hi
here are the logs that you asked for
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:36, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sky.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - C:\PROGRA~1\orange4\orange4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - C:\PROGRA~1\orange4\orange4.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE4\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -
http://www.sky.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O15 - Trusted Zone:
http://click.getmirar.com (HKLM)
O15 - Trusted Zone:
http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone:
http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone:
http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1150892750343O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun....ows-i586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 8881 bytes
ComboFix 08-06-10.5 - kirk 2008-06-15 11:25:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.155 [GMT 1:00]
Running from: C:\Documents and Settings\kirk\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kirk\Desktop\CFScript .txt
* Created a new restore point
FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start DonorLink System Tray App.lnk
C:\Documents and Settings\kirk\Application Data\internaldb41.dat
C:\Documents and Settings\kirk\Application Data\internaldb6334.dat
C:\Documents and Settings\kirk\Application Data\internaldb8467.dat
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
C:\WINDOWS\MirarDownloader_876260.exe
C:\WINDOWS\system32\{08ef4f7f-8771-4e3b-7542-ea4af967d7d8}.dll-uninst.exe
C:\WINDOWS\system32\{d793e081-9490-c7bf-92bd-534dad6710cf}.dll-uninst.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\Get Films Now.ico
C:\WINDOWS\system32\jRegistryKey.dll
C:\WINDOWS\system32\pinf.sys
C:\WINDOWS\system32\pm_ax.ocx
C:\WINDOWS\system32\pm_dll.dll
C:\WINDOWS\system32\pm_icon.ico
C:\WINDOWS\system32\pm_proc1.exe
C:\WINDOWS\system32\pm_proc2.exe
C:\WINDOWS\system32\pm_setup_util.exe
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\WinDmy.dll
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\ipd
C:\Documents and Settings\All Users\Application Data\ipd\interprom_enabled.ico
C:\Documents and Settings\All Users\Application Data\ipd\ipb.dll
C:\Documents and Settings\All Users\Application Data\ipd\MSVCP71.DLL
C:\Documents and Settings\All Users\Application Data\ipd\MSVCR71.DLL
C:\Documents and Settings\All Users\Application Data\ipd\tray.exe
C:\Documents and Settings\All Users\Application Data\Tarma Installer
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{FE5B4D78-069A-4F1E-B2C9-0BE2D0A53E6E}\_Setup.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{FE5B4D78-069A-4F1E-B2C9-0BE2D0A53E6E}\_Setupx.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{FE5B4D78-069A-4F1E-B2C9-0BE2D0A53E6E}\Setup.dat
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{FE5B4D78-069A-4F1E-B2C9-0BE2D0A53E6E}\Setup.exe
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{FE5B4D78-069A-4F1E-B2C9-0BE2D0A53E6E}\Setup.ico
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start DonorLink System Tray App.lnk
C:\Documents and Settings\chantelle\Application Data\IBPlugin
C:\Documents and Settings\chantelle\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\chantelle\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\kirk\Application Data\IBPlugin
C:\Documents and Settings\kirk\Application Data\IBPlugin\ipbcfg.bin
C:\Documents and Settings\kirk\Application Data\IBPlugin\ipbsite.bin
C:\Documents and Settings\kirk\Application Data\internaldb41.dat
C:\Documents and Settings\kirk\Application Data\internaldb6334.dat
C:\Documents and Settings\kirk\Application Data\internaldb8467.dat
C:\Documents and Settings\kirk\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\kirk\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\LocalService\Application Data\IBPlugin
C:\Program Files\Platte Information Files
C:\Program Files\Platte Information Files\Get Films Now.htm
C:\Program Files\Platte Information Files\Platte Utility.lnk
C:\Program Files\Platte Information Files\pm_viewer.exe
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.ooo
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
C:\WINDOWS\MirarDownloader_876260.exe
C:\WINDOWS\system32\{08ef4f7f-8771-4e3b-7542-ea4af967d7d8}.dll-uninst.exe
C:\WINDOWS\system32\{d793e081-9490-c7bf-92bd-534dad6710cf}.dll-uninst.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\aux3
C:\WINDOWS\system32\Get Films Now.ico
C:\WINDOWS\system32\jRegistryKey.dll
C:\WINDOWS\system32\nIDb
C:\WINDOWS\system32\nIDb\hvpll3.exe
C:\WINDOWS\system32\ore1
C:\WINDOWS\system32\pinf.sys
C:\WINDOWS\system32\pm_ax.ocx
