Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Powerantivirus 2009 pop maybe Zob up IE running slow


  • Please log in to reply

#1
maddiane

maddiane

    Member

  • Member
  • PipPip
  • 11 posts
Having pc problems run Spyhunter it says i have something called zob but have to buy it to get rid of it
when i open window in internet explorer 7 i get powerantivirus 2009 popping in instead of webpage looks like its running scan asking me do i want to buy

internet explorer takes ages to open a page was tempted to try firefox




this is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:54, on 07/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe 5.0\IEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1215988091609
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15102/CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 9990 bytes




this is my uninstal list hope i have done all this write

3ivx MPEG-4 5.0.2 (remove only)
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Media Player
Adobe Reader 9
Advanced RAR Password Recovery (remove only)
Advanced WindowsCare 3 Beta
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Xenofex 2.0
BenVista PhotoZoom Pro 2.2.8
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner (remove only)
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20
CleanUp!
C-Media WDM Audio Driver
ConvertXtoDVD 3.0.0.1
Create-Ringtone 4.97
Creative EAX Console
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Driver Magician 3.28
eBay Toolbar
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPSON Web-To-Page
Eye Candy 3
Eye Candy 4000
Fashion Story 1.0
Folder Marker Home v 3.0
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Greeting Card Factory Deluxe 2.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
iColorFolder
IncrediMail Xe
IObit SmartDefrag
Jasc Animation Shop 3
Jasc Animation Shop 3 20041030_07 Help file Patch
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Jasc Paint Shop Pro 9.01 Patch
Jasc Virtual Painter 4
Java™ 6 Update 7
LimeWireTurbo
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MP3 Splitter & Joiner Pro 3.48
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 8
neroxml
NVIDIA Drivers
On-line Help Console
Panda ActiveScan 2.0
Panda Internet Security 2008
Power Retouche Pro
ReGet Deluxe 5.0
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS Mirage Graphics
SiSAGP driver
Sound Blaster Audigy
Spybot - Search & Destroy
System Requirements Lab
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
VCRedistSetup
Video Editor
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Xenofex 1.0
Xvid 1.1.3 final uninstall

Edited by maddiane, 07 August 2008 - 04:52 PM.

  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
maddiane

maddiane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Things have went from bad to worse run microsoft malicious software removal tool this found Trojan:Win32/Vundo.gen!H said it had been partly removed
when i restart my pc nero program files automatically open up
run the combofix turned everything of as you said but pc restarted in the middle and security etc started up with it

after running panda panda said i had this running did i want to bloch so i did
Potentially unwanted program detecte... Antivirus protection 08/08/08 09:51:13 Disinfected Path: c:\windows\psexesvc.exe

ps teenagers have been using pc dont no what they have beeen into

this is my combofix

ComboFix 08-08-07.05 - Diane Paterson 2008-08-08 9:38:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1462 [GMT 1:00]
Running from: C:\Documents and Settings\Diane Paterson\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Diane Paterson\Application Data\inst.exe
C:\WINDOWS\1.bat
C:\WINDOWS\system32\pthreadVC.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.

2008-12-22 05:59 . 2008-12-22 05:59 447,200 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-22 05:59 . 2008-12-22 05:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-22 05:59 . 2008-12-22 05:59 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-22 05:59 . 2008-12-22 05:59 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-22 05:58 . 2008-12-22 05:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll
2008-12-22 05:52 . 2008-12-22 05:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll
2008-08-07 23:28 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-07 23:10 . 2008-08-07 23:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 21:39 . 2008-08-07 21:39 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-07 21:15 . 2008-08-07 21:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 21:15 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 21:15 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-07 13:56 . 2008-08-07 13:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-07 13:56 . 2008-08-07 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-07 13:55 . 2008-08-07 13:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-04 23:41 . 2008-08-04 23:42 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\eBay
2008-08-04 23:41 . 2008-08-08 09:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-04 23:41 . 2008-08-04 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2008-08-04 23:40 . 2008-08-04 23:40 <DIR> d-------- C:\Program Files\eBay
2008-08-03 14:20 . 2008-08-03 14:20 <DIR> d-------- C:\Program Files\Gambana
2008-08-02 18:27 . 2008-08-03 16:38 947 --a------ C:\WINDOWS\ARPR.INI
2008-08-02 18:24 . 2008-08-02 18:24 <DIR> d-------- C:\Program Files\ElcomSoft
2008-08-02 15:38 . 2008-08-02 15:38 244 --ah----- C:\sqmnoopt00.sqm
2008-08-02 15:38 . 2008-08-02 15:38 232 --ah----- C:\sqmdata00.sqm
2008-07-31 19:47 . 2008-07-31 19:47 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\Windows Search
2008-07-31 11:36 . 2008-07-31 11:36 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-31 11:36 . 2008-08-01 19:56 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-31 11:36 . 2008-03-07 18:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-31 11:36 . 2008-03-07 18:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-31 11:36 . 2008-03-07 18:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-25 13:18 . 2008-07-25 18:09 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-25 11:15 . 2008-07-25 11:15 <DIR> d-------- C:\Program Files\uTorrent
2008-07-25 11:15 . 2008-08-06 17:41 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\uTorrent
2008-07-23 21:35 . 2008-07-23 21:35 <DIR> d-------- C:\Program Files\Xilisoft
2008-07-23 21:21 . 2008-07-23 21:21 <DIR> d-------- C:\Program Files\bobyte
2008-07-23 21:18 . 2008-07-23 21:18 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-22 23:03 . 2008-08-07 22:26 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-22 22:42 . 2008-07-22 22:43 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner Pro
2008-07-22 22:00 . 2008-07-22 22:00 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\Nero
2008-07-22 21:56 . 2008-07-22 21:56 <DIR> d-------- C:\Program Files\Nero
2008-07-22 21:56 . 2008-07-22 21:58 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-22 21:56 . 2008-07-22 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-22 14:27 . 2008-07-22 15:00 <DIR> d-------- C:\WINDOWS\Motive
2008-07-22 14:27 . 2008-07-22 14:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-22 14:27 . 2008-07-22 15:00 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-07-22 14:27 . 2008-07-22 14:27 <DIR> d-------- C:\Program Files\CCleaner
2008-07-22 14:27 . 2008-07-22 14:28 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\SUPERAntiSpyware.com
2008-07-22 14:27 . 2008-07-22 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-22 13:57 . 2008-07-22 14:27 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\DNA
2008-07-22 13:23 . 2008-07-22 13:57 <DIR> d-------- C:\Program Files\Motive
2008-07-22 13:23 . 2008-07-22 14:27 <DIR> d-------- C:\Program Files\blueyonder IST
2008-07-22 13:23 . 2001-01-12 16:09 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-07-22 13:23 . 2001-01-12 18:04 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-07-22 13:23 . 2001-01-12 18:04 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-07-22 13:23 . 2001-01-12 18:04 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-07-22 13:23 . 2001-01-12 16:27 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-07-22 13:23 . 2001-01-12 16:10 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-07-21 10:28 . 2008-07-22 14:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-21 10:28 . 2008-08-07 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 09:50 . 2008-07-21 09:50 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-21 09:50 . 2008-07-21 09:50 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\Malwarebytes
2008-07-21 09:50 . 2008-07-21 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 09:14 . 2008-07-01 10:21 288,358,400 --a------ C:\WINDOWS\1.avi
2008-07-21 09:14 . 2008-07-01 11:50 71 --a------ C:\WINDOWS\1.vbs
2008-07-20 19:43 . 2008-07-20 19:43 <DIR> d-------- C:\Program Files\Xenofex 2
2008-07-20 19:34 . 2008-07-20 19:36 296,448 --a------ C:\WINDOWS\Xenofex.ini
2008-07-20 19:33 . 2008-07-20 19:34 <DIR> d-------- C:\Program Files\Photoshop
2008-07-20 18:57 . 2008-07-20 19:45 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\Alien Skin
2008-07-20 18:56 . 2008-07-20 18:56 <DIR> d-------- C:\Program Files\Alien Skin
2008-07-20 18:50 . 1999-09-21 14:19 373,248 --a------ C:\WINDOWS\EyeCand3.INI
2008-07-20 18:38 . 2008-07-20 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Redfield
2008-07-20 18:34 . 2008-07-20 18:34 <DIR> d-------- C:\Program Files\Plug-Ins
2008-07-20 18:29 . 2008-07-20 18:29 <DIR> d-------- C:\Program Files\PhotoZoom Pro 2
2008-07-20 18:09 . 2008-07-20 18:09 <DIR> d-------- C:\Program Files\SuperBladePro
2008-07-20 18:01 . 2004-03-08 17:40 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLX
2008-07-20 18:01 . 2004-03-08 17:40 210,944 --a------ C:\WINDOWS\system32\Msvcrt10.dll
2008-07-20 18:01 . 2004-03-08 17:40 57,344 --a------ C:\WINDOWS\system32\icmfilter.dll
2008-07-20 18:01 . 2004-03-08 17:40 32,768 --a------ C:\WINDOWS\system32\plugin.dll
2008-07-20 13:10 . 2008-07-20 13:10 <DIR> d-------- C:\Program Files\InterMute
2008-07-19 22:28 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-07-19 22:13 . 2008-07-19 22:28 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\IObit
2008-07-17 14:37 . 2008-07-17 14:37 <DIR> d-------- C:\Documents and Settings\Diane Paterson\WINDOWS
2008-07-17 14:37 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-07-17 14:37 . 2002-08-20 14:58 139,264 --a------ C:\WINDOWS\system32\IDEproperty.dll
2008-07-17 14:37 . 2002-10-17 15:14 49,024 --a------ C:\WINDOWS\system32\drivers\sisidex.sys
2008-07-17 14:37 . 2002-08-20 17:19 9,472 --a------ C:\WINDOWS\system32\drivers\sisperf.sys
2008-07-17 14:36 . 2003-03-25 17:50 4,096 --a------ C:\WINDOWS\system32\drivers\siside.sys
2008-07-17 14:29 . 2008-07-17 14:29 <DIR> d-------- C:\Program Files\Driver Magician
2008-07-17 14:29 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\Mscomctl.ocx
2008-07-17 14:29 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-07-17 14:29 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\Msinet.ocx
2008-07-17 14:29 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-07-17 13:57 . 2008-07-17 13:57 <DIR> d-------- C:\Program Files\Create-Ringtone
2008-07-17 00:19 . 2008-07-17 00:19 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-07-17 00:19 . 2008-07-17 00:19 <DIR> d-------- C:\Program Files\3ivx
2008-07-16 23:47 . 2008-07-17 00:44 <DIR> d-------- C:\Program Files\P2P_Energy
2008-07-16 23:47 . 2008-07-17 00:44 <DIR> d-------- C:\Program Files\Conduit
2008-07-16 23:47 . 2008-08-02 16:03 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Shared
2008-07-16 23:47 . 2008-08-02 16:12 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Incomplete
2008-07-16 23:47 . 2008-08-02 16:12 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\LimeWireTurbo
2008-07-16 23:46 . 2008-07-16 23:47 <DIR> d-------- C:\Program Files\LimeWireTurbo
2008-07-16 23:09 . 2008-07-16 23:09 <DIR> d-------- C:\Program Files\Common Files\Nova Development
2008-07-16 23:02 . 2008-07-16 23:02 <DIR> d-------- C:\Program Files\Nova Development
2008-07-16 10:49 . 2008-07-16 10:49 <DIR> d-------- C:\Program Files\Xvid
2008-07-16 10:49 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-16 10:49 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-15 23:09 . 2008-08-06 20:19 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\ReGet Software
2008-07-15 23:08 . 2008-07-15 23:08 <DIR> d-------- C:\Program Files\ReGet Software
2008-07-15 23:08 . 2008-07-15 23:08 <DIR> d-------- C:\Program Files\Common Files\ReGet Shared
2008-07-15 22:10 . 2008-07-15 22:17 <DIR> d-------- C:\Program Files\ChickenInvadersROTYXmas
2008-07-15 22:08 . 2008-08-06 19:39 <DIR> d-------- C:\Documents and Settings\Diane Paterson\Application Data\Vso
2008-07-15 22:08 . 2008-07-15 22:08 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-15 22:08 . 2008-07-15 22:08 47,360 --a------ C:\Documents and Settings\Diane Paterson\Application Data\pcouffin.sys
2008-07-15 22:07 . 2008-07-15 22:07 <DIR> d-------- C:\Program Files\VSO
2008-07-15 22:07 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-15 22:07 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-07-15 22:07 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-07-15 22:07 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-15 22:07 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-15 22:07 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-15 22:07 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-15 13:53 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-15 13:53 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-15 11:59 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-15 11:27 . 2008-07-15 11:27 <DIR> d-------- C:\WINDOWS\system32\scripting

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 08:44 1,184 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-08-08 08:36 306,424 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-07-22 12:23 155,995 ----a-w C:\WINDOWS\java\Packages\413TFJR9.ZIP
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-14 10:54 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-13 18:50 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-29 10:16 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2008-05-16 10:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 -c--a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 -c--a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 -c--a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 -c--a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 -c--a-w C:\WINDOWS\system32\wscript.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-15 23:22 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"Advanced WindowsCare 3"="C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" [2008-07-28 10:43 2075512]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-08 09:45 652528]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 14:51 1870592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58764:TCP"= 58764:TCP:Pando P2P TCP Listening Port
"58764:UDP"= 58764:UDP:Pando P2P UDP Listening Port

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]
R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]
S2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe []
S3 AFGMp50;AFGMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AFGMp50.sys []
S3 AFGSp50;AFGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AFGSp50.sys []
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-04-17 14:51]

2008-08-06 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\ [2008-07-22 15:29]

2008-08-08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A4EC10E3-A8AA-422D-A42F-DB37C24A45B0}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SmartDefrag - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 09:44:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe
.
**************************************************************************
.
Completion time: 2008-08-08 9:50:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-08 08:50:07

Pre-Run: 221,219,926,016 bytes free
Post-Run: 221,159,542,784 bytes free

295 --- E O F --- 2008-07-23 20:18:05



hijack this report



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:23, on 08/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe 5.0\IEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKCU\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1215988091609
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15102/CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 9428 bytes



so sorry about this will make sure things dont go like this in future
  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
No need to apologise, things always go a little off track, we just proceed, by the way I'm sorry for the delay

Your logs look fine. How is the computer behaving
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP