0

My virus checker(avira) is reporting a fair few instances of the TR/Genome.khkv virus. Malware bytes and spybot are having no luck getting rid(or even detecting it) and it seems to be infesting more of my system.

Any help would be greatly appreciated. Below is my hijackthis log.

--------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:49, on 20/07/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\CtHelper.exe
I:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
I:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
I:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
I:\Program Files\MozyHome\mozystat.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
I:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "I:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "I:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mylbx] I:\Program Files\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PeerBlock] I:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [uTorrent] "I:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: MozyHome Status.lnk = I:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - I:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - I:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3FDAEAE-5FF5-4BC4-816D-BE369A2D9E18}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - I:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Tenable Nessus - Tenable Network Security, Inc - I:\Program Files\Tenable\Nessus\nessus-service.exe

--
End of file - 12278 bytes

2
Contributors
13
Replies
14
Views
7 Years
Discussion Span
Last Post by crunchie
0

sorry, that FAQ has changed a hell of a lot since last time i was on here! I am running everything and will get back to you.

0

Right: I am having problems runninmg some of the tools.

Malware bytes is refusing to update even using the manual links(mine hasn't been updated since the end of april), I'm also getting a lot of redirects from google etc. The 2nd gmer scan is refusing to run and crashing my system.

Heres what I have so far:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-23 18:20:44
Windows 6.0.6001 Service Pack 1
Running: dmgitt8b.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kxldapow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8521D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dave at 12:35:36.86 on 31/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2046.878 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\fsproflt.exe
I:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
I:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\CtHelper.exe
I:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
I:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
I:\Program Files\MozyHome\mozystat.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
I:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - i:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - i:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [POEngine5]
uRun: [PeerBlock] i:\program files\peerblock\peerblock.exe
uRun: [uTorrent] "i:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "i:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "i:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mylbx] i:\program files\my lockbox\mylbx.exe /a
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - i:\program files\mozyhome\mozystat.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - i:\programs\partygaming\partypoker\RunApp.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.221,93.188.166.201
TCP: {E3FDAEAE-5FF5-4BC4-816D-BE369A2D9E18} = 93.188.162.221,93.188.166.201
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - i:\program files\coreftp\pftpns.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\kszf4t2n.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\kszf4t2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\microsoft.net\framework\v4.0.20506\wpf\NPWPF.dll
FF - plugin: i:\program files\adobe\acrobat 9.0\acrobat\browser\nppdf32.dll
FF - plugin: i:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: i:\program files\veetle\player\npvlc.dll
FF - plugin: i:\program files\veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v4.0.20506\wpf\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-7-30 43792]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-23 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-23 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-23 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-23 56816]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-9 12672]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-7-30 73392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-23 1153368]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-3-25 37376]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2009-3-25 240128]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-2 234888]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\microsoft.net\framework\v4.0.20506\mscorsvw.exe [2009-5-6 104272]
S3 pbfilter;pbfilter;i:\program files\peerblock\pbfilter.sys [2009-11-29 16472]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-9-27 38976]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 msvsmon100;Visual Studio 10 Remote Debugger;c:\program files\microsoft visual studio 10.0\common7\ide\remote debugger\x86\msvsmon.exe [2009-5-6 3342672]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]

=============== Created Last 30 ================

2010-07-17 01:21:28 4958588 ----a-w- c:\windows\{00000004-00000000-00000004-00001102-00000004-20021102}.BAK
2010-07-11 15:45:04 0 d-----w- c:\programdata\Sun
2010-07-11 15:38:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 20:39:43 0 d-----w- c:\users\dave\appdata\roaming\QuickScan
2010-07-07 21:55:39 50176 ----a-w- c:\windows\system32\ernel32.dll
2010-07-07 21:55:36 50176 ----a-w- c:\users\dave\appdata\roaming\c088463a.exe
2010-07-01 20:45:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-01 20:41:32 0 d-----r- c:\program files\Skype
2010-07-01 20:41:26 0 d-----w- c:\programdata\Skype

==================== Find3M ====================

2010-07-31 11:15:30 34805 ----a-w- c:\programdata\nvModes.dat
2010-06-30 17:35:51 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-30 17:35:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-30 17:35:49 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-15 22:07:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-25 12:01:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:37:06.48 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 23/03/2009 22:23:31
System Uptime: 31/07/2010 12:14:36 (0 hours ago)

Motherboard: Foxconn | | 965X7AA
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 57.817 GiB free.
D: is FIXED (NTFS) - 699 GiB total, 180.504 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 932 GiB total, 165.423 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 279 GiB total, 43.46 GiB free.
I: is FIXED (NTFS) - 468 GiB total, 336.676 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1AC52E81&0&21F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1AC52E81&0&21F0
Service:

==== System Restore Points ===================

RP456: 22/07/2010 00:29:40 - Scheduled Checkpoint
RP457: 23/07/2010 20:00:41 - Scheduled Checkpoint
RP458: 24/07/2010 10:42:47 - Scheduled Checkpoint
RP459: 25/07/2010 13:55:04 - Scheduled Checkpoint
RP460: 26/07/2010 20:33:26 - Scheduled Checkpoint
RP461: 27/07/2010 19:05:48 - Scheduled Checkpoint
RP462: 29/07/2010 18:08:24 - Scheduled Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe Shortcut App
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Alt.Binz 0.25.0
Amazon MP3 Downloader 1.0.9
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 8.08
Ask Toolbar
Aspell English Dictionary-0.50-2
µTorrent
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 8.1
Bonjour
CCleaner
CDex extraction audio
Command & Conquer™ Red Alert™ 3
Command & Conquer™ Red Alert™ 3 Uprising
Connect
Convert FLV to MP3 1.0
Core FTP LE 2.1
CPUID CPU-Z 1.52.2
Data Lifeguard Diagnostic for Windows
DBPix 2.0 Control 2.0.3
Defraggler
Dotfuscator Software Services - Community Edition
EasyRecovery Professional
eMedia Guitar Method 1
FontExpert 2009
Football Manager 2010
Freeciv 2.1.9 (GTK+ client)
FreeUndelete
GetDataBack for NTFS
GNU Aspell 0.50-3
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Codec Pack 5.1.0 (Full)
kuler
LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile Beta 1
Microsoft .NET Framework 4 Extended Beta 1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Help 3.0 Beta 1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Development Tools for Office and SharePoint 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework SDK v1.0
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 Beta 1 x86 Redistributable - 10.0.20506
Microsoft Visual C++ 2010 Beta 1 x86 Runtime - 10.0.20506
Microsoft Visual Studio 2010 Professional Beta 1 - ENU
Microsoft Visual Studio Macro Tools
Mozilla Firefox (3.5.2)
MozyHome Remote Backup
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Lockbox 1.4 for Windows 2000/XP
MYP2P EPL MEDIA PLAYER
Nessus
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Music
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi One Touch Access
Nokia Ovi One Touch Access 6.85.3011
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3014
Nokia PC Suite
Nokia Photos
Nokia Software Updater
NokiaFREE Unlock Codes Calculator
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OpenDNS Updater 1.3.0.187
Opera 10.60
PartyPoker
PC Connectivity Solution
PDF Settings CS4
PeerBlock 1.0.0 (r181)
Photoshop Camera Raw
Pixel Bender Toolkit
PokerOffice 5 (remove only)
PokerStove version 1.23
PVSonyDll
QuickTime
Razer Copperhead
Razer Habu Config
Rosetta Stone Version 3
Sandcat 3.9 Free Edition
Sateira CD&DVD Burner 2.8
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Sina Web TV
Skype Toolbars
Skype™ 4.2
Songbird 1.1.2 (20090331)
SopCast 3.2.4
Sothink SWF Decompiler
Spotify
Spybot - Search & Destroy
SQL Server Compact Tools for Visual Studio 2010 Beta 1 ENU
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Suite Shared Configuration CS4
Super DVD Ripper (remove only)
Syhunt Hardener 4.3
Syhunt Log Analysis Tool 4.8.1.2
TVUPlayer 2.4.5.1
TweetDeck
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb983486)
Veetle TV 0.9.14
Visual Studio Tools for the Office system 4.0 Runtime
VLC media player 1.0.3
Web Deployment Tool Release Candidate 1
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Sound Schemes
WinMount V3.2.0319
WinRAR archiver
Wolfenstein
Zynga Toolbar

==== Event Viewer Messages From Past Week ========

31/07/2010 12:13:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
31/07/2010 12:13:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
31/07/2010 12:13:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
31/07/2010 12:13:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
31/07/2010 12:13:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
31/07/2010 12:12:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
31/07/2010 12:12:31, Error: EventLog [6008] - The previous system shutdown at 10:43:40 on 31/07/2010 was unexpected.
31/07/2010 10:38:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
31/07/2010 10:38:16, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/07/2010 10:34:02, Error: EventLog [6008] - The previous system shutdown at 09:51:34 on 31/07/2010 was unexpected.
28/07/2010 17:32:56, Error: EventLog [6008] - The previous system shutdown at 22:13:04 on 27/07/2010 was unexpected.
25/07/2010 16:50:14, Error: EventLog [6008] - The previous system shutdown at 16:47:31 on 25/07/2010 was unexpected.
25/07/2010 15:06:10, Error: EventLog [6008] - The previous system shutdown at 15:03:59 on 25/07/2010 was unexpected.

==== End Of File ===========================


HELP!

Edited by kained: n/a

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

==

You should probably uninstall AskBar and Zynga too.

0

okay unisntalled the toolbars(no idea why ask was installed) and ran combofix.

ComboFix 10-07-31.04 - Dave 01/08/2010 11:35:06.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2046.1081 [GMT 1:00]
Running from: c:\users\Dave\Desktop\renameFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ernel32.dll
c:\windows\system32\spool\prtprocs\w32x86\179s17.dll
c:\windows\system32\spool\prtprocs\w32x86\1c9s17.dll
c:\windows\system32\spool\prtprocs\w32x86\1e9a17.dll
c:\windows\system32\spool\prtprocs\w32x86\31uO3o7o.dll
c:\windows\system32\spool\prtprocs\w32x86\55u5m.dll
c:\windows\system32\spool\prtprocs\w32x86\7m3gMY3.dll
c:\windows\system32\spool\prtprocs\w32x86\93e79k179.dll
c:\windows\system32\spool\prtprocs\w32x86\9aA7kU17i.dll
c:\windows\system32\spool\prtprocs\w32x86\9c1sK3179.dll
c:\windows\system32\spool\prtprocs\w32x86\a1kUO1oC.dll
c:\windows\system32\spool\prtprocs\w32x86\A555s.dll
c:\windows\system32\spool\prtprocs\w32x86\AA1793179.dll
c:\windows\system32\spool\prtprocs\w32x86\g793k7.dll
c:\windows\system32\spool\prtprocs\w32x86\k7y31o.dll
c:\windows\system32\spool\prtprocs\w32x86\kU9mY7.dll
c:\windows\system32\spool\prtprocs\w32x86\o7oC1s.dll
c:\windows\system32\spool\prtprocs\w32x86\UO5o5.dll
c:\windows\system32\spool\prtprocs\w32x86\w5555.dll
c:\windows\system32\spool\prtprocs\w32x86\wS5eI.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-08-01 10:44 . 2010-08-01 10:44 -------- d-----w- c:\users\Dave\AppData\Local\temp
2010-08-01 10:44 . 2010-08-01 10:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-01 10:29 . 2010-08-01 10:34 -------- d-----w- C:\ComboFix
2010-07-23 16:54 . 2010-07-28 19:48 -------- d-----w- c:\users\Dave\AppData\Local\Adobe
2010-07-20 17:59 . 2010-07-20 17:59 388096 ----a-r- c:\users\Dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-11 15:45 . 2010-07-11 15:45 -------- d-----w- c:\program files\Common Files\Java
2010-07-11 15:38 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 20:39 . 2010-07-08 20:41 -------- d-----w- c:\users\Dave\AppData\Roaming\QuickScan
2010-07-08 20:39 . 2010-05-31 15:34 702120 ----a-w- c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kszf4t2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-08 20:39 . 2010-05-31 15:34 868456 ----a-w- c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kszf4t2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-07 21:55 . 2010-07-07 21:55 50176 ----a-w- c:\users\Dave\AppData\Roaming\c088463a.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 10:33 . 2009-03-25 12:49 -------- d-----w- c:\users\Dave\AppData\Roaming\uTorrent
2010-08-01 10:33 . 2010-07-01 20:43 -------- d-----w- c:\users\Dave\AppData\Roaming\Skype
2010-08-01 10:31 . 2010-06-30 17:37 34805 ----a-w- c:\programdata\nvModes.dat
2010-08-01 10:29 . 2009-03-25 13:30 -------- d-----w- c:\program files\WinMount3
2010-08-01 09:25 . 2010-03-10 18:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-01 08:29 . 2010-07-01 20:45 -------- d-----w- c:\users\Dave\AppData\Roaming\skypePM
2010-07-31 22:46 . 2009-11-30 14:54 -------- d-----w- c:\users\Dave\AppData\Roaming\vlc
2010-07-16 18:15 . 2009-03-23 16:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-11 15:38 . 2009-03-31 08:51 -------- d-----w- c:\program files\Java
