Unusual Browser Behavior
While running Opera 9.6 on my Windows XP SP3 machine, I had some odd things happen which makes me suspect I may have a virus:
When attempting to go to two websites I frequent, one came up with a text message (I am alive), and another, a picture of an oriental person with fists clenched. They didn't stay though, so I'm thinking there's something unusual going on with my pc. I've run bitdefender deep scans twice and it doesn't detect anything. (There are some unscanned files, belonging to some games, like Savage 2, which were overcompressed.)
Any ideas as to how to proceed? Thanks for the help.
Comments
-
While running Opera 9.6 on my Windows XP SP3 machine, I had some odd things happen which makes me suspect I may have a virus:
When attempting to go to two websites I frequent, one came up with a text message (I am alive), and another, a picture of an oriental person with fists clenched. They didn't stay though, so I'm thinking there's something unusual going on with my pc. I've run bitdefender deep scans twice and it doesn't detect anything. (There are some unscanned files, belonging to some games, like Savage 2, which were overcompressed.)
Any ideas as to how to proceed? Thanks for the help.
Here's my HijackThis! Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:04 AM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-160\AirNCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: dBpowerAMP.lnk.disabled
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://groups.msn.com
O15 - Trusted Zone: http://www.prms.org
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/dom...o-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18...o-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.24/f...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flin...r-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.0.1.28/slot...i-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spa...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://solitaire04.pogo.com/applet-5.8.4.1...h-ob-assets.cab
O16 - DPF: Tank Hunter by pogo - http://playweb14.pogo.com/applet-6.0.1.28/...k-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093076439718
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 15122 bytes0 -
Use this to clean up junk left by other AV product: http://www.grisoft.cz/filedir/util/avg_arm.../avgremover.exe
After that...
Please do this:
Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.0 -
Use this to clean up junk left by other AV product: http://www.grisoft.cz/filedir/util/avg_arm.../avgremover.exe
After that...
Please do this:
Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.
Not sure if you meant the HijackThis! Log or the combofix, but here's both... A few notes: I did run the avg cleanup as instructed, but Combofix indicated it was still running. Don't know how that is, since I ran the cleanup tool. Also, I couldn't find a way to shut off bitdefender, which is why that is on also. After the machine reboot (when combofix was done), I was being redirected to a different site that I go to when I typed in http://www.bitdefender.com. In the meantime, I deleted the ANIO service from my and rebooted, and fortunately can access this site again. Thanks for the help so far, it's greatly appreciated. What do I need to do next?
ComboFix 09-03-02.03 - Tom 2009-03-03 10:30:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.328 [GMT -5:00]
Running from: c:\documents and settings\Tom\My Documents\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 04:13 . 2009-03-03 04:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-03 04:08 . 2009-03-03 04:08 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-03-03 04:08 . 2009-03-03 04:08 <DIR> d-------- c:\program files\JRE
2009-03-03 04:08 . 2009-03-03 04:12 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-03 04:07 . 2009-03-03 04:07 <DIR> d-------- c:\program files\Common Files\Java
2009-03-03 03:33 . 2009-03-03 03:34 <DIR> d-------- C:\95ba8a54bb2df11e0125ac140aee
2009-03-03 03:32 . 2009-03-03 03:50 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-03 02:40 . 2009-03-03 02:46 <DIR> d-------- c:\program files\Free Easy Burner
2009-03-03 02:40 . 2005-03-11 18:37 1,986,560 --a------ c:\windows\system32\AudFile.dll
2009-03-03 02:40 . 2005-02-24 13:11 1,212,416 --a------ c:\windows\system32\AudioInfos.dll
2009-03-03 02:40 . 2005-02-24 12:51 348,160 --a------ c:\windows\system32\WMAFile.dll
2009-03-03 02:40 . 2003-08-07 13:01 237,568 --a------ c:\windows\system32\lame_enc.dll
2009-03-03 02:40 . 2006-11-18 11:38 200,704 --a------ c:\windows\system32\vbalExpBar6.ocx
2009-03-03 02:40 . 1998-07-12 22:00 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-03-03 02:40 . 2000-10-01 18:00 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-03-03 02:40 . 2005-01-10 13:54 116,296 --a------ c:\windows\system32\NCTWMAProfiles.prx
2009-03-03 02:40 . 1998-07-13 17:53 44,544 --a------ c:\windows\system32\GIF89.DLL
2009-03-03 02:40 . 2003-01-26 12:41 40,960 --a------ c:\windows\system32\SSubTmr6.dll
2009-03-03 02:40 . 1998-07-12 18:00 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2009-03-03 02:40 . 1998-07-12 22:00 15,360 --a------ c:\windows\system32\inetfr.DLL
2009-03-03 02:03 . 2009-03-03 02:32 <DIR> d-------- c:\program files\ophcrack
2009-03-01 00:59 . 2009-03-01 00:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-01 00:43 . 2009-03-03 10:46 121 --a------ c:\windows\bdagent.INI
2009-03-01 00:38 . 2009-03-03 10:43 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-01 00:31 . 2009-03-01 00:31 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-03-01 00:31 . 2009-03-01 00:31 385 --a------ c:\windows\system32\user_gensett.xml
2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- c:\windows\system32\logs
2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- c:\documents and settings\Tom\Application Data\BitDefender
2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- C:\Binaries
2009-03-01 00:26 . 2009-03-01 00:26 <DIR> d-------- c:\program files\BitDefender
