jComboFix 10-03-27.03 - Vannesa 28/03/2010 13:56:55.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.479.205 [GMT 1:00] Running from: c:\documents and settings\Vannesa\Desktop\ComboFix.exe AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\amy.HOME\Application Data\DriveCleaner 2006 Free c:\documents and settings\amy.HOME\Application Data\DriveCleaner 2006 Free\Logs\update.log c:\documents and settings\amy.HOME\err.log c:\documents and settings\shaun.HOME\Application Data\DriveCleaner 2006 Free c:\documents and settings\shaun.HOME\Application Data\DriveCleaner 2006 Free\Logs\update.log c:\documents and settings\shaun.HOME\Application Data\FunWebProducts c:\documents and settings\shaun.HOME\Application Data\FunWebProducts\Data\shaun\avatar.dat c:\documents and settings\shaun.HOME\err.log c:\documents and settings\Vannesa\Application Data\DriveCleaner 2006 Free c:\documents and settings\Vannesa\Application Data\DriveCleaner 2006 Free\Logs\update.log c:\documents and settings\Vannesa\Application Data\FunWebProducts c:\documents and settings\Vannesa\Application Data\FunWebProducts\Data\Vannesa\avatar.dat c:\documents and settings\Vannesa\Application Data\FunWebProducts\Data\Vannesa\register.dat c:\documents and settings\Vannesa\Application Data\Starware316(2) c:\documents and settings\Vannesa\Application Data\Starware316(2)\SearchMatch(2)\searchMatchPages(2)\_C3108210838887.html c:\documents and settings\Vannesa\err.log c:\documents and settings\Vannesa\Local Settings\Application Data\ilvaa.dat c:\documents and settings\Vannesa\Local Settings\Application Data\ilvaa.exe c:\documents and settings\Vannesa\Local Settings\Application Data\ilvaa_nav.dat c:\documents and settings\Vannesa\Local Settings\Application Data\ilvaa_navps.dat c:\documents and settings\Vannesa\My Documents\iexplore.exe c:\program files\Common Files\companion wizard c:\program files\Fast Browser Search c:\program files\Fast Browser Search\IE\1.bat c:\program files\Fast Browser Search\IE\about.html c:\program files\Fast Browser Search\IE\affid.dat c:\program files\Fast Browser Search\IE\basis.xml c:\program files\Fast Browser Search\IE\basis_br.xml c:\program files\Fast Browser Search\IE\basis_de.xml c:\program files\Fast Browser Search\IE\basis_en.xml c:\program files\Fast Browser Search\IE\basis_es.xml c:\program files\Fast Browser Search\IE\basis_fr.xml c:\program files\Fast Browser Search\IE\basis_it.xml c:\program files\Fast Browser Search\IE\basis_nr.xml c:\program files\Fast Browser Search\IE\basis_pt.xml c:\program files\Fast Browser Search\IE\basis_ru.xml c:\program files\Fast Browser Search\IE\basis_tr.xml c:\program files\Fast Browser Search\IE\BHO.dll c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe c:\program files\Fast Browser Search\IE\error.html c:\program files\Fast Browser Search\IE\FBSPlugin.dll c:\program files\Fast Browser Search\IE\fbsProtection.xml c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe c:\program files\Fast Browser Search\IE\FBStoolbar.dll c:\program files\Fast Browser Search\IE\fbstoolbar.jar c:\program files\Fast Browser Search\IE\fbstoolbar.manifest c:\program files\Fast Browser Search\IE\icons.bmp c:\program files\Fast Browser Search\IE\info.txt c:\program files\Fast Browser Search\IE\local.xml c:\program files\Fast Browser Search\IE\logobg.bmp c:\program files\Fast Browser Search\IE\MTWBtoolbar.html c:\program files\Fast Browser Search\IE\search.bmp c:\program files\Fast Browser Search\IE\search_br.bmp c:\program files\Fast Browser Search\IE\search_de.bmp c:\program files\Fast Browser Search\IE\search_es.bmp c:\program files\Fast Browser Search\IE\search_fr.bmp c:\program files\Fast Browser Search\IE\search_it.bmp c:\program files\Fast Browser Search\IE\search_pt.bmp c:\program files\Fast Browser Search\IE\search_ru.bmp c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico c:\program files\Fast Browser Search\IE\SGPU.ico c:\program files\Fast Browser Search\IE\sgpUpdater.exe c:\program files\Fast Browser Search\IE\sgpUpdater.xml c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js c:\program files\Fast Browser Search\IE\Toolbar Help.htm c:\program files\Fast Browser Search\IE\uninstall.exe c:\program files\Fast Browser Search\IE\uninstalSGP.exe c:\program files\Fast Browser Search\IE\uninstalSGPU.exe c:\program files\Fast Browser Search\IE\update.exe c:\program files\Fast Browser Search\IE\version.txt c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\018D9501.urr c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Cache\000C6CAA c:\program files\MyWebSearch\bar\Cache\005195FC.bin c:\program files\MyWebSearch\bar\Cache\0081B245.bin c:\program files\MyWebSearch\bar\Cache\0081B581.bin c:\program files\MyWebSearch\bar\Cache\0081BBEA.bin c:\program files\MyWebSearch\bar\Cache\0081C020.bin c:\program files\MyWebSearch\bar\Cache\0081C252 c:\program files\MyWebSearch\bar\Cache\0200EC2A.bin c:\program files\MyWebSearch\bar\Cache\0200F15A.bin c:\program files\MyWebSearch\bar\Cache\0200F4C5.bin c:\program files\MyWebSearch\bar\Cache\0200F9E6.