2010-07-08 20:53 . 2009-03-23 16:03 1356 ----a-w- c:\users\Dave\AppData\Local\d3d9caps.dat
2010-07-03 10:45 . 2009-03-23 16:31 -------- d-----w- c:\program files\Opera
2010-07-01 20:45 . 2010-07-01 20:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-01 20:43 . 2010-07-01 20:41 -------- d-----r- c:\program files\Skype
2010-07-01 20:41 . 2010-07-01 20:41 -------- d-----w- c:\program files\Common Files\Skype
2010-07-01 20:41 . 2010-07-01 20:41 -------- d-----w- c:\programdata\Skype
2010-07-01 18:51 . 2009-07-07 08:54 -------- d-----w- c:\programdata\Rosetta Stone
2010-07-01 06:51 . 2009-03-23 16:03 128544 ----a-w- c:\users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-30 22:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 17:37 . 2009-03-23 17:27 -------- d-----w- c:\programdata\NVIDIA
2010-06-30 17:36 . 2010-06-30 17:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-27 08:46 . 2009-03-24 16:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-26 13:54 . 2009-03-25 15:57 -------- d-----w- c:\programdata\Microsoft Help
2010-06-20 08:42 . 2010-06-20 08:42 -------- d-----w- c:\users\Dave\AppData\Roaming\Amazon
2010-06-08 16:39 . 2010-06-20 13:15 704512 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\msc@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMSCDevice.dll
2010-05-26 16:16 . 2010-06-26 12:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-26 12:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2010-06-26 13:25 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-09 16:30 . 2010-06-20 13:15 282624 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2010-05-09 16:30 . 2010-06-20 13:15 110592 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll
2010-05-09 16:30 . 2010-06-20 13:15 872448 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\mtp@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMTPWin32.dll
2010-05-09 16:28 . 2010-06-20 13:15 13312 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\components\sbGracenoteStub.dll
2010-05-09 16:28 . 2010-06-20 13:15 81920 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbGracenote.dll
2010-05-09 16:28 . 2010-06-20 13:15 81408 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_musicid_cd.dll
2010-05-09 16:28 . 2010-06-20 13:15 571904 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_sdkmanager.dll
2010-05-09 16:28 . 2010-06-20 13:15 154624 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_search.dll
2010-05-09 16:28 . 2010-06-20 13:15 114688 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_link.dll
2010-05-09 16:28 . 2010-06-20 13:15 13312 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\components\sbGearworksStub.dll
2010-05-09 16:28 . 2010-06-20 13:15 394600 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gwrks32.dll
2010-05-09 16:28 . 2010-06-20 13:15 3573096 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gearaw32.dll
2010-05-09 16:28 . 2010-06-20 13:15 238952 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gwlangen.dll
2010-05-09 16:28 . 2010-06-20 13:15 65536 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbGearworksCD.dll
2010-05-04 05:59 . 2010-06-26 12:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-26 12:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-26 12:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-26 12:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 10:36 2848568 ----a-w- i:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 10:36 2848568 ----a-w- i:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PeerBlock"="i:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]
"uTorrent"="i:\program files\uTorrent\uTorrent.exe" [2010-01-09 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="i:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="i:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mylbx"="i:\program files\My Lockbox\mylbx.exe" [2009-07-01 1075888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - i:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copperhead]
2005-11-25 10:53 155648 ----a-w- c:\program files\Razer\Copperhead\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FontExpertType1Loader]
2009-03-19 11:04 294152 ----a-w- i:\program files\FontExpert\Type1Loader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2009-02-26 16:04 2376992 ----a-w- i:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-09 15:54 289584 ----a-w- i:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3805293756-602099718-279399017-1000]
"EnableNotificationsRef"=dword:00000003

