hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:33:43, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\antiviirus.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.co.uk/8...WCompleteAddIns
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Quick Time\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
--
End of file - 7176 bytes
uninstall log:
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
ALPS Touch Pad Driver
Apple Software Update
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 7.5
CD/DVD Drive Acoustic Silencer
Digidesign Free Bomb Factory Plug-Ins 7.4
Digidesign Pro Tools LE 7.4
Digidesign Shared Plug-Ins 7.4
HijackThis 2.0.2
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
InterLok Driver Kit
Interlok driver setup x32
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 2
Japanese Fonts Support For Adobe Reader 8
Java 6 Update 3
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.12)
NCH Toolbox
OpenOffice.org 2.3
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Samsung Media Studio
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic DLA
Sonic RecordNow!
Sony Ericsson PC Suite 1.20.224
Switch
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Winamp
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893086
Xpand!
XviD MPEG-4 Video Codec
cheers, james.
heres my combofix log too:
ComboFix 08-03-23.2 - James Clamp 2008-03-24 1:14:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.513 [GMT 0:00]
Running from: C:\Documents and Settings\James Clamp\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
CF1372.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\*
CF1372.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF1372.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.
2008-03-24 00:33 . 2008-03-24 00:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 23:35 . 2008-03-23 23:35 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-23 22:10 . 2008-03-23 22:10 21,576 --a------ C:\Program Files\antiviirus.exe
2008-03-23 21:37 . 2008-03-23 21:37 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\Apple Computer
2008-03-23 20:11 . 2008-03-23 20:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-23 20:11 . 2008-03-23 20:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-23 20:08 . 2008-03-23 21:44 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\Teleca
2008-03-23 20:06 . 2008-03-23 20:06 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-03-23 20:06 . 2008-03-23 20:06 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-23 20:06 . 2008-03-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-03-23 20:06 . 2008-03-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-23 19:58 . 2008-03-23 19:58 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-03-23 19:57 . 2008-03-23 19:57 <DIR> d-------- C:\Program Files\XviD
2008-03-23 19:57 . 2008-03-23 19:57 <DIR> d-------- C:\Program Files\MarkAny
2008-03-23 19:56 . 2008-03-23 19:56 <DIR> d-------- C:\Program Files\Samsung
2008-03-23 12:06 . 2008-03-23 12:07 <DIR> d-------- C:\Documents and Settings\James Clamp\dwhelper
2008-03-20 17:42 . 2008-03-20 17:42 <DIR> d-------- C:\WINDOWS\Sun
2008-03-19 02:25 . 2008-03-19 02:25 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-19 01:57 . 2008-03-19 01:57 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\InstallShield
2008-03-19 01:57 . 2007-10-31 02:12 2,545,766 --a------ C:\WINDOWS\system32\dgfwdio.dll
2008-03-19 01:57 . 2007-10-30 23:03 270,336 --a------ C:\WINDOWS\system32\DigiPlatformSupport.dll
2008-03-19 01:57 . 2006-03-29 15:11 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-03-19 01:57 . 2007-10-31 00:35 45,568 --a------ C:\WINDOWS\system32\mbx2midu.dll
2008-03-19 01:57 . 2007-10-31 02:15 24,080 --a------ C:\WINDOWS\system32\drivers\dgfwboot.sys
2008-03-19 01:57 . 2007-10-31 02:16 21,904 --a------ C:\WINDOWS\system32\drivers\mbx2midk.sys
2008-03-19 01:57 . 2007-10-31 02:16 21,648 --a------ C:\WINDOWS\system32\drivers\mbx2dfu.sys
2008-03-19 01:57 . 2007-10-31 02:16 16,400 --a------ C:\WINDOWS\system32\drivers\diginet.sys
2008-03-19 01:06 . 2008-03-23 21:42 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\Digidesign
2008-03-19 01:06 . 2008-03-19 02:02 <DIR> d-------- C:\Digidesign Databases
2008-03-19 01:04 . 2008-03-19 01:04 <DIR> d-------- C:\Program Files\InterLok
2008-03-19 01:04 . 2007-10-31 00:34 196,608 --a------ C:\WINDOWS\system32\Digi32.dll
2008-03-19 01:03 . 2007-10-31 02:15 97,808 --a------ C:\WINDOWS\system32\drivers\Dalwdm.sys
2008-03-19 01:03 . 2006-12-08 22:50 16,384 --a------ C:\WINDOWS\system32\drivers\DigiFilt.sys
2008-03-19 01:02 . 2008-03-19 02:07 <DIR> d-------- C:\Program Files\Digidesign
2008-03-19 01:02 . 2008-03-19 01:03 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-03-19 01:02 . 2007-10-31 03:16 3,683,014 --a------ C:\WINDOWS\system32\DirectIO.dll
2008-03-19 01:02 . 2007-10-31 00:03 1,362,460 --a------ C:\WINDOWS\system32\ExpansionHD_Firmware.bin
2008-03-19 01:02 . 2007-10-31 00:03 659,456 --a------ C:\WINDOWS\system32\DSI.dll
2008-03-19 01:02 . 2007-10-31 00:35 172,032 --a------ C:\WINDOWS\system32\Diomidi.DLL
2008-03-19 01:02 . 2006-12-08 23:21 90,112 --a------ C:\WINDOWS\system32\WinMMFix.dll
2008-03-19 01:02 . 2007-10-31 00:36 15,872 --a------ C:\WINDOWS\system32\digicoin.dll
2008-03-18 23:51 . 2008-03-18 23:51 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-18 23:43 . 2008-03-23 20:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-18 23:43 . 2008-03-18 23:43 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-03-18 23:43 . 2008-03-23 20:10 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\PACE Anti-Piracy
2008-03-18 23:43 . 2008-03-23 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-03-18 23:38 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-18 23:38 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-18 23:38 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-18 23:38 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-18 23:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-17 07:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-17 07:34 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-17 07:34 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-16 23:51 . 2008-03-16 23:51 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-16 23:51 . 2008-03-16 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-16 23:51 . 2008-03-16 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-16 23:45 . 2008-03-16 23:45 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-16 23:45 . 2008-03-16 23:45 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-16 23:43 . 2008-03-16 23:52 <DIR> d-------- C:\Program Files\Quick Time
2008-03-16 23:41 . 2008-03-16 23:47 <DIR> d-------- C:\Program Files\Real Player
