Start Time= Tue 15/08/2006 14:19:49.73 Running from: C:\Documents and Settings\Amanda\Desktop QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-15 14:13:50 2580 ( A.... ) "C:\WINDOWS\system32\uaqnloka.exe" 2006-08-15 14:13:44 12308 ( A.... ) "C:\WINDOWS\system32\frhglwgp.exe" 2006-08-15 01:23:44 2580 ( A.... ) "C:\WINDOWS\system32\mfxkmeck.exe" 2006-08-14 22:13:22 2580 ( A.... ) "C:\WINDOWS\system32\xgdmnxgf.exe" 2006-08-14 00:07:10 2580 ( A.... ) "C:\WINDOWS\system32\dixxrxoi.exe" 2006-08-13 21:22:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-08-13 02:35:46 2580 ( A.... ) "C:\WINDOWS\system32\kxgfbyfc.exe" 2006-08-13 01:47:48 ( .D... ) "C:\Program Files\Raven" 2006-08-12 23:22:30 2580 ( A.... ) "C:\WINDOWS\system32\ynapoyrk.exe" 2006-08-12 15:15:06 ( .D... ) "C:\Program Files\Spybot - Search & Destroy" 2006-08-12 15:15:06 ( .D... ) "C:\Program Files\ShortKeys2" 2006-08-12 15:15:06 ( .D... ) "C:\Program Files\Project64 1.6" 2006-08-12 13:51:02 ( .D... ) "C:\Program Files\Hijackthis" 2006-08-12 13:44:58 ( .D... ) "C:\Program Files\Spybot - Search & Destroy(2)" 2006-08-09 20:50:58 ( .D... ) "C:\Documents and Settings\Amanda\Application Data\LimeWire" 2006-08-09 16:35:54 ( .D... ) "C:\Program Files\LimeWire" 2006-08-06 19:46:20 ( .D... ) "C:\Program Files\Eidos Interactive" 2006-07-30 10:25:02 43520 ( A.... ) "C:\WINDOWS\system32\CmdLineExt03.dll" 2006-07-28 21:50:04 ( .D... ) "C:\Documents and Settings\Amanda\Application Data\AdobeUM" 2006-07-28 00:12:12 ( .D... ) "C:\Program Files\MyGlobalSearch" 2006-07-27 23:24:46 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll" 2006-07-26 03:38:50 573492 ( ..... ) "C:\WINDOWS\system32\jkhfg.dll" 2006-07-26 03:28:26 2 ( A.... ) "C:\WINDOWS\system32\wnsintsv.exe" 2006-07-24 17:04:10 ( .D... ) "C:\Documents and Settings\Amanda\Application Data\Symantec" 2006-07-21 18:24:44 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll" 2006-07-17 10:36:24 ( .D... ) "C:\Program Files\OptusNet DSL Internet" 2006-07-17 10:36:10 ( .D... ) "C:\Program Files\Siemens Subscriber Networks" 2006-07-15 01:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll" 2006-07-14 17:09:20 ( .D... ) "C:\Program Files\Messenger Plus! Live" 2006-07-13 23:33:28 8453632 ( A.... ) "C:\WINDOWS\system32\shell32.dll" 2006-07-05 20:55:02 984064 ( A.... ) "C:\WINDOWS\system32\kernel32.dll" 2006-06-29 18:19:52 ( .D... ) "C:\Program Files\LG PC Suite" 2006-06-27 03:37:10 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-06-27 03:37:10 8192 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll" 2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll" 2006-06-14 14:49:54 139264 ( A.... ) "C:\WINDOWS\War3Unin.exe" 2006-05-19 22:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi(3).dll" 2006-05-19 22:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll" 2006-05-19 22:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-15 14:13 2,580 C:\WINDOWS\system32\uaqnloka.exe 2006-08-15 14:13 12,308 C:\WINDOWS\system32\frhglwgp.exe 2006-08-15 01:23 2,580 C:\WINDOWS\system32\mfxkmeck.exe 2006-08-14 22:13 2,580 C:\WINDOWS\system32\xgdmnxgf.exe 2006-08-14 19:40 536,399,872 C:\hiberfil.sys 2006-08-14 00:07 2,580 C:\WINDOWS\system32\dixxrxoi.exe 2006-08-13 02:35 2,580 C:\WINDOWS\system32\kxgfbyfc.exe 2006-08-12 23:22 2,580 C:\WINDOWS\system32\ynapoyrk.exe 2006-07-29 16:09 98,304 C:\WINDOWS\system32\lffax13n.dll 2006-07-29 16:09 159,744 C:\WINDOWS\system32\lfpng13n.dll 2006-07-29 16:09 155,648 C:\WINDOWS\system32\lftif13n.dll 2006-07-29 16:09 1,693,696 C:\WINDOWS\system32\ltclr13n.dll 2006-07-27 17:13 9,728 C:\WINDOWS\system32\rwnh.dll 2006-07-27 17:13 10,752 C:\WINDOWS\system32\smtpapi.dll 2006-07-26 03:38 573,492 C:\WINDOWS\system32\jkhfg.dll 2006-07-26 03:28 2 C:\WINDOWS\system32\wnsintsv.exe 2006-07-17 10:35 49,152 C:\WINDOWS\system32\enclss32.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "EssSpkPhone"="essspk.exe" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize" "BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "Desktop Service Centre"="C:\\Program Files\\OptusNet DSL Internet\\DSC.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Windows Recycler"="wddhuxo.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AAB7A6F191B458AD.job C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Amanda.job C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Witton.job Completion time: Tue 15/08/2006 14:20:19.79 ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt