[adam j]

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

[Advertisements]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.geekstogo.com/forum/perfs-exe-routing-exe-random-sounds-t207639.html

Collect::
C:\WINDOWS\system32\atsxyzd.sys 
C:\WINDOWS\system32\cfexfst.sys 

File::
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GIZCHY5Z\msjdk[1].bin 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RBH1VE5E\p[1].bin 

FOlder::
C:\Program Files\DAP

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. Additonally, ComboFix will generate the following files on your desktop

• A zipped file on your desktop called Submit [Date Time].zip
• And another file named - CF-Submit.htm

6. ComboFix may need to reboot to finish its work. Let it.

7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

8. If CF-Submit.htm is detected, ComboFix will generate this message box:



Clicking OK will cause the machine's browser to load CF-Submit.htm



9. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.

• Click on the file to Select it.
• Submit the file by clicking "OK"

10. Once the file has been submitted, please DELETE both files on your desktop.

11. Post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log (run after ComboFix has finished its work.)

[kahdah]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.geekstogo.com/forum/perfs-exe-routing-exe-random-sounds-t207639.html

Collect::
C:\WINDOWS\system32\atsxyzd.sys 
C:\WINDOWS\system32\cfexfst.sys 

File::
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GIZCHY5Z\msjdk[1].bin 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RBH1VE5E\p[1].bin 

FOlder::
C:\Program Files\DAP

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. Additonally, ComboFix will generate the following files on your desktop

• A zipped file on your desktop called Submit [Date Time].zip
• And another file named - CF-Submit.htm

6. ComboFix may need to reboot to finish its work. Let it.

7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

8. If CF-Submit.htm is detected, ComboFix will generate this message box:



Clicking OK will cause the machine's browser to load CF-Submit.htm



9. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.

• Click on the file to Select it.
• Submit the file by clicking "OK"

10. Once the file has been submitted, please DELETE both files on your desktop.

11. Post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log (run after ComboFix has finished its work.)

[adam j]

combo log -

ComboFix 08-08-09.06 - Adam Jackson 2008-08-10 22:33:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1571 [GMT 1:00]
Running from: C:\Documents and Settings\Adam Jackson\My Documents\My Completed Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adam Jackson\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GIZCHY5Z\msjdk[1].bin
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RBH1VE5E\p[1].bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\DAP
C:\Program Files\DAP\cabex.dll
C:\Program Files\DAP\Cancel.gif
C:\Program Files\DAP\comtest.gif
C:\Program Files\DAP\DAP.exe
C:\Program Files\DAP\dap_premium.gif
C:\Program Files\DAP\DAPBHO.dll
C:\Program Files\DAP\dapextie.htm
C:\Program Files\DAP\dapextie2.htm
C:\Program Files\DAP\DAPFireFox\chrome.manifest
C:\Program Files\DAP\DAPFireFox\chrome\dapff.jar
C:\Program Files\DAP\DAPFireFox\components\.autoreg
C:\Program Files\DAP\DAPFireFox\components\DAPFireFox.dll
C:\Program Files\DAP\DAPFireFox\components\dapservice.js
C:\Program Files\DAP\DAPFireFox\components\IDAPComponent.xpt
C:\Program Files\DAP\DAPFireFox\install.rdf
C:\Program Files\DAP\DAPFireFox\install.xpi
C:\Program Files\DAP\dapie.dll
C:\Program Files\DAP\DAPIEEngine.dll
C:\Program Files\DAP\DAPIEMonitor.dll
C:\Program Files\DAP\dapm_Context_search.dll
C:\Program Files\DAP\dapm_ftp.dll
C:\Program Files\DAP\dapmm.dll
C:\Program Files\DAP\dapns.dll
C:\Program Files\DAP\dapop.dll
C:\Program Files\DAP\DapRemove.exe
C:\Program Files\DAP\dapres.dll
C:\Program Files\DAP\dapres32.dll
C:\Program Files\DAP\dapupd.exe
C:\Program Files\DAP\dapxrpt.exe
C:\Program Files\DAP\dapxrpt.ini
C:\Program Files\DAP\dbghelp.dll
C:\Program Files\DAP\delete_animation.gif
C:\Program Files\DAP\dexthlp.dll
C:\Program Files\DAP\History\Adam Jackson\20080727.dat
C:\Program Files\DAP\History\Adam Jackson\20080803.dat
C:\Program Files\DAP\History\Adam Jackson\20080810.dat
C:\Program Files\DAP\Icons\dapgames.ico
C:\Program Files\DAP\INSTALL.LOG
C:\Program Files\DAP\license.txt
C:\Program Files\DAP\Locales\DAPCHS.lng
C:\Program Files\DAP\Locales\DAPCHT.lng
C:\Program Files\DAP\Locales\DAPDEU.lng
C:\Program Files\DAP\Locales\DAPENU.lng
C:\Program Files\DAP\Locales\DAPESP.lng
C:\Program Files\DAP\Locales\DAPFRA.lng
C:\Program Files\DAP\Locales\DAPITA.lng
C:\Program Files\DAP\Locales\DAPJPN.lng
C:\Program Files\DAP\Locales\DAPM_FTPCHT.lng
C:\Program Files\DAP\Locales\DAPM_FTPDEU.lng
C:\Program Files\DAP\Locales\DAPM_FTPENU.lng
C:\Program Files\DAP\Locales\DAPM_FTPESP.lng
C:\Program Files\DAP\Locales\DAPM_FTPFRA.lng
C:\Program Files\DAP\Locales\DAPM_FTPITA.lng
C:\Program Files\DAP\Locales\DAPM_FTPJPN.lng
C:\Program Files\DAP\Locales\DAPM_FTPNLD.lng
C:\Program Files\DAP\Locales\DAPM_FTPPTB.lng
C:\Program Files\DAP\Locales\DAPM_FTPRUS.lng
C:\Program Files\DAP\Locales\DAPNLD.lng
C:\Program Files\DAP\Locales\DAPPOL.lng
C:\Program Files\DAP\Locales\DAPPTB.lng
C:\Program Files\DAP\Locales\DAPRUS.lng
C:\Program Files\DAP\Log\DAP_REPORT.LOG
C:\Program Files\DAP\Log\DAP_WIZARD.LOG
C:\Program Files\DAP\MCFiles\error.bmp
C:\Program Files\DAP\MCFiles\info.bmp
C:\Program Files\DAP\MCFiles\warning.bmp
C:\Program Files\DAP\MCMgr.dll
C:\Program Files\DAP\mfc42.dll
C:\Program Files\DAP\msvcrt.dll
C:\Program Files\DAP\OK.gif
C:\Program Files\DAP\Privacy Package\CleanerIEMenu.dll
C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll
C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe
C:\Program Files\DAP\Privacy Package\DAPShred.exe
C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe
C:\Program Files\DAP\Privacy Package\shred_animation4.gif
C:\Program Files\DAP\Privacy Package\trace_ani.gif
C:\Program Files\DAP\privacy.txt
C:\Program Files\DAP\progbar.gif
C:\Program Files\DAP\RestartApp.exe
C:\Program Files\DAP\screen.dat
C:\Program Files\DAP\Skins\dap\arrows.bmp
C:\Program Files\DAP\Skins\dap\bms.bmp
C:\Program Files\DAP\Skins\dap\bmstool.bmp
C:\Program Files\DAP\Skins\dap\C-Close.bmp
C:\Program Files\DAP\Skins\dap\C-end.bmp
C:\Program Files\DAP\Skins\dap\C-Max.bmp
C:\Program Files\DAP\Skins\dap\C-Min.bmp
C:\Program Files\DAP\Skins\dap\C-Restore.bmp
C:\Program Files\DAP\Skins\dap\checkbox.bmp
C:\Program Files\DAP\Skins\dap\ComboButton.bmp
C:\Program Files\DAP\Skins\dap\combobuttonextra.bmp
C:\Program Files\DAP\Skins\dap\DAP.uis
C:\Program Files\DAP\Skins\dap\Dialog.bmp
C:\Program Files\DAP\Skins\dap\Explorer.bmp
C:\Program Files\DAP\Skins\dap\F-Bottom.bmp
C:\Program Files\DAP\Skins\dap\F-Left.bmp
C:\Program Files\DAP\Skins\dap\F-Right.bmp
C:\Program Files\DAP\Skins\dap\F-Top.bmp
C:\Program Files\DAP\Skins\dap\grip.bmp
C:\Program Files\DAP\Skins\dap\GroupBox.bmp
C:\Program Files\DAP\Skins\dap\GroupBoxTitle.bmp
C:\Program Files\DAP\Skins\dap\Header.bmp
C:\Program Files\DAP\Skins\dap\hscroll.bmp
C:\Program Files\DAP\Skins\dap\hscroll2.bmp
C:\Program Files\DAP\Skins\dap\mdi-button.bmp
C:\Program Files\DAP\Skins\dap\Mdi.bmp
C:\Program Files\DAP\Skins\dap\Menu-Border.bmp
C:\Program Files\DAP\Skins\dap\MenuBar.bmp
C:\Program Files\DAP\Skins\dap\menuborder.bmp
C:\Program Files\DAP\Skins\dap\menutool.bmp
C:\Program Files\DAP\Skins\dap\ProgressBar.bmp
C:\Program Files\DAP\Skins\dap\radiobutton.bmp
C:\Program Files\DAP\Skins\dap\shade.bmp
C:\Program Files\DAP\Skins\dap\Status.bmp
C:\Program Files\DAP\Skins\dap\SunkenEdge.bmp
C:\Program Files\DAP\Skins\dap\tabborders.bmp
C:\Program Files\DAP\Skins\dap\tabs.bmp
C:\Program Files\DAP\Skins\dap\vscroll.bmp
C:\Program Files\DAP\Skins\dap\vscroll2.bmp
C:\Program Files\DAP\Skins\skins.url
C:\Program Files\DAP\UNWISE.EXE
C:\Program Files\DAP\Updates\UpdateList.xml
C:\Program Files\DAP\v_html.gif
C:\Program Files\DAP\v_i.gif
C:\Program Files\DAP\v_logo.gif
C:\Program Files\DAP\v_noconn.gif
C:\Program Files\DAP\v_notf.gif
C:\Program Files\DAP\v_ok.gif
C:\Program Files\DAP\v_pass.gif
C:\Program Files\DAP\v_unk.gif
C:\Program Files\DAP\v_working.gif
C:\Program Files\DAP\website.url
C:\Program Files\DAP\zlib.dll
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\cfexfst.sys
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GIZCHY5Z\msjdk[1].bin
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RBH1VE5E\p[1].bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS


((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.

2008-08-10 19:54 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 19:54 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 19:50 . 2008-08-10 19:50 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-10 17:58 . 2008-08-10 17:58 <DIR> d-------- C:\_OTMoveIt
2008-08-10 15:41 . 2008-08-10 15:41 <DIR> d-------- C:\Deckard
2008-08-09 12:01 . 2008-04-14 00:16 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
2008-08-09 12:01 . 2008-04-14 00:16 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
2008-08-09 11:59 . 2008-08-09 11:59 <DIR> d-------- C:\Program Files\QuickTime
2008-08-09 11:59 . 2008-04-14 00:16 37,888 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-08-09 11:59 . 2008-04-14 00:16 37,888 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-08-09 01:32 . 2008-08-10 19:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:32 . 2008-08-09 01:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 01:32 . 2008-08-09 01:32 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Malwarebytes
2008-08-09 01:23 . 2008-08-09 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-09 01:23 . 2008-08-09 01:23 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\PrevxCSI
2008-08-09 00:11 . 2008-08-09 00:11 <DIR> d-------- C:\WINDOWS\Sun
2008-08-09 00:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-09 00:10 . 2008-08-09 00:11 <DIR> d-------- C:\Program Files\Java
2008-08-09 00:10 . 2008-08-09 00:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-08 17:13 . 2008-08-08 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-08 13:47 . 2008-08-08 17:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 13:47 . 2008-08-08 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-08 13:47 . 2008-08-08 13:47 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\SUPERAntiSpyware.com
2008-08-08 13:38 . 2008-08-08 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-08 13:37 . 2008-08-08 17:18 <DIR> d-------- C:\Program Files\Panda Security
2008-08-07 13:07 . 2008-08-07 14:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-07 13:07 . 2008-08-07 13:07 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\PC Tools
2008-08-07 13:07 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-07 13:07 . 2008-08-07 13:07 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-07 13:07 . 2008-08-07 13:07 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-07 13:07 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-07 13:07 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-07 12:42 . 2008-08-07 12:42 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-08-06 17:19 . 2008-08-06 17:21 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Anvil Studio
2008-08-06 16:50 . 2008-08-06 16:50 <DIR> d-------- C:\WINDOWS\Digital Ear
2008-08-06 16:37 . 2008-08-06 16:37 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Music Recognition
2008-08-06 16:29 . 2008-08-06 16:34 <DIR> d-------- C:\Program Files\TallStick
2008-08-05 20:57 . 2008-08-05 20:57 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 00:33 . 2008-08-05 01:37 <DIR> d-------- C:\Program Files\Common Files\Labtec
2008-08-05 00:32 . 2008-08-05 00:49 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-08-05 00:31 . 2008-08-05 00:49 <DIR> d-------- C:\Program Files\Labtec
2008-08-05 00:05 . 2008-08-05 00:05 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Locktime
2008-08-05 00:02 . 2008-08-05 00:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-08-04 12:37 . 2008-08-04 13:27 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\DMCache
2008-08-02 18:30 . 2008-08-02 18:30 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-02 18:08 . 2008-08-02 18:08 <DIR> d-------- C:\Program Files\FlashFXP
2008-08-02 18:08 . 2008-08-02 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-08-02 16:28 . 2008-08-02 16:28 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\DivX
2008-08-02 15:42 . 2008-08-02 15:42 <DIR> d-------- C:\Program Files\DivX
2008-08-02 15:40 . 2008-08-09 11:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-02 14:48 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-02 14:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-02 14:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-02 14:30 . 2008-08-08 14:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 14:30 . 2008-08-02 14:30 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-08-02 14:30 . 2008-08-02 14:30 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-08-02 14:30 . 2008-08-02 14:30 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-08-02 12:38 . 2008-08-02 12:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-02 12:38 . 2008-08-02 12:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-02 12:38 . 2008-08-02 12:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-02 12:38 . 2008-08-02 12:38 <DIR> d-------- C:\e2ecaf903c8adc23ced74f
2008-08-01 21:02 . 2008-08-01 21:05 <DIR> d-------- C:\Program Files\Winamp
2008-08-01 21:02 . 2008-08-01 21:08 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Winamp
2008-08-01 20:58 . 2008-08-01 20:58 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Publish Providers
2008-08-01 20:58 . 2008-08-01 20:58 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\NetMedia Providers
2008-08-01 20:56 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-01 20:56 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-08-01 20:56 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-08-01 20:55 . 2008-08-01 20:55 <DIR> d-------- C:\Program Files\Vstplugins
2008-08-01 20:55 . 2008-08-01 20:55 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-08-01 20:55 . 2008-08-01 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-08-01 20:55 . 2008-08-01 21:11 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Sony
2008-08-01 20:54 . 2008-08-02 14:42 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-01 20:54 . 2008-08-02 14:43 <DIR> d-------- C:\Program Files\Sony
2008-08-01 20:46 . 2008-08-01 20:46 <DIR> d-------- C:\Program Files\uTorrent
2008-08-01 20:46 . 2008-08-05 15:13 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\uTorrent
2008-08-01 20:40 . 2008-08-01 20:40 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-08-01 20:38 . 2008-08-01 20:38 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Nero
2008-08-01 20:35 . 2008-08-01 20:35 <DIR> d-------- C:\Program Files\Nero
2008-08-01 20:35 . 2008-08-01 20:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-01 20:35 . 2008-08-01 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-01 19:28 . 2008-08-01 19:28 <DIR> d-------- C:\cabs
2008-08-01 19:16 . 2008-08-01 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-01 18:44 . 2008-08-01 18:44 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-08-01 18:35 . 2008-08-01 18:35 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-08-01 18:28 . 2008-08-02 18:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:28 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-01 18:21 . 2008-08-01 18:35 <DIR> d-------- C:\Program Files\sisagp
2008-08-01 18:03 . 2008-08-01 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 17:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-01 17:51 --------- d-----w C:\Program Files\Windows Live
2008-08-01 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-01 16:49 --------- d-----w C:\Program Files\Realtek AC97
2008-08-01 16:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-01 16:40 --------- d-----w C:\Program Files\Google
2008-08-01 16:28 --------- d-----w C:\Program Files\Driver-Soft
2008-08-01 16:00 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-01 15:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-10_18.49.29.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-08 17:10:12 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-10 17:58:10 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-08 17:10:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-10 17:58:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-08 17:10:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 17:58:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 17:58:12 187,392 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RE823LSE\p[1].bin
- 2008-08-10 16:57:15 66,396 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-10 17:51:08 66,396 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-10 16:57:15 410,434 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-10 17:51:08 410,434 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 17:53 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-01 19:16 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 10:42 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [2008-03-20 18:58 53248 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:42 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-08-01 18:35:47 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=

S2 msbrnd;Microsoft Network Device Manage Service;C:\WINDOWS\system32\msbrn.exe [2008-04-14 10:42]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DownloadAccelerator - C:\Program Files\DAP\DAP.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 22:38:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-10 22:41:43 - machine was rebooted [Adam Jackson]
ComboFix-quarantined-files.txt 2008-08-10 21:41:39
ComboFix2.txt 2008-08-10 17:49:54

Pre-Run: 53,237,030,912 bytes free
Post-Run: 53,445,066,752 bytes free

343 --- E O F --- 2008-08-05 19:57:15

hijack log -

Deckard's System Scanner v20071014.68
Run by Adam Jackson on 2008-08-10 22:43:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-10 22:44:03
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Adam Jackson\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1217611683859
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Network Device Manage Service (msbrnd) - Unknown owner - C:\WINDOWS\system32\msbrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


--
End of file - 5994 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 22:16:29 260272 --a------ C:\cmldr
2008-08-10 22:16:26 0 d-------- C:\cmdcons
2008-08-10 19:50:16 0 d--h----- C:\WINDOWS\PIF
2008-08-10 18:42:56 68096 --a------ C:\WINDOWS\zip.exe
2008-08-10 18:42:56 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-10 18:42:56 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-10 18:42:56 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-10 18:42:56 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-10 18:42:56 98816 --a------ C:\WINDOWS\sed.exe
2008-08-10 18:42:56 80412 --a------ C:\WINDOWS\grep.exe
2008-08-10 18:42:56 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-09 11:59:53 0 d-------- C:\Program Files\QuickTime
2008-08-09 01:32:05 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Malwarebytes
2008-08-09 01:32:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 01:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-09 01:23:25 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\PrevxCSI
2008-08-09 00:11:48 0 d-------- C:\WINDOWS\Sun
2008-08-09 00:11:47 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Sun
2008-08-09 00:10:33 0 d-------- C:\Program Files\Java
2008-08-09 00:10:22 0 d-------- C:\Program Files\Common Files\Java
2008-08-08 17:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-08 13:47:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-08 13:47:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 13:47:16 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\SUPERAntiSpyware.com
2008-08-08 13:38:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-08 13:37:07 0 d-------- C:\Program Files\Panda Security
2008-08-07 13:07:14 0 d-------- C:\Program Files\Spyware Doctor
2008-08-07 13:07:14 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\PC Tools
2008-08-07 12:42:58 0 d---s---- C:\Documents and Settings\LocalService\UserData
2008-08-06 17:19:09 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Anvil Studio
2008-08-06 16:50:16 0 d-------- C:\WINDOWS\Digital Ear
2008-08-06 16:42:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-06 16:42:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-06 16:37:25 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Music Recognition
2008-08-06 16:29:24 0 d-------- C:\Program Files\TallStick
2008-08-05 20:57:12 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 00:33:30 0 d-------- C:\Program Files\Common Files\Labtec
2008-08-05 00:32:57 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-08-05 00:31:59 0 d-------- C:\Program Files\Labtec
2008-08-05 00:05:33 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Locktime
2008-08-05 00:02:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-08-04 12:37:58 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\DMCache
2008-08-02 18:30:17 0 d-------- C:\Program Files\MSXML 4.0
2008-08-02 18:08:15 0 d-------- C:\Program Files\FlashFXP
2008-08-02 18:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-08-02 16:28:36 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\DivX
2008-08-02 15:42:09 0 d-------- C:\Program Files\DivX
2008-08-02 14:30:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 14:30:22 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-08-02 12:38:58 0 d-------- C:\Program Files\Windows Media Connect 2
2008-08-02 12:38:03 0 d-------- C:\e2ecaf903c8adc23ced74f
2008-08-02 12:38:00 0 d-------- C:\WINDOWS\system32\LogFiles
2008-08-02 12:38:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-01 21:02:39 0 d-------- C:\Program Files\Winamp
2008-08-01 21:02:39 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Winamp
2008-08-01 20:58:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Publish Providers
2008-08-01 20:58:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\NetMedia Providers
2008-08-01 20:56:01 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-08-01 20:55:53 0 d-------- C:\Program Files\Microsoft SQL Server
2008-08-01 20:55:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Sony
2008-08-01 20:55:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-08-01 20:55:00 0 d-------- C:\Program Files\Vstplugins
2008-08-01 20:54:49 0 d-------- C:\Program Files\Sony
2008-08-01 20:54:16 0 d-------- C:\Program Files\Sony Setup
2008-08-01 20:46:56 0 d-------- C:\Program Files\uTorrent
2008-08-01 20:46:49 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\uTorrent
2008-08-01 20:40:32 0 d-------- C:\Program Files\NeroInstall.bak
2008-08-01 20:38:18 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Nero
2008-08-01 20:35:43 0 d-------- C:\Program Files\Nero
2008-08-01 20:35:43 0 d-------- C:\Program Files\Common Files\Nero
2008-08-01 20:35:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-01 20:33:39 0 d-------- C:\WINDOWS\RegisteredPackages
2008-08-01 19:28:45 0 d-------- C:\cabs
2008-08-01 19:16:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-01 18:44:27 0 d-------- C:\Program Files\Messenger Plus! Live
2008-08-01 18:35:48 110592 -----n--- C:\WINDOWS\system32\TVMode.dll <Not Verified; Silicon Integrated Systems Corporation; TVModeLib Dynamic Link Library>
2008-08-01 18:35:48 65536 -----n--- C:\WINDOWS\system32\SiSHook.dll <Not Verified; Silicon Integrated Systems Corporation; SiSHook Dynamic Link Library>
2008-08-01 18:35:48 135168 -----n--- C:\WINDOWS\system32\SiSApCom.dll <Not Verified; Silicon Integrated Systems Corporation; SiSApCom Dynamic Link Library>
2008-08-01 18:35:48 0 d-------- C:\WINDOWS\SIS
2008-08-01 18:35:47 262144 --a------ C:\WINDOWS\system32\sistray.exe <Not Verified; Silicon Integrated Systems Corporation; SiS ® Compatible Super VGA SiSTray application>
2008-08-01 18:35:46 53248 --a------ C:\WINDOWS\system32\SiSPower.dll <Not Verified; Silicon Integrated Systems Corporation; SiS ® Power Scheme Library>
2008-08-01 18:35:46 208896 --a------ C:\WINDOWS\Progress.exe <Not Verified; ; Progress Application>
2008-08-01 18:35:46 49152 --a------ C:\WINDOWS\InstFunc.exe
2008-08-01 18:35:46 12288 --a------ C:\WINDOWS\InstFunc.dll <Not Verified; Silicon Integrated Systems Corporation; SiS ® VGA Install Function Dynamic Link Library>
2008-08-01 18:35:42 0 d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-08-01 18:29:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-01 18:28:50 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-01 18:28:48 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:21:36 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-01 18:21:27 0 d-------- C:\Program Files\sisagp
2008-08-01 18:03:53 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-08-01 17:49:53 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-08-01 17:49:23 0 d-------- C:\Program Files\Realtek AC97
2008-08-01 17:49:22 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-08-01 17:49:11 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-01 17:42:55 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Macromedia
2008-08-01 17:42:55 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Adobe
2008-08-01 17:29:42 0 d--hs---- C:\WINDOWS\Installer
2008-08-01 17:29:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-08-01 17:29:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-08-01 17:29:35 0 dr------- C:\Program Files
2008-08-01 17:29:35 0 d-------- C:\Program Files\Common Files
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-08-01 17:28:55 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-08-01 17:28:55 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-08-01 17:28:55 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\All Users\Documents
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-08-01 17:28:44 0 d-------- C:\Program Files\Driver-Soft
2008-08-01 17:28:34 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-01 17:28:34 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-01 17:28:29 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-08-01 17:28:29 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-08-01 17:28:28 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-08-01 17:28:28 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-01 17:27:43 0 d-------- C:\Documents and Settings
2008-08-01 17:27:42 0 d--hs---- C:\System Volume Information
2008-08-01 17:26:35 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\WinRAR
2008-08-01 17:20:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 17:17:15 0 d-------- C:\WINDOWS
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\WinSxS
2008-08-01 17:17:15 0 dr------- C:\WINDOWS\Web
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\twain_32
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\wins
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\wbem
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\usmt
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\spool
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\Setup
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\scripting
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ras
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\oobe
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\npp
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\mui
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\IME
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ias
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\export
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\en
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-01 17:17:15 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\config
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\3076
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\2052
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1054
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1042
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1041
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1037
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1033
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1031
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1028
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1025
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\security
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Resources
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\repair
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Provisioning
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\PeerNet
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\pchealth
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Network Diagnostic
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\mui
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\msapps
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\msagent
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Media
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\L2Schemas
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\java
2008-08-01 17:17:15 0 d--h----- C:\WINDOWS\inf
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\ime
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Help
2008-08-01 17:17:15 0 dr--s---- C:\WINDOWS\Fonts
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Driver Cache
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Debug
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Cursors
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Config
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\AppPatch
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\addins
2008-08-01 17:01:03 0 d-------- C:\Documents and Settings\Adam Jackson\Contacts
2008-08-01 17:01:02 0 d-------- C:\Program Files\Windows Live Toolbar
2008-08-01 17:00:40 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-01 16:59:25 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 16:59:22 0 d-------- C:\Program Files\Windows Live
2008-08-01 16:59:15 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-01 16:57:05 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Google
2008-08-01 16:57:03 0 d-------- C:\Program Files\Google
2008-08-01 16:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-08-01 16:53:50 0 d---s---- C:\Documents and Settings\Adam Jackson\UserData
2008-08-01 16:52:53 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Identities
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\Templates
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\Start Menu
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\SendTo
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\Recent
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\PrintHood
2008-08-01 16:52:46 2359296 --ah----- C:\Documents and Settings\Adam Jackson\NTUSER.DAT
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\NetHood
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\My Documents
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\Local Settings
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\Favorites
2008-08-01 16:52:46 0 d-------- C:\Documents and Settings\Adam Jackson\Desktop
2008-08-01 16:52:46 0 d---s---- C:\Documents and Settings\Adam Jackson\Cookies
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\Application Data
2008-08-01 16:51:34 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-01 16:50:52 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-01 16:50:39 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-01 16:50:39 0 d-------- C:\WINDOWS\Prefetch
2008-08-01 16:50:38 249856 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-08-01 16:50:38 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-08-01 16:50:38 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-08-01 16:50:38 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-08-01 16:50:38 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-08-01 16:50:18 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-08-01 16:50:18 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-08-01 16:50:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-08-01 16:50:18 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-08-01 16:50:17 249856 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-01 16:45:34 0 d-------- C:\WINDOWS\system32\xircom
2008-08-01 16:45:34 0 d-------- C:\Program Files\microsoft frontpage
2008-08-01 16:45:30 249856 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-08-01 16:45:23 0 -rahs---- C:\MSDOS.SYS
2008-08-01 16:45:23 0 -rahs---- C:\IO.SYS
2008-08-01 16:45:23 0 --a------ C:\CONFIG.SYS
2008-08-01 16:45:23 0 --a------ C:\AUTOEXEC.BAT
2008-08-01 16:43:49 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-08-01 16:43:31 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-01 16:43:31 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-01 16:43:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-01 16:42:41 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-01 16:42:17 0 d---s---- C:\WINDOWS\Tasks
2008-08-01 16:42:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-08-01 16:42:11 0 d-------- C:\WINDOWS\srchasst
2008-08-01 16:42:10 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-01 16:41:58 0 d-------- C:\Program Files\Movie Maker
2008-08-01 16:41:30 0 d-------- C:\WINDOWS\system32\Restore
2008-08-01 16:41:05 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-01 16:40:49 0 d-------- C:\WINDOWS\Registration
2008-08-01 16:39:59 0 d-------- C:\Program Files\Online Services
2008-08-01 16:39:47 0 d-------- C:\Program Files\Messenger
2008-08-01 16:39:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-01 16:38:49 0 d-------- C:\Program Files\Windows NT
2008-08-01 16:38:43 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-01 16:38:40 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-08-01 17:28:55 62 --ahs---- C:\Documents and Settings\Adam Jackson\Application Data\desktop.ini
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthentica

[kahdah]

Do you know what this file is from? > Microsoft Network Device Manage Service;C:\WINDOWS\system32\msbrn.exe

[adam j]

ive not a clue i dont know what it is!

[kahdah]

We will nuke it as there is little to no info on it and it does not look legit.

• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  Microsoft Network Device Manage Service <delete service>
  C:\WINDOWS\system32\msbrn.exe

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=============
Post that log and one more dss log and let me know how things are running?

[adam j]

to be honest there was never any performance issues ect.. with my computer when ihad the suspected virus i would just randomly get the noises playing a few times a day!

heres the logs

OT log

Service not present: Microsoft Network Device Manage Service.
File move failed. C:\WINDOWS\system32\msbrn.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08102008_225900

Files moved on Reboot...
C:\WINDOWS\system32\msbrn.exe moved successfully.

DSS Log -

Deckard's System Scanner v20071014.68
Run by Adam Jackson on 2008-08-10 23:02:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-10 23:02:41
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Adam Jackson\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1217611683859
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Network Device Manage Service (msbrnd) - Unknown owner - C:\WINDOWS\system32\msbrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


--
End of file - 6531 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 22:16:29 260272 --a------ C:\cmldr
2008-08-10 22:16:26 0 d-------- C:\cmdcons
2008-08-10 19:50:16 0 d--h----- C:\WINDOWS\PIF
2008-08-10 18:42:56 68096 --a------ C:\WINDOWS\zip.exe
2008-08-10 18:42:56 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-10 18:42:56 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-10 18:42:56 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-10 18:42:56 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-10 18:42:56 98816 --a------ C:\WINDOWS\sed.exe
2008-08-10 18:42:56 80412 --a------ C:\WINDOWS\grep.exe
2008-08-10 18:42:56 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-09 11:59:53 0 d-------- C:\Program Files\QuickTime
2008-08-09 01:32:05 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Malwarebytes
2008-08-09 01:32:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 01:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-09 01:23:25 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\PrevxCSI
2008-08-09 00:11:48 0 d-------- C:\WINDOWS\Sun
2008-08-09 00:11:47 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Sun
2008-08-09 00:10:33 0 d-------- C:\Program Files\Java
2008-08-09 00:10:22 0 d-------- C:\Program Files\Common Files\Java
2008-08-08 17:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-08 13:47:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-08 13:47:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 13:47:16 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\SUPERAntiSpyware.com
2008-08-08 13:38:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-08 13:37:07 0 d-------- C:\Program Files\Panda Security
2008-08-07 13:07:14 0 d-------- C:\Program Files\Spyware Doctor
2008-08-07 13:07:14 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\PC Tools
2008-08-07 12:42:58 0 d---s---- C:\Documents and Settings\LocalService\UserData
2008-08-06 17:19:09 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Anvil Studio
2008-08-06 16:50:16 0 d-------- C:\WINDOWS\Digital Ear
2008-08-06 16:42:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-06 16:42:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-06 16:37:25 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Music Recognition
2008-08-06 16:29:24 0 d-------- C:\Program Files\TallStick
2008-08-05 20:57:12 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 00:33:30 0 d-------- C:\Program Files\Common Files\Labtec
2008-08-05 00:32:57 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-08-05 00:31:59 0 d-------- C:\Program Files\Labtec
2008-08-05 00:05:33 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Locktime
2008-08-05 00:02:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-08-04 12:37:58 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\DMCache
2008-08-02 18:30:17 0 d-------- C:\Program Files\MSXML 4.0
2008-08-02 18:08:15 0 d-------- C:\Program Files\FlashFXP
2008-08-02 18:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-08-02 16:28:36 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\DivX
2008-08-02 15:42:09 0 d-------- C:\Program Files\DivX
2008-08-02 14:30:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 14:30:22 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-08-02 12:38:58 0 d-------- C:\Program Files\Windows Media Connect 2
2008-08-02 12:38:03 0 d-------- C:\e2ecaf903c8adc23ced74f
2008-08-02 12:38:00 0 d-------- C:\WINDOWS\system32\LogFiles
2008-08-02 12:38:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-01 21:02:39 0 d-------- C:\Program Files\Winamp
2008-08-01 21:02:39 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Winamp
2008-08-01 20:58:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Publish Providers
2008-08-01 20:58:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\NetMedia Providers
2008-08-01 20:56:01 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-08-01 20:55:53 0 d-------- C:\Program Files\Microsoft SQL Server
2008-08-01 20:55:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Sony
2008-08-01 20:55:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-08-01 20:55:00 0 d-------- C:\Program Files\Vstplugins
2008-08-01 20:54:49 0 d-------- C:\Program Files\Sony
2008-08-01 20:54:16 0 d-------- C:\Program Files\Sony Setup
2008-08-01 20:46:56 0 d-------- C:\Program Files\uTorrent
2008-08-01 20:46:49 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\uTorrent
2008-08-01 20:40:32 0 d-------- C:\Program Files\NeroInstall.bak
2008-08-01 20:38:18 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Nero
2008-08-01 20:35:43 0 d-------- C:\Program Files\Nero
2008-08-01 20:35:43 0 d-------- C:\Program Files\Common Files\Nero
2008-08-01 20:35:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-01 20:33:39 0 d-------- C:\WINDOWS\RegisteredPackages
2008-08-01 19:28:45 0 d-------- C:\cabs
2008-08-01 19:16:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-01 18:44:27 0 d-------- C:\Program Files\Messenger Plus! Live
2008-08-01 18:35:48 110592 -----n--- C:\WINDOWS\system32\TVMode.dll <Not Verified; Silicon Integrated Systems Corporation; TVModeLib Dynamic Link Library>
2008-08-01 18:35:48 65536 -----n--- C:\WINDOWS\system32\SiSHook.dll <Not Verified; Silicon Integrated Systems Corporation; SiSHook Dynamic Link Library>
2008-08-01 18:35:48 135168 -----n--- C:\WINDOWS\system32\SiSApCom.dll <Not Verified; Silicon Integrated Systems Corporation; SiSApCom Dynamic Link Library>
2008-08-01 18:35:48 0 d-------- C:\WINDOWS\SIS
2008-08-01 18:35:47 262144 --a------ C:\WINDOWS\system32\sistray.exe <Not Verified; Silicon Integrated Systems Corporation; SiS ® Compatible Super VGA SiSTray application>
2008-08-01 18:35:46 53248 --a------ C:\WINDOWS\system32\SiSPower.dll <Not Verified; Silicon Integrated Systems Corporation; SiS ® Power Scheme Library>
2008-08-01 18:35:46 208896 --a------ C:\WINDOWS\Progress.exe <Not Verified; ; Progress Application>
2008-08-01 18:35:46 49152 --a------ C:\WINDOWS\InstFunc.exe
2008-08-01 18:35:46 12288 --a------ C:\WINDOWS\InstFunc.dll <Not Verified; Silicon Integrated Systems Corporation; SiS ® VGA Install Function Dynamic Link Library>
2008-08-01 18:35:42 0 d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-08-01 18:29:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-01 18:28:50 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-01 18:28:48 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:21:36 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-01 18:21:27 0 d-------- C:\Program Files\sisagp
2008-08-01 18:03:53 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-08-01 17:49:53 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-08-01 17:49:23 0 d-------- C:\Program Files\Realtek AC97
2008-08-01 17:49:22 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-08-01 17:49:11 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-01 17:42:55 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Macromedia
2008-08-01 17:42:55 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Adobe
2008-08-01 17:29:42 0 d--hs---- C:\WINDOWS\Installer
2008-08-01 17:29:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-08-01 17:29:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-08-01 17:29:35 0 dr------- C:\Program Files
2008-08-01 17:29:35 0 d-------- C:\Program Files\Common Files
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-08-01 17:28:55 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-08-01 17:28:55 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-08-01 17:28:55 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\All Users\Documents
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-08-01 17:28:44 0 d-------- C:\Program Files\Driver-Soft
2008-08-01 17:28:34 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-01 17:28:34 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-01 17:28:29 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-08-01 17:28:29 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-08-01 17:28:28 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-08-01 17:28:28 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-01 17:27:43 0 d-------- C:\Documents and Settings
2008-08-01 17:27:42 0 d--hs---- C:\System Volume Information
2008-08-01 17:26:35 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\WinRAR
2008-08-01 17:20:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 17:17:15 0 d-------- C:\WINDOWS
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\WinSxS
2008-08-01 17:17:15 0 dr------- C:\WINDOWS\Web
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\twain_32
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\wins
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\wbem
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\usmt
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\spool
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\Setup
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\scripting
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ras
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\oobe
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\npp
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\mui
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\IME
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ias
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\export
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\en
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-01 17:17:15 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\config
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\3076
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\2052
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1054
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1042
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1041
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1037
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1033
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1031
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1028
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1025
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\security
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Resources
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\repair
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Provisioning
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\PeerNet
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\pchealth
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Network Diagnostic
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\mui
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\msapps
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\msagent
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Media
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\L2Schemas
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\java
2008-08-01 17:17:15 0 d--h----- C:\WINDOWS\inf
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\ime
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Help
2008-08-01 17:17:15 0 dr--s---- C:\WINDOWS\Fonts
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Driver Cache
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Debug
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Cursors
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Config
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\AppPatch
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\addins
2008-08-01 17:01:03 0 d-------- C:\Documents and Settings\Adam Jackson\Contacts
2008-08-01 17:01:02 0 d-------- C:\Program Files\Windows Live Toolbar
2008-08-01 17:00:40 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-01 16:59:25 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 16:59:22 0 d-------- C:\Program Files\Windows Live
2008-08-01 16:59:15 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-01 16:57:05 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Google
2008-08-01 16:57:03 0 d-------- C:\Program Files\Google
2008-08-01 16:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-08-01 16:53:50 0 d---s---- C:\Documents and Settings\Adam Jackson\UserData
2008-08-01 16:52:53 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Identities
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\Templates
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\Start Menu
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\SendTo
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\Recent
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\PrintHood
2008-08-01 16:52:46 2359296 --ah----- C:\Documents and Settings\Adam Jackson\NTUSER.DAT
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\NetHood
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\My Documents
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\Local Settings
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\Favorites
2008-08-01 16:52:46 0 d-------- C:\Documents and Settings\Adam Jackson\Desktop
2008-08-01 16:52:46 0 d---s---- C:\Documents and Settings\Adam Jackson\Cookies
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\Application Data
2008-08-01 16:51:34 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-01 16:50:52 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-01 16:50:39 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-01 16:50:39 0 d-------- C:\WINDOWS\Prefetch
2008-08-01 16:50:38 249856 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-08-01 16:50:38 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-08-01 16:50:38 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-08-01 16:50:38 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-08-01 16:50:38 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-08-01 16:50:18 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-08-01 16:50:18 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-08-01 16:50:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-08-01 16:50:18 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-08-01 16:50:17 249856 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-01 16:45:34 0 d-------- C:\WINDOWS\system32\xircom
2008-08-01 16:45:34 0 d-------- C:\Program Files\microsoft frontpage
2008-08-01 16:45:30 249856 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-08-01 16:45:23 0 -rahs---- C:\MSDOS.SYS
2008-08-01 16:45:23 0 -rahs---- C:\IO.SYS
2008-08-01 16:45:23 0 --a------ C:\CONFIG.SYS
2008-08-01 16:45:23 0 --a------ C:\AUTOEXEC.BAT
2008-08-01 16:43:49 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-08-01 16:43:31 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-01 16:43:31 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-01 16:43:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-01 16:42:41 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-01 16:42:17 0 d---s---- C:\WINDOWS\Tasks
2008-08-01 16:42:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-08-01 16:42:11 0 d-------- C:\WINDOWS\srchasst
2008-08-01 16:42:10 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-01 16:41:58 0 d-------- C:\Program Files\Movie Maker
2008-08-01 16:41:30 0 d-------- C:\WINDOWS\system32\Restore
2008-08-01 16:41:05 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-01 16:40:49 0 d-------- C:\WINDOWS\Registration
2008-08-01 16:39:59 0 d-------- C:\Program Files\Online Services
2008-08-01 16:39:47 0 d-------- C:\Program Files\Messenger
2008-08-01 16:39:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-01 16:38:49 0 d-------- C:\Program Files\Windows NT
2008-08-01 16:38:43 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-01 16:38:40 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-08-01 17:28:55 62 --ahs---- C:\Documents and Settings\Adam Jackson\Application Data\desktop.ini
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 10:42 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [20/03/2008 18:58 C:\WINDOWS\system32\SiSPower.dll]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [28/02/2008 09:59]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 16:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2008 17:53]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [01/08/2008 19:16]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [28/02/2008 17:07]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [01/08/2008 18:35:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-10 23:03:23 ------------