R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2009-03-25 240128]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2009-09-27 38976]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 msvsmon100;Visual Studio 10 Remote Debugger;c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2009-05-06 3342672]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-03-25 717296]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-05-03 73392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 pbfilter;pbfilter;i:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-01 c:\windows\Tasks\c088463a.job
- c:\users\Dave\AppData\Roaming\c088463a.exe [2010-07-07 21:55]

2010-06-23 c:\windows\Tasks\Defraggler Volume C Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-07-23 c:\windows\Tasks\Defraggler Volume D Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-03-22 c:\windows\Tasks\Defraggler Volume F Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-07-25 c:\windows\Tasks\Defraggler Volume H Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-06-21 c:\windows\Tasks\Defraggler Volume I Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - i:\program files\CoreFTP\pftpns.dll
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kszf4t2n.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - plugin: i:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF - plugin: i:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: i:\program files\Veetle\Player\npvlc.dll
FF - plugin: i:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-POEngine5 - (no file)
AddRemove-PokerOffice5 - i:\program files\PokerOffice5\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 11:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3805293756-602099718-279399017-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,e3,7e,7d,53,ff,75,92,03,0e,1f,72,13,e7,25,43,56,39,89,ac,3c,
c4,ae,16,37,60,bc,16,d1,6b,86,e6,46,49,21,59,54,a8,70,dd,e7,eb,b4,2d,16,20,\
"rkeysecu"=hex:7c,91,ab,03,f6,5a,e8,c0,a2,eb,b8,08,e0,32,1c,69

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-01 11:49:06
ComboFix-quarantined-files.txt 2010-08-01 10:49

Pre-Run: 58,907,914,240 bytes free
Post-Run: 58,842,947,584 bytes free

- - End Of File - - C921CBC2DF1C3A831153048B91C1AD55

0

that is the right file, my virus checker has found it a few times.

Antivirus Version Last Update Result
AhnLab-V3 2010.07.23.01 2010.07.23 Trojan/Win32.Suspicious
AntiVir 8.2.4.26 2010.07.23 TR/Genome.khkv
Antiy-AVL 2.0.3.7 2010.07.23 Trojan/Win32.Genome.gen
Authentium 5.2.0.5 2010.07.23 -
Avast 4.8.1351.0 2010.07.23 -
Avast5 5.0.332.0 2010.07.23 Win32:SuspBehav-C
AVG 9.0.0.851 2010.07.23 Crypt.XNY
BitDefender 7.2 2010.07.23 Trojan.Generic.4479836
CAT-QuickHeal 11.00 2010.07.23 -
ClamAV 0.96.0.3-git 2010.07.23 -
Comodo 5522 2010.07.23 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.07.23 Trojan.PWS.IpDiscover.15
Emsisoft 5.0.0.34 2010.07.23 Trojan.Win32.Alureon!IK
eSafe 7.0.17.0 2010.07.22 -
eTrust-Vet 36.1.7732 2010.07.23 -
F-Prot 4.6.1.107 2010.07.23 -
F-Secure 9.0.15370.0 2010.07.23 Trojan.Generic.4479836
Fortinet 4.1.143.0 2010.07.23 -
GData 21 2010.07.23 Trojan.Generic.4479836
Ikarus T3.1.1.84.0 2010.07.23 Trojan.Win32.Alureon
Jiangmin 13.0.900 2010.07.23 -
Kaspersky 7.0.0.125 2010.07.23 Backdoor.Win32.TDSS.ut
McAfee 5.400.0.1158 2010.07.23 DNSChanger!ei
McAfee-GW-Edition 2010.1 2010.07.23 DNSChanger!ei
Microsoft 1.6004 2010.07.23 Trojan:Win32/Alureon.CO
NOD32 5307 2010.07.23 a variant of Win32/Kryptik.FKI
Norman 6.05.11 2010.07.23 W32/Suspicious_Gen2.BNFOB
nProtect 2010-07-23.02 2010.07.23 Trojan/W32.Agent.50176.HY
Panda 10.0.2.7 2010.07.23 Trj/CI.A
PCTools 7.0.3.5 2010.07.23 RogueAntiSpyware.SpywareGuard2008
Prevx 3.0 2010.07.23 High Risk Cloaked Malware
Rising 22.57.03.08 2010.07.23 Trojan.Win32.Generic.521E9733
Sophos 4.55.0 2010.07.23 Mal/TDSSPk-Y
Sunbelt 6627 2010.07.23 Packed.Win32.Tdss.s (v)
SUPERAntiSpyware 4.40.0.1006 2010.07.23 Trojan.Agent/Gen
Symantec 20101.1.1.7 2010.07.23 SpywareGuard2008
TheHacker 6.5.2.1.324 2010.07.23 Trojan/Kryptik.fki
TrendMicro 9.120.0.1004 2010.07.23 TROJ_PACKED.FFT
TrendMicro-HouseCall 9.120.0.1004 2010.07.23 TROJ_PACKED.FFT
VBA32 3.12.12.6 2010.07.23 Trojan.Win32.Genome.khyz
ViRobot 2010.7.23.3956 2010.07.23 -
VirusBuster 5.0.27.0 2010.07.23 Trojan.Alureon.RQT
Additional information
File size: 50176 bytes
MD5 : 404e015fc578f78a0f77b89d1e4ac349
SHA1 : 7887f2352571e21a66d95d5c407293c1bd932082
SHA256: 09de5f718b3759289b99d79f41fd3a6db0792be58d4cc2b1fa2f821501297037
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x422EEF1B (Wed Mar 9 13:42:03 2005)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6000 0x5E00 7.88 5bb595aca6b19acf5192815d06bab8ab
.rdata 0x7000 0x3000 0x2C00 7.40 43a88e08fa97ad48ac3ab9fa61a12f18
.data 0xA000 0x6000 0x1E00 7.82 e0299eba631b3874a3430fe2d3da548d
.idata 0x10000 0x1000 0x600 4.55 f2e16de44b7fddeebdea094bd344e3da
.rsrc 0x11000 0x2000 0x1200 5.01 c6e347289fb287cfc46ef8f859b2493f