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\bar\Settings\setting2.htm c:\program files\MyWebSearch\bar\Settings\settings.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll c:\program files\SGPSA c:\program files\SGPSA\BHO.dll c:\recycler\S-1-5-21-1435579586-3901990543-3253371051-1003 c:\recycler\S-1-5-21-3892170767-1634138995-2685667736-1005 c:\recycler\S-1-5-21-3892170767-1634138995-2685667736-1006 c:\windows\COUPON~1.OCX c:\windows\CouponPrinter.ocx c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf c:\windows\system32\cguoefsc.ini c:\windows\system32\ctfbvsii.ini c:\windows\system32\ekglinml.ini c:\windows\system32\f3PSSavr.scr c:\windows\system32\hijbdddo.ini c:\windows\system32\qeusthwt.ini c:\windows\system32\rtjtnmnd.ini c:\windows\system32\uqxfphhd.ini c:\windows\system32\VB6KO.DLL c:\windows\system32\xlhcsfaq.ini E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 ))))))))))))))))))))))))))))))) . 2010-03-26 21:19 . 2010-03-26 21:19 -------- d-----w- c:\documents and settings\amy.HOME\Local Settings\Application Data\Threat Expert 2010-03-26 21:18 . 2010-03-26 21:18 -------- d-----w- c:\documents and settings\Vannesa\Local Settings\Application Data\Threat Expert 2010-03-26 21:18 . 2010-03-26 21:18 -------- d-----w- c:\documents and settings\Vannesa\Application Data\PC Tools 2010-03-26 21:18 . 2010-03-26 21:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools 2010-03-25 22:38 . 2010-03-26 21:17 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-25 19:35 . 2010-03-26 21:18 -------- d-----w- c:\program files\ERUNT 2010-03-25 19:01 . 2010-03-25 20:26 205824 --sha-w- c:\documents and settings\Vannesa\Local Settings\Application Data\3292048846.dll 2010-03-20 17:47 . 2010-03-20 17:47 -------- d-----w- c:\program files\Veetle 2010-03-13 18:52 . 2010-03-13 18:52 -------- d-----w- c:\documents and settings\Vannesa\Application Data\live-player 2010-03-13 18:33 . 2010-03-13 18:52 -------- d-----w- c:\program files\Live-Player 2010-03-13 17:11 . 2010-03-13 17:24 -------- d-----w- c:\windows\system32\TVUAx 2010-03-11 16:15 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-07 22:32 . 2010-03-07 22:32 -------- d-----w- C:\fa726408fdab4e80101ca2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-28 13:37 . 2008-11-10 11:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kontiki 2010-03-28 13:34 . 2007-10-06 12:01 -------- d-----w- c:\documents and settings\Vannesa\Application Data\OpenOffice.org2 2010-03-28 13:33 . 2008-10-30 21:41 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2010-03-28 13:32 . 2008-02-08 15:10 -------- d-----w- c:\program files\lg_fwupdate 2010-03-26 21:19 . 2006-05-18 19:19 -------- d-----w- c:\program files\LimeWire 2010-03-26 21:18 . 2010-03-25 22:38 -------- d-----w- c:\program files\Spyware Doctor 2010-03-26 21:18 . 2010-03-26 21:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software 2010-03-26 21:18 . 2010-03-26 21:18 -------- d-----w- c:\program files\Alwil Software 2010-03-26 19:57 . 2006-05-28 20:07 -------- d-----w- c:\documents and settings\shaun.HOME\Application Data\LimeWire 2010-03-26 15:06 . 2006-06-18 21:00 -------- d-----w- c:\documents and settings\Vannesa\Application Data\LumaPix 2010-03-10 11:36 . 2010-03-25 22:39 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-02-23 18:06 . 2007-04-13 15:54 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-21 16:36 . 2009-05-26 15:48 -------- d-----w- c:\documents and settings\amy.HOME\Application Data\Spotify 2010-02-21 16:27 . 2009-02-13 12:34 -------- d-----w- c:\documents and settings\Vannesa\Application Data\Spotify 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-12 10:03 . 2010-02-24 09:37 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-05 09:25 . 2010-03-25 22:38 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-02-05 09:17 . 2010-03-25 22:39 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-01-22 09:56 . 2010-03-25 22:41 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-22 09:56 . 2010-03-25 22:41 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-22 09:56 . 2010-03-25 22:41 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-01-22 09:55 . 2010-03-25 22:41 767952 ----a-w- c:\windows\BDTSupport.dll 2009-12-31 16:50 . 2004-10-25 09:10 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2006-07-27 22:22 . 2006-07-27 22:22 623871 ----a-w- c:\program files\P1010038 (2048 x 1536).jpg 2007-04-09 14:10 . 2007-04-09 14:10 1144 --sha-w- c:\windows\Driver Cache\frtm.tmp 2006-02-03 16:21 . 2005-11-11 18:40 56 --sh--r- c:\windows\system32\DD79477353.sys 2006-02-03 16:21 . 