2008-03-16 23:37 . 2008-03-16 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-16 23:36 . 2008-03-16 23:36 <DIR> d-------- C:\Program Files\Switch
2008-03-16 23:36 . 2008-03-16 23:38 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-03-16 23:36 . 2008-03-16 23:36 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\NCH Swift Sound
2008-03-16 23:33 . 2008-03-16 23:33 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-16 23:32 . 2008-03-16 23:34 <DIR> d-------- C:\Program Files\Windows Live
2008-03-16 23:32 . 2008-03-16 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-16 23:22 . 2008-03-17 07:42 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\OpenOffice.org2
2008-03-16 23:19 . 2008-03-16 23:20 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-16 23:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-16 23:09 . 2008-03-16 23:18 <DIR> d-------- C:\Program Files\Open Office
2008-03-16 22:41 . 2008-03-19 20:04 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\Winamp
2008-03-16 22:41 . 2007-03-07 23:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-16 22:41 . 2007-03-07 23:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-16 22:41 . 2007-03-07 23:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-16 22:40 . 2008-03-16 22:41 <DIR> d-------- C:\Program Files\Winamp
2008-03-16 22:38 . 2008-03-16 22:38 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-16 22:30 . 2008-03-16 22:30 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\Talkback
2008-03-16 22:30 . 2008-03-16 22:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-16 22:12 . 2008-03-16 22:24 <DIR> d-------- C:\Documents and Settings\James Clamp\Contacts
2008-03-16 22:11 . 2008-03-23 20:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-16 21:57 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-16 21:25 . 2006-12-07 06:40 2,362,184 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-03-16 21:25 . 2007-07-09 13:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-16 21:13 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-16 20:51 . 2008-03-24 00:25 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\AVG7
2008-03-16 20:50 . 2008-03-16 20:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-16 20:50 . 2008-03-16 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-16 20:50 . 2008-03-24 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-16 20:21 . 2008-03-16 20:21 <DIR> d--hs---- C:\Documents and Settings\James Clamp\UserData
2008-03-16 17:43 . 2005-08-25 15:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-03-16 17:43 . 2005-08-25 15:23 <DIR> d-------- C:\Documents and Settings\James Clamp\WINDOWS
2008-03-16 17:43 . 2005-08-25 15:27 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\toshiba
2008-03-16 17:43 . 2005-08-26 09:31 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\Symantec
2008-03-16 17:43 . 2005-08-26 09:17 <DIR> d-------- C:\Documents and Settings\James Clamp\Application Data\Sonic
2008-03-16 17:43 . 2008-03-16 17:43 0 -rahs---- C:\WINDOWS\system32\drivers\TOSHIBA_EQUIUM M50_03436000-AV_PSM59E-00300.MRK
2008-03-16 17:42 . 2005-08-25 15:23 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-03-16 17:42 . 2004-12-22 16:44 843,776 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-03-16 17:42 . 2005-03-27 17:32 385,024 --a------ C:\WINDOWS\system32\athcfg11.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 19:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-16 23:19 --------- d-----w C:\Program Files\Java
2008-03-16 17:58 --------- d-----w C:\Program Files\Symantec
2008-03-16 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-16 17:42 --------- d-----w C:\Program Files\Atheros
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 07:10 88358 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 05:40 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-06-30 09:05 671744]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-08 14:51 53248]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-05 18:02 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-11 13:33 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 09:31 118784]
"TFncKy"="TFncKy.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-16 20:52 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\Quick Time\QTTask.exe" [2008-01-31 23:13 385024]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2006-07-21 08:32 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2006-06-02 14:39 57344]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"antiviirus"="C:\Program Files\antiviirus.exe" [2008-03-23 22:10 21576]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 12:00 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-16 20:50 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2004-11-17 09:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2005-04-05 15:25 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"CFSvcs"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 22:50]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 02:16]
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 02:15]
S3 MBX2DFU;MBX2DFU;C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys [2007-10-31 02:16]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2007-10-31 02:16]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 23:51:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 17:42:42 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-16 17:42:42 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 01:15:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-24 1:16:20
ComboFix-quarantined-files.txt 2008-03-24 01:16:11
.
2008-03-16 22:01:28 --- E O F ---
UPDATE! 24/3/08
AVG just doing its daily scan has found some more suspect files!
Dc1.exe in C:\Recycler\S-1-5-21-3179837507-3992972269-289082209-1007\Dc1.exe
A0003780.exe in C:\System Volume Information_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP79\A0003780.exe
A0003823.exe in C:\System Volume Information_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP79\A0003823.exe
A0003853.exe in C:\System Volume Information_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP79\A0003853.exe
A0003859.exe in C:\System Volume Information_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP79\A0003859.exe
A0003885.exe in C:\System Volume Information_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP79\A0003885.exe
A0003886.exe in C:\System Volume Information_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP79\A0003886.exe
A0003887.exe in C:\System Volume Information_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP79\A0003887.exe
A0003888.exe in C:\System Volume Information_restore{8822E5AF-692C-42F0-B1EA-1E71D2781317}\RP79\A0003888.exe
Edited by theclamps27, 24 March 2008 - 07:08 AM.