C:\WINDOWS\system32\pm_dll.dll
C:\WINDOWS\system32\pm_icon.ico
C:\WINDOWS\system32\pm_proc1.exe
C:\WINDOWS\system32\pm_proc2.exe
C:\WINDOWS\system32\pm_setup_util.exe
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\vntiho05
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\WinDmy.dll
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-14 11:11 . 2008-06-14 11:11 <DIR> d-------- C:\Documents and Settings\kirk\Application Data\Grisoft
2008-06-14 11:11 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-14 10:52 . 2008-06-14 11:06 <DIR> d-------- C:\Program Files\nbpro
2008-06-14 10:52 . 2008-06-14 10:52 12,499 --a------ C:\WINDOWS\system32\Seagate.bin
2008-06-14 10:45 . 2008-06-14 10:45 <DIR> d-------- C:\ie-spyad
2008-06-13 07:13 . 2008-06-14 07:58 <DIR> d--hs---- C:\742766417
2008-06-11 18:49 . 2008-06-11 18:49 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 18:40 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 18:40 . 2008-04-14 12:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 20:31 . 2008-06-08 20:31 <DIR> d-------- C:\Documents and Settings\chantelle\Application Data\Grisoft
2008-06-08 20:31 . 2008-06-12 16:51 <DIR> d-------- C:\Documents and Settings\chantelle\Application Data\AVG7
2008-06-07 10:55 . 2008-06-15 11:19 321 ---hs---- C:\WINDOWS\system32\742766417.sys
2008-06-03 18:53 . 2008-06-14 08:37 <DIR> dr-h----- C:\$VAULT$.AVG
2008-06-03 18:18 . 2008-06-03 18:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-03 18:18 . 2008-06-15 11:19 <DIR> d-------- C:\Documents and Settings\kirk\Application Data\AVG7
2008-06-03 18:17 . 2008-06-03 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-03 18:17 . 2008-06-03 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-06-03 18:11 . 2008-06-03 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-01 12:22 . 2008-06-02 19:26 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-01 12:00 . 2008-06-01 12:00 <DIR> d-------- C:\Program Files\AVG
2008-06-01 12:00 . 2008-06-01 12:24 <DIR> d-------- C:\Documents and Settings\kirk\Application Data\AVGTOOLBAR
2008-05-30 08:56 . 2008-06-14 10:11 <DIR> d-------- C:\Temp
2008-05-28 12:33 . 2008-05-28 12:33 181 --a------ C:\WINDOWS\wininit.ini
2008-05-21 21:02 . 2008-06-03 18:14 <DIR> d-------- C:\Documents and Settings\kirk\Application Data\LimeWire
2008-05-21 21:01 . 2008-05-21 21:01 <DIR> d-------- C:\WINDOWS\Sun
2008-05-21 21:01 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-21 21:00 . 2008-05-21 21:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-21 20:59 . 2008-06-03 18:40 <DIR> d-------- C:\Program Files\LimeWire
2008-05-21 08:34 . 2008-06-11 18:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 08:34 . 2008-05-21 08:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-21 08:05 . 2008-05-21 08:05 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-20 23:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-20 23:08 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-20 23:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-20 23:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-20 23:08 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-20 22:01 . 2008-04-23 05:16 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-20 22:01 . 2007-04-17 10:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-20 22:01 . 2007-03-08 06:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-20 22:01 . 2008-04-23 05:16 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-20 22:01 . 2008-04-23 05:16 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-20 22:01 . 2008-04-23 05:16 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-20 22:01 . 2008-04-23 05:16 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-20 22:01 . 2008-04-23 05:16 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-20 22:01 . 2008-04-22 08:39 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-20 18:08 . 2008-05-20 18:12 <DIR> d-------- C:\Program Files\McDonaldsFairies
2008-05-20 18:07 . 2008-05-20 18:07 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-18 13:29 . 2008-05-18 13:29 0 --a------ C:\WINDOWS\iPlayer.INI
2008-05-18 13:23 . 2008-05-18 13:23 <DIR> d-------- C:\Program Files\InterActual
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 10:20 --------- d-----w C:\Documents and Settings\kirk\Application Data\OpenOffice.org2
2008-06-12 15:51 --------- d-----w C:\Program Files\lx_cats
2008-06-12 15:51 --------- d-----w C:\Documents and Settings\chantelle\Application Data\OpenOffice.org2
2008-05-21 20:01 --------- d-----w C:\Program Files\Java
2008-05-13 14:14 --------- d-----w C:\Program Files\Sky Broadband
2008-05-13 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\742766417.sys -- Not a PE file.