[kahdah]

1. Please open Notepad

• Click Start , then Run
• type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

Driver::
perfmons
msbrnd
Rootkit::
C:\WINDOWS\system32\msbrn.exe
C:\WINDOWS\system32\perfs.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[img]


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[adam j]

combo -

ComboFix 08-08-09.06 - Adam Jackson 2008-08-10 23:12:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1694 [GMT 1:00]
Running from: C:\Documents and Settings\Adam Jackson\My Documents\My Completed Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adam Jackson\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\msbrn.exe
C:\WINDOWS\system32\perfs.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSBRND
-------\Legacy_PERFMONS
-------\Service_msbrnd
-------\Service_perfmons
-------\Service_perfs


((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.

2008-08-10 19:54 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 19:54 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 19:50 . 2008-08-10 19:50 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-10 17:58 . 2008-08-10 17:58 <DIR> d-------- C:\_OTMoveIt
2008-08-10 15:41 . 2008-08-10 15:41 <DIR> d-------- C:\Deckard
2008-08-09 12:01 . 2008-04-14 00:16 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
2008-08-09 12:01 . 2008-04-14 00:16 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
2008-08-09 11:59 . 2008-08-09 11:59 <DIR> d-------- C:\Program Files\QuickTime
2008-08-09 11:59 . 2008-04-14 00:16 37,888 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-08-09 11:59 . 2008-04-14 00:16 37,888 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-08-09 01:32 . 2008-08-10 19:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:32 . 2008-08-09 01:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 01:32 . 2008-08-09 01:32 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Malwarebytes
2008-08-09 01:23 . 2008-08-09 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-09 01:23 . 2008-08-09 01:23 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\PrevxCSI
2008-08-09 00:11 . 2008-08-09 00:11 <DIR> d-------- C:\WINDOWS\Sun
2008-08-09 00:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-09 00:10 . 2008-08-09 00:11 <DIR> d-------- C:\Program Files\Java
2008-08-09 00:10 . 2008-08-09 00:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-08 17:13 . 2008-08-08 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-08 13:47 . 2008-08-08 17:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 13:47 . 2008-08-08 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-08 13:47 . 2008-08-08 13:47 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\SUPERAntiSpyware.com
2008-08-08 13:38 . 2008-08-08 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-08 13:37 . 2008-08-08 17:18 <DIR> d-------- C:\Program Files\Panda Security
2008-08-07 13:07 . 2008-08-07 14:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-07 13:07 . 2008-08-07 13:07 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\PC Tools
2008-08-07 13:07 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-07 13:07 . 2008-08-07 13:07 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-07 13:07 . 2008-08-07 13:07 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-07 13:07 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-07 13:07 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-07 12:42 . 2008-08-07 12:42 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-08-06 17:19 . 2008-08-06 17:21 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Anvil Studio
2008-08-06 16:50 . 2008-08-06 16:50 <DIR> d-------- C:\WINDOWS\Digital Ear
2008-08-06 16:37 . 2008-08-06 16:37 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Music Recognition
2008-08-06 16:29 . 2008-08-06 16:34 <DIR> d-------- C:\Program Files\TallStick
2008-08-05 20:57 . 2008-08-05 20:57 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 00:33 . 2008-08-05 01:37 <DIR> d-------- C:\Program Files\Common Files\Labtec
2008-08-05 00:32 . 2008-08-05 00:49 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-08-05 00:31 . 2008-08-05 00:49 <DIR> d-------- C:\Program Files\Labtec
2008-08-05 00:05 . 2008-08-05 00:05 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Locktime
2008-08-05 00:02 . 2008-08-05 00:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-08-04 12:37 . 2008-08-04 13:27 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\DMCache
2008-08-02 18:30 . 2008-08-02 18:30 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-02 18:08 . 2008-08-02 18:08 <DIR> d-------- C:\Program Files\FlashFXP
2008-08-02 18:08 . 2008-08-02 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-08-02 16:28 . 2008-08-02 16:28 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\DivX
2008-08-02 15:42 . 2008-08-02 15:42 <DIR> d-------- C:\Program Files\DivX
2008-08-02 15:40 . 2008-08-09 11:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-02 14:48 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-02 14:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-02 14:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-02 14:30 . 2008-08-08 14:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 14:30 . 2008-08-02 14:30 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-08-02 14:30 . 2008-08-02 14:30 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-08-02 14:30 . 2008-08-02 14:30 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-08-02 12:38 . 2008-08-02 12:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-02 12:38 . 2008-08-02 12:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-02 12:38 . 2008-08-02 12:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-02 12:38 . 2008-08-02 12:38 <DIR> d-------- C:\e2ecaf903c8adc23ced74f
2008-08-01 21:02 . 2008-08-01 21:05 <DIR> d-------- C:\Program Files\Winamp
2008-08-01 21:02 . 2008-08-01 21:08 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Winamp
2008-08-01 20:58 . 2008-08-01 20:58 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Publish Providers
2008-08-01 20:58 . 2008-08-01 20:58 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\NetMedia Providers
2008-08-01 20:56 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-01 20:56 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-08-01 20:56 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-08-01 20:55 . 2008-08-01 20:55 <DIR> d-------- C:\Program Files\Vstplugins
2008-08-01 20:55 . 2008-08-01 20:55 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-08-01 20:55 . 2008-08-01 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-08-01 20:55 . 2008-08-01 21:11 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Sony
2008-08-01 20:54 . 2008-08-02 14:42 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-01 20:54 . 2008-08-02 14:43 <DIR> d-------- C:\Program Files\Sony
2008-08-01 20:46 . 2008-08-01 20:46 <DIR> d-------- C:\Program Files\uTorrent
2008-08-01 20:46 . 2008-08-05 15:13 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\uTorrent
2008-08-01 20:40 . 2008-08-01 20:40 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-08-01 20:38 . 2008-08-01 20:38 <DIR> d-------- C:\Documents and Settings\Adam Jackson\Application Data\Nero
2008-08-01 20:35 . 2008-08-01 20:35 <DIR> d-------- C:\Program Files\Nero
2008-08-01 20:35 . 2008-08-01 20:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-01 20:35 . 2008-08-01 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-01 19:28 . 2008-08-01 19:28 <DIR> d-------- C:\cabs
2008-08-01 19:16 . 2008-08-01 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-01 18:44 . 2008-08-01 18:44 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-08-01 18:35 . 2008-08-01 18:35 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-08-01 18:28 . 2008-08-02 18:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:28 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-01 18:21 . 2008-08-01 18:35 <DIR> d-------- C:\Program Files\sisagp
2008-08-01 18:03 . 2008-08-01 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 17:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-01 17:51 --------- d-----w C:\Program Files\Windows Live
2008-08-01 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-01 16:49 --------- d-----w C:\Program Files\Realtek AC97
2008-08-01 16:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-01 16:40 --------- d-----w C:\Program Files\Google
2008-08-01 16:28 --------- d-----w C:\Program Files\Driver-Soft
2008-08-01 16:00 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-01 15:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-10_18.49.29.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-08 17:10:12 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-10 21:49:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-08 17:10:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-10 21:49:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-10 21:49:21 187,392 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GIZCHY5Z\p[1].bin
- 2008-08-08 17:10:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 21:49:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 21:49:19 61,952 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RE823LSE\msjdk[1].bin
+ 2008-08-10 17:58:12 187,392 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RE823LSE\p[1].bin
- 2008-08-10 16:57:15 66,396 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-10 22:04:47 66,396 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-10 16:57:15 410,434 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-10 22:04:47 410,434 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 17:53 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-01 19:16 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 10:42 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [2008-03-20 18:58 53248 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 10:42 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-08-01 18:35:47 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 23:15:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-10 23:18:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 22:18:18
ComboFix2.txt 2008-08-10 21:41:43
ComboFix3.txt 2008-08-10 17:49:54