( 5 imports )

> advapi32.dll: RegLoadKeyA, RegEnumKeyA, RegCloseKey, RegQueryValueA
> kernel32.dll: CloseHandle, EnumResourceLanguagesA, EnumResourceLanguagesW, EnumResourceTypesA, ExitProcess, FlushFileBuffers, GetACP, GetCommandLineA, GetModuleHandleA, GetOEMCP, GetStartupInfoA, HeapAlloc, InitializeCriticalSection, RtlUnwind, SetLastError, UnmapViewOfFile
> ole32.dll: CoTaskMemRealloc, CoRevokeClassObject, OleFlushClipboard, OleInitialize, OleIsCurrentClipboard, CoUninitialize, CreateILockBytesOnHGlobal, OleUninitialize, CoCreateInstance, CoGetClassObject, CoInitialize
> user32.dll: SetFocus, LoadBitmapA, GetDC, EndDialog, DrawCaption, DispatchMessageA, CharToOemBuffA, FillRect
> wintrust.dll: CryptCATClose, WinVerifyTrust, CryptCATCDFOpen

( 0 exports )
TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Symantec reputation: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
ssdeep: 1536:us1wJPAUixo4rODIznqdN62I7/RENReFvYEYv:iJo5o4iDIznqdNw7SN3H
sigcheck: publisher....:
copyright....:
product......:
description..:
original name:
internal name:
file version.:
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=A0F2B4D900B3CDF7C49F0063326B1C0061B08C56
PEiD : -
RDS : NSRL Reference Data Set

0

1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\users\Dave\AppData\Roaming\c088463a.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe . This will start ComboFix again.


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by crunchie: n/a

0

might be sorted. Not had anything pop and complain about anything anyway. I will give it a day and then close the thread if all remains good.

Here is hopefully my last combofixlog.

ComboFix 10-08-02.03 - Dave 03/08/2010 18:30:29.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2046.889 [GMT 1:00]
Running from: c:\users\Dave\Desktop\CooFix.exe
Command switches used :: c:\users\Dave\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::
"c:\users\Dave\AppData\Roaming\c088463a.exe"
.