MD5: 8063fb3156760ad7c89ce0d57abe26b5
---- Directory of C:\742766417 ----
2008-06-14 07:58 8286 ---hs---- C:\742766417\COnBlokoCdGpRiGg.htm
2008-06-13 07:13 8220 --a------ C:\742766417\style.css
2008-06-13 07:13 689 --a------ C:\742766417\images\box_bl.png
2008-06-13 07:13 650 --a------ C:\742766417\images\tab_l.png
2008-06-13 07:13 479 --a------ C:\742766417\images\box_br2.png
2008-06-13 07:13 474 --a------ C:\742766417\images\box_bl2.png
2008-06-13 07:13 472 --a------ C:\742766417\images\box_br.png
2008-06-13 07:13 4554 --a------ C:\742766417\images\postalorder.png
2008-06-13 07:13 4473 --a------ C:\742766417\images\operator4.png
2008-06-13 07:13 3960 --a------ C:\742766417\images\debitcard.png
2008-06-13 07:13 364 --a------ C:\742766417\images\bar_r5.png
2008-06-13 07:13 348 --a------ C:\742766417\images\bar_l2.png
2008-06-13 07:13 343 --a------ C:\742766417\images\tab_r.png
2008-06-13 07:13 310 --a------ C:\742766417\images\bar_r2.png
2008-06-13 07:13 307 --a------ C:\742766417\images\bar_l3.png
2008-06-13 07:13 302 --a------ C:\742766417\images\bar_l5.png
2008-06-13 07:13 2848 --a------ C:\742766417\images\cheque.png
2008-06-13 07:13 2803 --a------ C:\742766417\images\phonebank.png
2008-06-13 07:13 2726 --a------ C:\742766417\images\onlinebank.png
2008-06-13 07:13 265 --a------ C:\742766417\images\bar_r3.png
2008-06-13 07:13 21122 --a------ C:\742766417\images\logo.png
2008-06-13 07:13 1984 --a------ C:\742766417\images\box_tl.png
2008-06-13 07:13 193 --a------ C:\742766417\images\box_ml.png
2008-06-13 07:13 186 --a------ C:\742766417\images\box_ml2.png
2008-06-13 07:13 1758 --a------ C:\742766417\images\box_tl2.png
2008-06-13 07:13 155 --a------ C:\742766417\images\box_mr2.png
2008-06-13 07:13 153 --a------ C:\742766417\images\bar_m3.png
2008-06-13 07:13 153 --a------ C:\742766417\images\bar_m2.png
2008-06-13 07:13 151 --a------ C:\742766417\images\box_mr.png
2008-06-13 07:13 1413 --a------ C:\742766417\images\box_tr2.png
2008-06-13 07:13 139 --a------ C:\742766417\images\question.gif
2008-06-13 07:13 138 --a------ C:\742766417\images\bar_m.png
2008-06-13 07:13 1165 --a------ C:\742766417\images\box_tr.png
((((((((((((((((((((((((((((( snapshot@2008-06-14_10.16.59.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 09:14:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 09:28:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-07-14 22:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_aspnet_isapi.dll
+ 2004-07-14 21:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_CORPerfMonExt.dll
+ 2004-07-14 21:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_fusion.dll
+ 2004-07-14 21:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_mscorjit.dll
+ 2004-07-15 11:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_mscorlib.dll
+ 2003-02-20 16:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_mscorsn.dll
+ 2004-07-14 21:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_mscorsvr.dll
+ 2004-07-14 21:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_mscorwks.dll
+ 2003-02-21 01:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_msvcr71.dll
+ 2004-07-14 21:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW252\_PerfCounter.dll
+ 2004-07-14 22:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_aspnet_isapi.dll
+ 2004-07-14 21:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_CORPerfMonExt.dll
+ 2004-07-14 21:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_fusion.dll
+ 2004-07-14 21:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_mscorjit.dll
+ 2004-07-15 11:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_mscorlib.dll
+ 2003-02-20 16:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_mscorsn.dll
+ 2004-07-14 21:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_mscorsvr.dll
+ 2004-07-14 21:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_mscorwks.dll
+ 2003-02-21 01:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_msvcr71.dll
+ 2004-07-14 21:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3604\_PerfCounter.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard 5.0"="C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" [2005-03-05 09:31 86016]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
"VTTimer"="VTTimer.exe" [2005-03-07 18:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 08:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 23:01 110592]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 11:39 90112 C:\WINDOWS\soundman.exe]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 18:45 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 06:10 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 09:11 290816]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 19:38 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-17 10:36 98304]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 19:41 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-03 18:37 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-06-03 18:17 219136]
C:\Documents and Settings\chantelle\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 11:36:42 61440]
C:\Documents and Settings\kirk\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 11:36:42 61440]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 12:16:30 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 06:10]
S3 FileSpy5;BullGuard File Monitor;C:\Program Files\BullGuard Software\BullGuard 5.0\filespy5.sys [2004-10-29 16:00]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 12:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 12:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 12:38]
S3 Reconn;BullGuard Mail Monitor;C:\Program Files\BullGuard Software\BullGuard 5.0\reconn.sys [2004-09-28 17:50]
S3 USBCamera;DigitalCam Pro Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 10:28]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-15 11:27:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-15 11:28:28
ComboFix-quarantined-files.txt 2008-06-15 10:28:25
ComboFix2.txt 2008-06-14 09:17:16
Pre-Run: 60,465,635,328 bytes free
Post-Run: 60,476,682,240 bytes free
293 --- E O F --- 2008-06-14 16:55:11