Pre-Run: 53,414,838,272 bytes free
Post-Run: 53,422,731,264 bytes free

207 --- E O F --- 2008-08-05 19:57:15

hijck -

Deckard's System Scanner v20071014.68
Run by Adam Jackson on 2008-08-10 23:18:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-10 23:19:05
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Adam Jackson\Desktop\dss.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1217611683859
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


--
End of file - 6009 bytes

-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 22:16:29 260272 --a------ C:\cmldr
2008-08-10 22:16:26 0 d-------- C:\cmdcons
2008-08-10 19:50:16 0 d--h----- C:\WINDOWS\PIF
2008-08-10 18:42:56 68096 --a------ C:\WINDOWS\zip.exe
2008-08-10 18:42:56 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-10 18:42:56 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-10 18:42:56 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-10 18:42:56 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-10 18:42:56 98816 --a------ C:\WINDOWS\sed.exe
2008-08-10 18:42:56 80412 --a------ C:\WINDOWS\grep.exe
2008-08-10 18:42:56 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-09 11:59:53 0 d-------- C:\Program Files\QuickTime
2008-08-09 01:32:05 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Malwarebytes
2008-08-09 01:32:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:32:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 01:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-09 01:23:25 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\PrevxCSI
2008-08-09 00:11:48 0 d-------- C:\WINDOWS\Sun
2008-08-09 00:11:47 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Sun
2008-08-09 00:10:33 0 d-------- C:\Program Files\Java
2008-08-09 00:10:22 0 d-------- C:\Program Files\Common Files\Java
2008-08-08 17:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-08 13:47:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-08 13:47:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 13:47:16 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\SUPERAntiSpyware.com
2008-08-08 13:38:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-08 13:37:07 0 d-------- C:\Program Files\Panda Security
2008-08-07 13:07:14 0 d-------- C:\Program Files\Spyware Doctor
2008-08-07 13:07:14 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\PC Tools
2008-08-07 12:42:58 0 d---s---- C:\Documents and Settings\LocalService\UserData
2008-08-06 17:19:09 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Anvil Studio
2008-08-06 16:50:16 0 d-------- C:\WINDOWS\Digital Ear
2008-08-06 16:42:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-06 16:42:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-06 16:37:25 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Music Recognition
2008-08-06 16:29:24 0 d-------- C:\Program Files\TallStick
2008-08-05 20:57:12 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-05 00:33:30 0 d-------- C:\Program Files\Common Files\Labtec
2008-08-05 00:32:57 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-08-05 00:31:59 0 d-------- C:\Program Files\Labtec
2008-08-05 00:05:33 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Locktime
2008-08-05 00:02:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-08-04 12:37:58 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\DMCache
2008-08-02 18:30:17 0 d-------- C:\Program Files\MSXML 4.0
2008-08-02 18:08:15 0 d-------- C:\Program Files\FlashFXP
2008-08-02 18:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-08-02 16:28:36 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\DivX
2008-08-02 15:42:09 0 d-------- C:\Program Files\DivX
2008-08-02 14:30:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 14:30:22 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-08-02 12:38:58 0 d-------- C:\Program Files\Windows Media Connect 2
2008-08-02 12:38:03 0 d-------- C:\e2ecaf903c8adc23ced74f
2008-08-02 12:38:00 0 d-------- C:\WINDOWS\system32\LogFiles
2008-08-02 12:38:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-01 21:02:39 0 d-------- C:\Program Files\Winamp
2008-08-01 21:02:39 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Winamp
2008-08-01 20:58:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Publish Providers
2008-08-01 20:58:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\NetMedia Providers
2008-08-01 20:56:01 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-08-01 20:55:53 0 d-------- C:\Program Files\Microsoft SQL Server
2008-08-01 20:55:40 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Sony
2008-08-01 20:55:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-08-01 20:55:00 0 d-------- C:\Program Files\Vstplugins
2008-08-01 20:54:49 0 d-------- C:\Program Files\Sony
2008-08-01 20:54:16 0 d-------- C:\Program Files\Sony Setup
2008-08-01 20:46:56 0 d-------- C:\Program Files\uTorrent
2008-08-01 20:46:49 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\uTorrent
2008-08-01 20:40:32 0 d-------- C:\Program Files\NeroInstall.bak
2008-08-01 20:38:18 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Nero
2008-08-01 20:35:43 0 d-------- C:\Program Files\Nero
2008-08-01 20:35:43 0 d-------- C:\Program Files\Common Files\Nero
2008-08-01 20:35:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-01 20:33:39 0 d-------- C:\WINDOWS\RegisteredPackages
2008-08-01 19:28:45 0 d-------- C:\cabs
2008-08-01 19:16:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-01 18:44:27 0 d-------- C:\Program Files\Messenger Plus! Live
2008-08-01 18:35:48 110592 -----n--- C:\WINDOWS\system32\TVMode.dll <Not Verified; Silicon Integrated Systems Corporation; TVModeLib Dynamic Link Library>
2008-08-01 18:35:48 65536 -----n--- C:\WINDOWS\system32\SiSHook.dll <Not Verified; Silicon Integrated Systems Corporation; SiSHook Dynamic Link Library>
2008-08-01 18:35:48 135168 -----n--- C:\WINDOWS\system32\SiSApCom.dll <Not Verified; Silicon Integrated Systems Corporation; SiSApCom Dynamic Link Library>
2008-08-01 18:35:48 0 d-------- C:\WINDOWS\SIS
2008-08-01 18:35:47 262144 --a------ C:\WINDOWS\system32\sistray.exe <Not Verified; Silicon Integrated Systems Corporation; SiS ® Compatible Super VGA SiSTray application>
2008-08-01 18:35:46 53248 --a------ C:\WINDOWS\system32\SiSPower.dll <Not Verified; Silicon Integrated Systems Corporation; SiS ® Power Scheme Library>
2008-08-01 18:35:46 208896 --a------ C:\WINDOWS\Progress.exe <Not Verified; ; Progress Application>
2008-08-01 18:35:46 49152 --a------ C:\WINDOWS\InstFunc.exe
2008-08-01 18:35:46 12288 --a------ C:\WINDOWS\InstFunc.dll <Not Verified; Silicon Integrated Systems Corporation; SiS ® VGA Install Function Dynamic Link Library>
2008-08-01 18:35:42 0 d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-08-01 18:29:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-01 18:28:50 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-01 18:28:48 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:21:36 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-01 18:21:27 0 d-------- C:\Program Files\sisagp
2008-08-01 18:03:53 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-08-01 17:49:53 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-08-01 17:49:23 0 d-------- C:\Program Files\Realtek AC97
2008-08-01 17:49:22 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-08-01 17:49:11 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-01 17:42:55 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Macromedia
2008-08-01 17:42:55 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Adobe
2008-08-01 17:29:42 0 d--hs---- C:\WINDOWS\Installer
2008-08-01 17:29:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-08-01 17:29:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-08-01 17:29:35 0 dr------- C:\Program Files
2008-08-01 17:29:35 0 d-------- C:\Program Files\Common Files
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-08-01 17:28:55 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-08-01 17:28:55 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-08-01 17:28:55 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-08-01 17:28:55 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-08-01 17:28:55 0 dr------- C:\Documents and Settings\All Users\Documents
2008-08-01 17:28:55 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-08-01 17:28:44 0 d-------- C:\Program Files\Driver-Soft
2008-08-01 17:28:34 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-01 17:28:34 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-01 17:28:29 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-08-01 17:28:29 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-08-01 17:28:28 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-08-01 17:28:28 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-01 17:27:43 0 d-------- C:\Documents and Settings
2008-08-01 17:27:42 0 d--hs---- C:\System Volume Information
2008-08-01 17:26:35 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\WinRAR
2008-08-01 17:20:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 17:17:15 0 d-------- C:\WINDOWS
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\WinSxS
2008-08-01 17:17:15 0 dr------- C:\WINDOWS\Web
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\twain_32
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\wins
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\wbem
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\usmt
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\spool
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\Setup
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\scripting
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ras
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\oobe
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\npp
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\mui
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\IME
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\ias
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\export
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\en
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-01 17:17:15 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\config
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\3076
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\2052
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1054
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1042
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1041
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1037
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1033
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1031
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1028
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system32\1025
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\system
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\security
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Resources
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\repair
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Provisioning
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\PeerNet
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\pchealth
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Network Diagnostic
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\mui
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\msapps
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\msagent
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Media
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\L2Schemas
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\java
2008-08-01 17:17:15 0 d--h----- C:\WINDOWS\inf
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\ime
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Help
2008-08-01 17:17:15 0 dr--s---- C:\WINDOWS\Fonts
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Driver Cache
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Debug
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Cursors
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\Config
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\AppPatch
2008-08-01 17:17:15 0 d-------- C:\WINDOWS\addins
2008-08-01 17:01:03 0 d-------- C:\Documents and Settings\Adam Jackson\Contacts
2008-08-01 17:01:02 0 d-------- C:\Program Files\Windows Live Toolbar
2008-08-01 17:00:40 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-01 16:59:25 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-01 16:59:22 0 d-------- C:\Program Files\Windows Live
2008-08-01 16:59:15 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-01 16:57:05 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Google
2008-08-01 16:57:03 0 d-------- C:\Program Files\Google
2008-08-01 16:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-08-01 16:53:50 0 d---s---- C:\Documents and Settings\Adam Jackson\UserData
2008-08-01 16:52:53 0 d-------- C:\Documents and Settings\Adam Jackson\Application Data\Identities
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\Templates
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\Start Menu
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\SendTo
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\Recent
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\PrintHood
2008-08-01 16:52:46 2359296 --ah----- C:\Documents and Settings\Adam Jackson\NTUSER.DAT
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\NetHood
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\My Documents
2008-08-01 16:52:46 0 d--h----- C:\Documents and Settings\Adam Jackson\Local Settings
2008-08-01 16:52:46 0 dr------- C:\Documents and Settings\Adam Jackson\Favorites
2008-08-01 16:52:46 0 d-------- C:\Documents and Settings\Adam Jackson\Desktop
2008-08-01 16:52:46 0 d---s---- C:\Documents and Settings\Adam Jackson\Cookies
2008-08-01 16:52:46 0 dr-h----- C:\Documents and Settings\Adam Jackson\Application Data
2008-08-01 16:51:34 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-01 16:50:52 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-01 16:50:39 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-01 16:50:39 0 d-------- C:\WINDOWS\Prefetch
2008-08-01 16:50:38 249856 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-08-01 16:50:38 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-08-01 16:50:38 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-08-01 16:50:38 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-08-01 16:50:38 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-08-01 16:50:18 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-08-01 16:50:18 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-08-01 16:50:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-08-01 16:50:18 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-08-01 16:50:17 249856 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-01 16:45:34 0 d-------- C:\WINDOWS\system32\xircom
2008-08-01 16:45:34 0 d-------- C:\Program Files\microsoft frontpage
2008-08-01 16:45:30 249856 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-08-01 16:45:23 0 -rahs---- C:\MSDOS.SYS
2008-08-01 16:45:23 0 -rahs---- C:\IO.SYS
2008-08-01 16:45:23 0 --a------ C:\CONFIG.SYS
2008-08-01 16:45:23 0 --a------ C:\AUTOEXEC.BAT
2008-08-01 16:43:49 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-08-01 16:43:31 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-01 16:43:31 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-01 16:43:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-01 16:42:41 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-01 16:42:17 0 d---s---- C:\WINDOWS\Tasks
2008-08-01 16:42:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-08-01 16:42:11 0 d-------- C:\WINDOWS\srchasst
2008-08-01 16:42:10 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-01 16:41:58 0 d-------- C:\Program Files\Movie Maker
2008-08-01 16:41:30 0 d-------- C:\WINDOWS\system32\Restore
2008-08-01 16:41:05 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-01 16:40:49 0 d-------- C:\WINDOWS\Registration
2008-08-01 16:39:59 0 d-------- C:\Program Files\Online Services
2008-08-01 16:39:47 0 d-------- C:\Program Files\Messenger
2008-08-01 16:39:42 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-01 16:38:49 0 d-------- C:\Program Files\Windows NT
2008-08-01 16:38:43 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-01 16:38:40 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-08-01 17:28:55 62 --ahs---- C:\Documents and Settings\Adam Jackson\Application Data\desktop.ini
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 10:42 C:\WINDOWS\system32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
"SiSPower"="SiSPower.dll" [20/03/2008 18:58 C:\WINDOWS\system32\SiSPower.dll]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [28/02/2008 09:59]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [18/02/2008 16:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2008 17:53]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [01/08/2008 19:16]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [28/02/2008 17:07]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [01/08/2008 18:35:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-10 23:19:49 ------------