((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-03 17:38 . 2010-08-03 17:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-03 17:38 . 2010-08-03 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-03 17:38 . 2010-08-03 17:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-02 16:46 . 2010-08-02 16:46 -------- d-----w- c:\program files\VirusTotalUploader2
2010-08-01 10:49 . 2010-08-03 17:40 -------- d-----w- c:\users\Dave\AppData\Local\temp
2010-08-01 10:34 . 2010-08-01 10:49 -------- d-----w- C:\renameFix
2010-08-01 10:29 . 2010-08-01 10:34 -------- d-----w- C:\ComboFix
2010-07-23 16:54 . 2010-07-28 19:48 -------- d-----w- c:\users\Dave\AppData\Local\Adobe
2010-07-11 15:45 . 2010-07-11 15:45 -------- d-----w- c:\program files\Common Files\Java
2010-07-11 15:38 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 20:39 . 2010-07-08 20:41 -------- d-----w- c:\users\Dave\AppData\Roaming\QuickScan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:42 . 2010-07-01 20:43 -------- d-----w- c:\users\Dave\AppData\Roaming\Skype
2010-08-03 17:42 . 2009-03-25 12:49 -------- d-----w- c:\users\Dave\AppData\Roaming\uTorrent
2010-08-03 17:40 . 2010-06-30 17:37 34805 ----a-w- c:\programdata\nvModes.dat
2010-08-03 17:38 . 2010-03-10 18:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-03 16:44 . 2010-07-01 20:45 -------- d-----w- c:\users\Dave\AppData\Roaming\skypePM
2010-08-02 22:21 . 2009-11-30 14:54 -------- d-----w- c:\users\Dave\AppData\Roaming\vlc
2010-08-01 11:36 . 2009-03-23 16:03 1356 ----a-w- c:\users\Dave\AppData\Local\d3d9caps.dat
2010-08-01 10:29 . 2009-03-25 13:30 -------- d-----w- c:\program files\WinMount3
2010-07-20 17:59 . 2010-07-20 17:59 388096 ----a-r- c:\users\Dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-16 18:15 . 2009-03-23 16:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-11 15:38 . 2009-03-31 08:51 -------- d-----w- c:\program files\Java
2010-07-07 21:55 . 2010-07-07 21:55 50176 ----a-w- c:\users\Dave\AppData\Roaming\c88463a.exe
2010-07-07 21:55 . 2010-07-07 21:55 50176 ----a-w- c:\users\Dave\AppData\Roaming\c88463a.exe
2010-07-03 10:45 . 2009-03-23 16:31 -------- d-----w- c:\program files\Opera
2010-07-01 20:45 . 2010-07-01 20:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-01 20:43 . 2010-07-01 20:41 -------- d-----r- c:\program files\Skype
2010-07-01 20:41 . 2010-07-01 20:41 -------- d-----w- c:\program files\Common Files\Skype
2010-07-01 20:41 . 2010-07-01 20:41 -------- d-----w- c:\programdata\Skype
2010-07-01 18:51 . 2009-07-07 08:54 -------- d-----w- c:\programdata\Rosetta Stone
2010-07-01 06:51 . 2009-03-23 16:03 128544 ----a-w- c:\users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-30 22:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 17:37 . 2009-03-23 17:27 -------- d-----w- c:\programdata\NVIDIA
2010-06-30 17:36 . 2010-06-30 17:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-27 08:46 . 2009-03-24 16:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-26 13:54 . 2009-03-25 15:57 -------- d-----w- c:\programdata\Microsoft Help
2010-06-20 08:42 . 2010-06-20 08:42 -------- d-----w- c:\users\Dave\AppData\Roaming\Amazon
2010-06-08 16:39 . 2010-06-20 13:15 704512 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\msc@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMSCDevice.dll
2010-05-31 15:34 . 2010-07-08 20:39 702120 ----a-w- c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kszf4t2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 15:34 . 2010-07-08 20:39 868456 ----a-w- c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kszf4t2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-26 16:16 . 2010-06-26 12:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-26 12:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2010-06-26 13:25 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-09 16:30 . 2010-06-20 13:15 282624 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2010-05-09 16:30 . 2010-06-20 13:15 110592 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\quicktime@songbirdnest.com\platform\WINNT_x86-msvc\components\sbQuickTimeMediacore.dll
2010-05-09 16:30 . 2010-06-20 13:15 872448 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\mtp@songbirdnest.com\platform\WINNT_x86-msvc\components\sbMTPWin32.dll
2010-05-09 16:28 . 2010-06-20 13:15 13312 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\components\sbGracenoteStub.dll
2010-05-09 16:28 . 2010-06-20 13:15 81920 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbGracenote.dll
2010-05-09 16:28 . 2010-06-20 13:15 81408 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_musicid_cd.dll
2010-05-09 16:28 . 2010-06-20 13:15 571904 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_sdkmanager.dll
2010-05-09 16:28 . 2010-06-20 13:15 154624 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_search.dll
2010-05-09 16:28 . 2010-06-20 13:15 114688 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\gracenote@songbirdnest.com\platform\WINNT_x86-msvc\lib\gnsdk_link.dll
2010-05-09 16:28 . 2010-06-20 13:15 13312 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\components\sbGearworksStub.dll
2010-05-09 16:28 . 2010-06-20 13:15 394600 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gwrks32.dll
2010-05-09 16:28 . 2010-06-20 13:15 3573096 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gearaw32.dll
2010-05-09 16:28 . 2010-06-20 13:15 238952 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\gwlangen.dll
2010-05-09 16:28 . 2010-06-20 13:15 65536 ----a-w- c:\users\Dave\AppData\Roaming\Songbird2\Profiles\pj3ml7nb.default\extensions\cd-rip@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbGearworksCD.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 10:36 2848568 ----a-w- i:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 10:36 2848568 ----a-w- i:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"PeerBlock"="i:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]
"uTorrent"="i:\program files\uTorrent\uTorrent.exe" [2010-01-09 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="i:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="i:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mylbx"="i:\program files\My Lockbox\mylbx.exe" [2009-07-01 1075888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - i:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copperhead]
2005-11-25 10:53 155648 ----a-w- c:\program files\Razer\Copperhead\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FontExpertType1Loader]
2009-03-19 11:04 294152 ----a-w- i:\program files\FontExpert\Type1Loader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2009-02-26 16:04 2376992 ----a-w- i:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-09 15:54 289584 ----a-w- i:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3805293756-602099718-279399017-1000]
"EnableNotificationsRef"=dword:00000003

