these are the log files after doing as instructed. if i now enable adwatch and hjt scan it ,the prosearching entries will appear. instead i am using AVG Anti-Spyware 7.5 or should i uninstall adwatch then re install it. your advice is much anticipated. thanks
ComboFix 08-03-05.1 - Asif 2008-03-06 10:19:55.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.172 [GMT 0:00]
Running from: C:\Documents and Settings\Asif\Desktop\ComboFix.exe
Command switches used :: /SysRst
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.
2008-03-06 09:28 . 2008-03-06 09:28 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-03-05 18:45 . 2004-08-03 23:56 388,608 --a------ C:\CF24114.exe
2008-03-05 18:43 . 2008-03-05 18:43 d-------- C:\Documents and Settings\Asif\Application Data\WinPatrol
2008-03-05 17:43 . 2008-03-05 17:51 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 19:10 . 2008-03-05 22:11 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-03-04 17:17 . 2008-03-05 01:44 d-------- C:\Program Files\EsetOnlineScanner
2008-03-04 09:20 . 2008-03-04 09:20 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-04 09:20 . 2008-03-06 09:04 d-------- C:\Documents and Settings\Asif\Application Data\AVG7
2008-03-04 09:20 . 2008-03-04 09:23 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-03 21:27 . 2008-03-03 21:27 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 21:27 . 2008-03-03 21:27 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-01 22:58 . 2008-03-01 22:58 d-------- C:\Documents and Settings\Asif\Application Data\Grisoft
2008-03-01 22:58 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 22:57 . 2008-03-04 09:20 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-01 01:00 . 2008-03-01 01:00 d-------- C:\Program Files\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 d-------- C:\Documents and Settings\Asif\Application Data\Webroot
2008-03-01 01:00 . 2008-03-01 01:00 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-01 01:00 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-03-01 01:00 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-01 01:00 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-01 01:00 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-01 01:00 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-27 22:51 . 2008-02-27 22:51 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-02-24 18:22 . 2008-02-24 18:22 d-------- C:\Program Files\MSXML 6.0
2008-02-23 21:12 . 2008-02-23 21:12 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-23 21:05 . 2008-02-23 21:05 d-------- C:\Program Files\Common Files\Corel
2008-02-20 15:53 . 2008-02-23 01:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 15:53 . 2008-02-20 15:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-12 17:58 . 2008-02-12 17:58 d-------- C:\Program Files\Log
2008-02-12 17:24 . 2008-02-12 17:24 d-------- C:\Program Files\AddonLog
2008-02-12 17:24 . 2007-02-02 19:39 217,088 --a------ C:\Program Files\SsMidAccess.dll
2008-02-12 17:24 . 2007-02-02 19:39 81,920 --a------ C:\Program Files\Cddb2Access.dll
2008-02-12 17:23 . 2008-02-12 17:23 d-------- C:\Program Files\Data
2008-02-12 17:23 . 2007-02-05 10:11 5,961,272 --a------ C:\Program Files\Omgjbox.exe
2008-02-12 17:23 . 2007-02-02 19:35 1,323,008 --a------ C:\Program Files\OmgjboxRes.dll
2008-02-12 17:23 . 2007-02-05 10:11 1,201,720 --a------ C:\Program Files\Omgbkup.exe
2008-02-12 17:23 . 2005-03-21 20:30 1,060,864 --a------ C:\Program Files\mfc71.dll
2008-02-12 17:23 . 2007-02-05 10:10 816,696 --a------ C:\Program Files\OMG2OMA.exe
2008-02-12 17:23 . 2007-02-02 19:42 798,720 --a------ C:\Program Files\Si.dll
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Omg1to2.exe
2008-02-12 17:23 . 2007-02-05 10:10 603,704 --a------ C:\Program Files\Ojbsir.exe
2008-02-12 17:23 . 2007-02-02 19:08 536,576 --a------ C:\Program Files\OMG2OMARes.dll
2008-02-12 17:23 . 2007-02-02 20:03 528,384 --a------ C:\Program Files\OjbSirRes.dll
2008-02-12 17:23 . 2005-03-21 20:30 499,712 --a------ C:\Program Files\msvcp71.dll
2008-02-12 17:23 . 2007-02-05 10:11 476,728 --a------ C:\Program Files\SSAAD.exe
2008-02-12 17:23 . 2007-02-02 19:41 434,176 --a------ C:\Program Files\Items.dll
2008-02-12 17:23 . 2007-02-02 19:39 397,312 --a------ C:\Program Files\SsEncMp3.dll
2008-02-12 17:23 . 2005-03-21 20:34 352,256 --a------ C:\Program Files\ijl15.dll
2008-02-12 17:23 . 2005-03-21 20:30 348,160 --a------ C:\Program Files\msvcr71.dll
2008-02-12 17:23 . 2007-02-02 19:39 196,608 --a------ C:\Program Files\RGraph.dll
2008-02-12 17:23 . 2006-12-19 15:03 192,512 --a------ C:\Program Files\XCoreAudio.dll
2008-02-12 17:23 . 2007-02-02 20:07 143,360 --a------ C:\Program Files\OmgbkupRes.dll
2008-02-12 17:23 . 2006-12-26 17:57 143,360 --a------ C:\Program Files\dunzip32.dll
2008-02-12 17:23 . 2007-02-02 19:40 131,072 --a------ C:\Program Files\SsMtp.dll
2008-02-12 17:23 . 2007-02-02 19:36 106,496 --a------ C:\Program Files\RBasis.dll