2005-11-11 18:40 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-23 2002160] "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472] "nwiz"="nwiz.exe" [2003-07-28 323584] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-24 180269] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-09-13 921600] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-02-11 249856] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Vannesa\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-11-19 962660] Event Reminder.lnk - c:\program files\Mindscape\The Print Shop\PSRemind.exe [2005-12-14 323584] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Photo Express Calendar Checker SE.lnk - c:\program files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2005-2-19 55296] Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2008-10-6 670256] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-30 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-25 13:56 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25/03/2010 23:39 217032] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [19/02/2005 14:42 4064] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 11:39 74480] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 16:51 4096] S3 aaudstum;aaudstum;\??\c:\docume~1\AMY~1.HOM\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\AMY~1.HOM\LOCALS~1\Temp\aaudstum.sys [?] S3 AEILAB;AEI USB To Fast Ethernet Adapter;c:\windows\system32\drivers\AEILAB.SYS [25/10/2004 11:29 24299] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [25/09/2009 14:44 13224] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [24/08/2009 10:59 89256] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 04:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2005-10-28 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4121455347.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56] 2010-03-28 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 21:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\amy.HOME\Start Menu\Programs\The Learning Company\IMVU\Run IMVU.lnk LSP: c:\windows\system32\imon.dll Trusted Zone: plaxo.com\www TCP: {6CBD613C-EF1B-455D-AA90-AFDA7D6F29A1} = 192.168.50.20 DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://d:\system\intralaunch.CAB DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/int/EasyUpload/ImgUploader.cab FF - ProfilePath - c:\documents and settings\Vannesa\Application Data\Mozilla\Firefox\Profiles\nqe671ui.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405725&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Radio Bar 1 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk|www.talk21.com|www.facebook.com FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={C52BBCB8-DC34-CDA3-5D89-8F08CD8F7CCC}&q= FF - component: c:\documents and settings\Vannesa\Application Data\Mozilla\Firefox\Profiles\nqe671ui.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Vannesa\Application Data\Mozilla\Firefox\Profiles\nqe671ui.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\Vannesa\Application Data\Mozilla\Firefox\Profiles\nqe671ui.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\Vannesa\Application Data\Mozilla\plugins\npPxPlay.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\np32dsw.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npArtistScope42.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npArtistScopeDRM11.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npBBCPlugin.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npCouponPrinter.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npdivx32.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npDivxPlayerPlugin.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npLegitCheckPlugin.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\NPMyWebS.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\NPSWF32.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll . - - - - ORPHANS REMOVED - - - - HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe HKCU-Run-ilvaa - c:\documents and settings\vannesa\local settings\application data\ilvaa.exe HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe HKLM-Run-RegistryMechanic - (no file) HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL Notify-dnsodbc - c:\windows\Driver Cache\dnsodbc.dll Notify-F - c:\windows\system32\F.tmp AddRemove-ilvaa - c:\documents and settings\vannesa\local settings\application data\ilvaa.exe AddRemove-Lexmark X74-X75 - c:\windows\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE AddRemove-Scooby-Doo(TM), Phantom of the Knight(TM) - c:\program files\The Learning Company\Scooby-Doo(TM) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-28 14:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(668) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'lsass.exe'(724) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(2428) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\imon.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe c:\windows\system32\CSHelper.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kontiki\KService.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Spyware Doctor\pctsAuxs.exe c:\windows\system32\WgaTray.exe c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 2.3\program\soffice.exe c:\program files\OpenOffice.org 2.3\program\soffice.BIN c:\program files\iPod\bin\iPodService.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2010-03-28 14:52:18 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-28 13:51 Pre-Run: 29,333,848,064 bytes free Post-Run: 30,050,840,576 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - 11E3EA9F89CFC9777DE21CFBA742109E