2009-03-01 00:26 . 2009-03-01 00:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-03-01 00:23 . 2009-03-01 00:26 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-02-28 20:00 . 2009-02-28 20:00 <DIR> d-------- C:\371b55ff094ed4c4597742838c0f3a3f
2009-02-25 11:15 . 2009-02-25 11:15 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-24 20:56 . 2009-02-24 20:56 <DIR> d-------- c:\program files\Opera
2009-02-24 19:56 . 2009-02-24 19:56 <DIR> d-------- c:\program files\Common Files\Logitech
2009-02-24 19:56 . 2009-02-24 19:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-24 17:19 . 2009-02-24 17:53 3,284 --a------ c:\windows\system32\ANIWZCS{80E169A8-AB69-47D7-866F-03F0733D1AF3}
2009-02-24 17:17 . 2009-03-03 10:44 7 --a------ c:\windows\system32\ANIWZCSUSERNAME
2009-02-24 17:05 . 2009-02-24 17:05 <DIR> d-------- c:\program files\ANI
2009-02-24 17:00 . 2009-02-24 17:00 <DIR> d-------- c:\program files\D-Link
2009-02-24 17:00 . 2008-01-31 22:15 560,896 --a------ c:\windows\system32\drivers\rt2870.sys
2009-02-24 16:40 . 2009-02-24 16:40 <DIR> d-------- c:\documents and settings\Tom\Application Data\Logitech
2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-02-24 16:37 . 2009-02-24 16:37 <DIR> d-------- c:\program files\Logitech
2009-02-24 16:37 . 2009-02-24 16:40 <DIR> d-------- c:\program files\Common Files\Logishrd
2009-02-24 16:37 . 2009-02-24 16:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-02-24 16:37 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2009-02-24 16:37 . 2008-05-02 02:39 170,512 --a------ c:\windows\system32\kemutb.dll
2009-02-24 16:37 . 2008-05-02 02:39 145,936 --a------ c:\windows\system32\KemUtil.dll
2009-02-24 16:37 . 2008-05-02 02:40 117,264 --a------ c:\windows\system32\KemWnd.dll
2009-02-24 16:37 . 2008-05-02 02:40 84,496 --a------ c:\windows\system32\KemXML.dll
2009-02-24 16:36 . 2009-02-24 16:36 <DIR> d-------- c:\documents and settings\Tom\Application Data\InstallShield
2009-02-24 16:36 . 2009-02-24 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2009-02-24 16:17 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-24 16:17 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-02-24 16:17 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-02-24 16:17 . 2008-04-13 14:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-02-03 23:13 . 2009-02-03 23:13 121,808 --a------ c:\windows\system32\ativvaxx.cap
2009-02-03 21:43 . 2009-02-03 21:43 45,056 --a------ c:\windows\system32\aticalrt.dll
2009-02-03 21:42 . 2009-02-03 21:42 45,056 --a------ c:\windows\system32\aticalcl.dll
2009-02-03 21:40 . 2009-02-03 21:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll
2009-02-03 17:03 . 2009-02-03 17:03 104,328 --a------ c:\windows\system32\drivers\bdfndisf.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 15:48 --------- d-----w c:\program files\BOINC
2009-03-03 15:45 --------- d-----w c:\program files\Steam
2009-03-03 09:12 --------- d-----w c:\program files\Java
2009-03-02 21:08 --------- d-----w c:\program files\Winamp Remote
2009-03-02 04:09 913,453 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-03-01 16:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-01 05:24 --------- d-----w c:\program files\Lavasoft
2009-03-01 05:24 --------- d-----w c:\documents and settings\Tom\Application Data\Lavasoft
2009-02-25 19:44 --------- d-----w c:\program files\Paltalk Messenger
2009-02-25 16:15 --------- d-----w c:\program files\Common Files\Real
2009-02-25 02:25 --------- d-----w c:\program files\RealRhapsody
2009-02-25 01:40 --------- d-----w c:\program files\World of Warcraft
2009-02-25 01:22 --------- d-----w c:\program files\ATI
2009-02-25 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-25 00:20 --------- d-----w c:\program files\ATI Technologies
2009-02-24 22:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2003-12-20 00:36 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2008-12-16 22:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2008-08-31 14:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"Radio365Agent"="c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe" [2008-05-13 884736]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2004-03-10 32768]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Xtreme N Dual Band DWA-160 "="c:\program files\D-Link\DWA-160\AirNCFG.exe" [2008-03-21 1675264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-25 198160]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 136600]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]
c:\documents and settings\Cyndy\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-10-30 2303056]
c:\documents and settings\Tom\Start Menu\Programs\Startup\
dBpowerAMP.lnk.disabled [2004-08-14 728]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2007-11-13 4141056]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-24 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"MSVideo"= ucdvfw.dll
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll
"VIDC.XJPG"= camfc.dll
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RemoteCenter"=c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" -tray
"Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
"AIM"=c:\progra~1\AIM\aim.exe -cnetwait.odl
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"B'sCLiP"=c:\progra~1\B'SCLI~1\Win2K\BSCLIP.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth \\game.dat"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sacred gold\\Sacred.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war demo\\medieval2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\stubbs the zombie\\Stubbs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\painkiller gold edition\\Bin\\Painkiller.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\Tqit.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's railroads demo\\RailRoadsDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\the movies demo\\moviesdemo_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\painkiller gold edition\\Bin\\Editor\\PainEditor.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-06-02 9344]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-19 24652]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-03 104328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\Tom\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\Tom\LOCALS~1\Temp\pfsvgae.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-02-24 560896]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2004-07-24 899980]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2004-06-02 394496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