R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2009-03-25 240128]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272]
R3 pbfilter;pbfilter;i:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2009-09-27 38976]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 msvsmon100;Visual Studio 10 Remote Debugger;c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2009-05-06 3342672]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-03-25 717296]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-05-03 73392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\Defraggler Volume C Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-07-23 c:\windows\Tasks\Defraggler Volume D Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-03-22 c:\windows\Tasks\Defraggler Volume F Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-07-25 c:\windows\Tasks\Defraggler Volume H Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]

2010-06-21 c:\windows\Tasks\Defraggler Volume I Task.job
- i:\program files\Defraggler\df.exe [2010-02-12 14:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: {E3FDAEAE-5FF5-4BC4-816D-BE369A2D9E18} = 208.67.220.220
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - i:\program files\CoreFTP\pftpns.dll
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kszf4t2n.default\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kszf4t2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: i:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\kszf4t2n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - plugin: i:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF - plugin: i:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: i:\program files\Veetle\Player\npvlc.dll
FF - plugin: i:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 18:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x00000001

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3805293756-602099718-279399017-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,e3,7e,7d,53,ff,75,92,03,0e,1f,72,13,e7,25,43,56,39,89,ac,3c,
c4,ae,16,37,60,bc,16,d1,6b,86,e6,46,49,21,59,54,a8,70,dd,e7,eb,b4,2d,16,20,\
"rkeysecu"=hex:7c,91,ab,03,f6,5a,e8,c0,a2,eb,b8,08,e0,32,1c,69

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2360)
i:\program files\MozyHome\mozyshell.dll
i:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
i:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
i:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
i:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
i:\program files\MozyHome\mozybackup.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
i:\program files\MozyHome\mozybackup.exe
i:\program files\MozyHome\mozybackup.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Razer\Habu\razertra.exe
c:\program files\Razer\Habu\razerofa.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-03 18:48:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-03 17:48
ComboFix2.txt 2010-08-01 10:49

Pre-Run: 59,478,245,376 bytes free
Post-Run: 59,352,211,456 bytes free

- - End Of File - - 54B477214739E5E58099BCB06AA9E032

0

still there annoyingly. Took a fair while to cycle back round though and i managed to update spybot and malware bytes which i hadn't been able to do previously.

Edited by kained: n/a

0

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.