it a try cant hurt

  • What you have is malware and most antivirus programs cant remove it .


    there is a free version of that program it has helped me remove many types of maleware in just a click. Give it a try cant hurt


    Sad to say, in the midst of trying various solutions the items that were quarantined have disappeared. The subsequent scans seem to be picking up random malware, but not the one that's doing the downloading.

  • Sad to say, in the midst of trying various solutions the items that were quarantined have disappeared. The subsequent scans seem to be picking up random malware, but not the one that's doing the downloading.


    Good news and bad news - Bad news is I have another infected machine, the good news is I think I know how it got that way. I tried logging into my credit card account and was presented with a digital certificate whose server did not match the name. The server looked ok so I hit Accept, and got redirected to Google. And now the machine is acting like the previously infected one. Any ideas?

  • You might want to follow the advices given earler