Notify-avgrsstarter - avgrsstx.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Trusted Zone: aol.com\free
Trusted Zone: msn.com\groups
Trusted Zone: prms.org\www
Trusted Zone: yahoo.com\filetransfer.msg
Trusted Zone: yahoo.com\launch
DPF: Dominoes by pogo - hxxp://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
DPF: Fortune Bingo by pogo - hxxp://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Payday FreeCell by pogo - hxxp://freecell.pogo.com/applet-5.8.4.24/freecell/freecell-ob-assets.cab
DPF: Phlinx by pogo - hxxp://game4.pogo.com/applet-6.0.1.28/flinger/flinger-ob-assets.cab
DPF: SciFi Slots by pogo - hxxp://scifi.pogo.com/applet-6.0.1.28/slots/scifi-ob-assets.cab
DPF: Spades by pogo - hxxp://spades.pogo.com/applet-5.8.4.24/spades/spades-ob-assets.cab
DPF: Sweet Tooth TM by pogo - hxxp://solitaire04.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab
DPF: Tank Hunter by pogo - hxxp://playweb14.pogo.com/applet-6.0.1.28/tank/tank-ob-assets.cab
FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\w1dud3nf.default\
FF - prefs.js: browser.startup.homepage - hxxp://beeradvocate.com/forum/|http://www.good-music-guide.com/community/index.php|http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1033&_lang=EN|http://www.berkshirerecordoutlet.com/|http://www.beeryard.com/|http://www.recipezaar.com/|http://training.fitness.com/|http://www.buzzen.com/chat/find.php?cat=PR|http://192.168.1.1/cgi-bin/webcm?getpage=../html/index_real.html&var:conname=connection0&var:contype=pppoe|http://thenightbreed.guildlaunch.com/forums/index.php?gid=4190|about:blank
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPGWrap.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 10:45:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1176)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2372)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Executive Software\DiskeeperLite\DKService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RioMSC.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Intel\Intel® Active Monitor\imonNT.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Live365\Radio365\Radio365TrayAgent.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\BOINC\boinc.exe
c:\program files\Winamp Remote\bin\Orb.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-03-03 10:59:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-03 15:59:12
Pre-Run: 51,236,401,152 bytes free
Post-Run: 54,077,530,112 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
354 --- E O F --- 2009-03-03 08:01:23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:25 AM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\DWA-160\AirNCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: dBpowerAMP.lnk.disabled
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://groups.msn.com
O15 - Trusted Zone: http://www.prms.org
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/dom...o-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18...o-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.24/f...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flin...r-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.0.1.28/slot...i-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spa...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://solitaire04.pogo.com/applet-5.8.4.1...h-ob-assets.cab
O16 - DPF: Tank Hunter by pogo - http://playweb14.pogo.com/applet-6.0.1.28/...k-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093076439718
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 15082 bytes0 -
Please pack the folder(s) in an archive, protected with the password infected.
Attach the archive in your next post here.(if it's too big, upload it on www.rapidshare.com or other server and leave here the download link).
C:\Qoobox
Did you restart your PC after runnig the other AV product removal tool ?
Download CCleaner and clean up you registry0 -
I've tried uploading .zip and .rar but was told I was not permitted to upload that type of file...?
Incidentally, just tried the PC now, and it's still doing odd redirects and blocking URLs. Any ideas?0 -
Upload the file on www.rapidshare.com or other server and leave here the download link.
0 -
What you have is malware and most antivirus programs cant remove it .
there is a free version of that program it has helped me remove many types of maleware in just a click. Give it a try cant hurt0 -
What you have is malware and most antivirus programs cant remove it .
there is a free version of that program it has helped me remove many types of maleware in just a click. Give it a try cant hurt
Sad to say, in the midst of trying various solutions the items that were quarantined have disappeared. The subsequent scans seem to be picking up random malware, but not the one that's doing the downloading.0 -
Sad to say, in the midst of trying various solutions the items that were quarantined have disappeared. The subsequent scans seem to be picking up random malware, but not the one that's doing the downloading.
Good news and bad news - Bad news is I have another infected machine, the good news is I think I know how it got that way. I tried logging into my credit card account and was presented with a digital certificate whose server did not match the name. The server looked ok so I hit Accept, and got redirected to Google. And now the machine is acting like the previously infected one. Any ideas?0 -
You might want to follow the advices given earler
0