2008-02-12 17:23 . 2005-03-21 20:30 106,496 --a------ C:\Program Files\atl71.dll
2008-02-12 17:23 . 2007-02-02 19:46 94,208 --a------ C:\Program Files\DMPInternet.dll
2008-02-12 17:23 . 2007-02-02 19:47 69,632 --a------ C:\Program Files\XPanel.dll
2008-02-12 17:23 . 2007-02-02 19:39 65,536 --a------ C:\Program Files\SsEncWma.dll
2008-02-12 17:23 . 2005-03-21 20:30 65,536 --a------ C:\Program Files\JETCOMP.exe
2008-02-12 17:23 . 2007-02-02 19:42 57,344 --a------ C:\Program Files\SsTpl.dll
2008-02-12 17:23 . 2007-02-02 19:39 49,152 --a------ C:\Program Files\SsProxy.dll
2008-02-12 17:23 . 2007-02-02 19:46 45,056 --a------ C:\Program Files\GenMediaKey.dll
2008-02-12 17:23 . 2007-02-05 10:10 38,456 --a------ C:\Program Files\AppReg.exe
2008-02-12 17:23 . 2007-02-02 19:42 32,768 --a------ C:\Program Files\HelpHelper.dll
2008-02-12 17:23 . 2007-02-02 19:08 17,920 --a------ C:\Program Files\XThumbnail.dll
2008-02-12 17:23 . 2007-02-02 19:46 13,312 --a------ C:\Program Files\WtsNotify.dll
2008-02-12 17:23 . 2007-02-02 19:07 12,800 --a------ C:\Program Files\Lam.dll
2008-02-12 17:23 . 2007-02-02 19:05 3,584 --a------ C:\Program Files\Omg1to2Res.dll
2008-02-12 17:08 . 2008-02-12 17:09 d-------- C:\ss43_dl
2008-02-12 14:08 . 2008-02-12 14:08 d-------- C:\Documents and Settings\All Users\SonicStage
2008-02-12 13:57 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-02-12 13:57 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-02-12 13:57 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-02-12 13:57 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-02-12 13:57 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-02-12 13:56 . 2008-02-13 11:18 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-02-12 13:56 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-02-12 13:56 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-02-12 13:56 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-02-12 13:56 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-02-12 13:56 . 2006-10-29 01:00 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-12 13:56 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-02-12 13:55 . 2008-02-13 11:12 d-------- C:\Program Files\Sony
2008-02-12 13:54 . 2008-02-18 12:42 d-------- C:\Program Files\Common Files\Sony Shared
2008-02-12 13:54 . 2008-02-13 11:18 d-------- C:\Documents and Settings\Asif\Application Data\Sony Corporation
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a------ C:\WINDOWS\system32\drivers\MemStPCI.SYS
2008-02-12 13:10 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 23:09 . 2008-02-09 11:53 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-07 10:48 . 2008-02-07 10:48 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-06 21:33 . 2008-02-06 21:33 d-------- C:\WINDOWS\RegCure
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 01:01 --------- d-----w C:\Documents and Settings\Asif\Application Data\uTorrent
2008-02-27 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-26 09:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 21:17 --------- d-----w C:\Documents and Settings\Asif\Application Data\Corel
2008-02-18 12:41 --------- d-----w C:\Program Files\DivX
2008-02-09 09:37 --------- d-----w C:\Program Files\Google
2008-02-06 09:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 08:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-02-04 12:06 --------- d-----w C:\Documents and Settings\Asif\Application Data\Apple Computer
2008-02-04 12:05 --------- d-----w C:\Program Files\iPod
2008-02-04 12:03 --------- d-----w C:\Program Files\QuickTime
2008-02-04 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-04 12:00 --------- d-----w C:\Program Files\Apple Software Update
2008-02-04 11:59 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-04 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 18:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
2007-12-31 18:29 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-12-29 17:53 0 ----a-w C:\Documents and Settings\Asif\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-08-03 20:32 17,144 -c--a-w C:\Documents and Settings\Asif\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 20:09 25,600 ----a-w C:\Program Files\SsVerChk.ocx
2007-02-02 20:08 65,536 ----a-w C:\Program Files\StdoutSs2.ax
2007-02-02 20:08 53,248 ----a-w C:\Program Files\SonyWavParser2.ax
2007-01-16 18:13 7,453 ----a-w C:\Program Files\Readme.txt
2005-08-25 09:10 81,920 ----a-w C:\Program Files\SonyFsConvFilter.ax
2005-03-21 20:30 7 ----a-w C:\Program Files\initials.ini
2004-06-18 11:05 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 11:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
2006-12-07 21:37 56 -csh--r C:\WINDOWS\system32\7DCBC830BD.sys
2007-02-12 21:25 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-05_21.16.18.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 12:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\06-03-2008\ERDNT.EXE