[kahdah]

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

[adam j]

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-10 23:33:53
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xB73680D2]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB73656DA]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB7365C9A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xB73689A0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xB7368C10]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xB7368F8A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xB7364C5A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB7364372]

---- Kernel code sections - GMER 1.0.14 ----

? Combo-Fix.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001B90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001DF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] ADVAPI32.dll!CryptDecrypt 77DEA109 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 28004010 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 280057C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 28005A20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 28006020 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 280037A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!SetWindowRgn 7E42E528 7 Bytes JMP 28005900 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!LoadIconW 7E42E8BC 5 Bytes JMP 28006210 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 28005C10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 280048F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2800A300 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 28009EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 28009CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WS2_32.dll!recv 71AB676F 5 Bytes JMP 28009B20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2800A0C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 5 Bytes JMP 28002F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 28002100 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] ole32.dll!CoRegisterClassObject 77517E90 5 Bytes JMP 28002200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WININET.dll!HttpOpenRequestA 771C2AF1 5 Bytes JMP 280089A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WININET.dll!InternetCloseHandle 771C4D84 5 Bytes JMP 28008CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WININET.dll!HttpSendRequestA 771C6099 5 Bytes JMP 28008C10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1332] WININET.dll!InternetReadFile 771C82E2 5 Bytes JMP 28008B30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Devices - GMER 1.0.14 ----

Device \Driver\BTHUSB \Device\00000063 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000063 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000065 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000065 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d623196
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d623196@001e45681469 0x93 0xA0 0x3E 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d623196
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d623196@001e45681469 0x93 0xA0 0x3E 0x55 ...

---- EOF - GMER 1.0.14 ----

[kahdah]

Cleanup::

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

===============
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you use Vista see the below link on how to Reset the System Restore points:
http://www.howtogeek...system-restore/

=====================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

[adam j]

ive done everything you have said.

should the infection now have gone away?

[kahdah]

You're logs are clean now.

[adam j]

thanks for all your help its really appreciated.