+ 2008-03-06 09:03:48 6,774,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\06-03-2008\Users\00000001\ntuser.dat
+ 2008-03-06 09:03:48 237,568 ----a-w C:\WINDOWS\erdnt\AutoBackup\06-03-2008\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-02-08 19:23 0 C:\Documents and Settings\Asif\Application Data\WinPatrol\Autoexec.bat
2006-02-08 19:23 0 {CB50611D-B0A7-4084-977C-4A431BEE56FA}\RP390\A0243374.bat
2006-02-08 19:23 0 C:\Documents and Settings\Asif\Application Data\WinPatrol\Config.sys
2006-02-08 19:23 0 {CB50611D-B0A7-4084-977C-4A431BEE56FA}\RP390\A0243375.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BBC News alerts"="D:\Program Files\BBC News alerts\skinkers.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 18:00 99840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 14:29 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-04 09:22 579072]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"DAEMON Tools"="d:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [ ]
"QuickTime Task"="D:\Program Files\qttask.exe" [ ]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-04 09:20 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" [2005-05-02 10:31 274432]
C:\Documents and Settings\Asif\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
ERUNT AutoBackup.lnk - D:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Asif^Start Menu^Programs^Startup^MetaCafe.lnk]
backup=C:\WINDOWS\pss\MetaCafe.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\Asif\\My Documents\\utorrent.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\microsoft office xp\\Office12\\groove.exe"=
"D:\\Program Files\\microsoft office xp\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
R2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe [2003-03-13 15:46]
R2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe [2003-03-13 15:38]
R2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe [2003-03-13 15:42]
R2 LcSvrKds;ELSA KD-Nummern Server;d:\elsawin\bin\LcSvrKdS.exe [2003-03-13 15:51]
R2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe [2003-03-13 16:06]
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 16:18]
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 11:31]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe [2003-03-13 15:41]
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-06-30 12:57]
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys [2005-06-28 19:46]
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 11:39]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe" [2007-01-26 11:38]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe [2007-01-26 11:38]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-03-01 14:25]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-03-01 14:25]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-03-01 14:25]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-03-01 14:25]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-03-01 14:25]
S3 MemStPCI;Sony Memory Stick controller (PCI);C:\WINDOWS\system32\DRIVERS\MemStPCI.SYS [2004-08-03 23:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 12:00:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 09:53:26 C:\WINDOWS\Tasks\RegCure Program Check.job"
- d:\Program Files\RegCure\RegCure.exe
"2008-02-06 21:16:22 C:\WINDOWS\Tasks\RegCure.job"
- d:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 10:22:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-06 10:23:56
ComboFix-quarantined-files.txt 2008-03-06 10:23:51
ComboFix2.txt 2008-03-06 10:15:34
ComboFix3.txt 2008-03-05 21:16:57
ComboFix4.txt 2008-03-05 18:55:28
ComboFix5.txt 2008-03-03 21:21:14
.
2008-03-06 09:07:05 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:53, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
d:\elsawin\bin\LcSvrAdm.exe
d:\elsawin\bin\LcSvrDba.exe
d:\elsawin\bin\LcSvrHis.exe
d:\elsawin\bin\LcSvrKdS.exe
d:\elsawin\bin\LcSvrPas.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
d:\elsawin\bin\LcSvrAuf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC News alerts] D:\Program Files\BBC News alerts\skinkers.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\microsoft office xp\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\microsoft office xp\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers/electric_paper2000_hybrid/module03/aware_player/awswaxf.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - d:\elsawin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - d:\elsawin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - d:\elsawin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - d:\elsawin\bin\LcSvrHis.exe
O23 - Service: ELSA KD-Nummern Server (LcSvrKds) - Volkswagen AG - d:\elsawin\bin\LcSvrKdS.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - d:\elsawin\bin\LcSvrPas.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10868 bytes
