Hi peku006
Yes my computer is behaving much better
Here are the logs you asked for
ComboFix 08-05-25.3 - Tom 2008-05-30 5:49:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1442 [GMT 1:00]
Running from: C:\Documents and Settings\Tom\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tom\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\blthqpjp.dll.vir
C:\WINDOWS\system32\dtwpcnpg.dll
C:\WINDOWS\system32\edqbusuw.dll
C:\WINDOWS\system32\eupnuvio.dll
C:\WINDOWS\system32\ezsidmv.dat
C:\WINDOWS\system32\gjwvaury.dll
C:\WINDOWS\system32\hnpnlbyi.dll
C:\WINDOWS\system32\iicrwsuj.dll
C:\WINDOWS\system32\jkkJyVPj.dll.vir
C:\WINDOWS\system32\jqkcncab.dll
C:\WINDOWS\system32\khfETNHA.dll
C:\WINDOWS\system32\pqkxhetq.dll
C:\WINDOWS\system32\qhbjxuty.dll
C:\WINDOWS\system32\wvUoMcbb.dll.vir
C:\WINDOWS\system32\xnucauxu.dll.vir
C:\WINDOWS\system32\yayWPihh.dll.vir
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\blthqpjp.dll.vir
C:\WINDOWS\system32\dtwpcnpg.dll
C:\WINDOWS\system32\edqbusuw.dll
C:\WINDOWS\system32\eupnuvio.dll
C:\WINDOWS\system32\ezsidmv.dat
C:\WINDOWS\system32\gjwvaury.dll
C:\WINDOWS\system32\hnpnlbyi.dll
C:\WINDOWS\system32\iicrwsuj.dll
C:\WINDOWS\system32\jkkJyVPj.dll.vir
C:\WINDOWS\system32\jqkcncab.dll
C:\WINDOWS\system32\khfETNHA.dll
C:\WINDOWS\system32\pqkxhetq.dll
C:\WINDOWS\system32\qhbjxuty.dll
C:\WINDOWS\system32\wvUoMcbb.dll.vir
C:\WINDOWS\system32\xnucauxu.dll.vir
C:\WINDOWS\system32\yayWPihh.dll.vir
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.
2008-05-26 13:54 . 2008-05-27 08:35 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-25 22:17 . 2008-05-25 22:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 22:17 . 2008-05-25 22:17 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Malwarebytes
2008-05-25 22:17 . 2008-05-25 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 22:17 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-25 22:17 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-25 22:11 . 2008-05-25 22:11 <DIR> d-------- C:\Deckard
2008-05-25 21:57 . 2008-05-25 21:57 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-05-24 19:51 . 2008-05-24 19:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-23 23:45 . 2008-05-23 23:45 <DIR> d-------- C:\VundoFix Backups
2008-05-21 09:52 . 2008-05-21 09:52 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\ieSpell
2008-05-21 09:51 . 2008-05-21 09:51 <DIR> d-------- C:\Program Files\ieSpell
2008-05-21 07:55 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-21 07:55 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-21 07:55 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-21 07:55 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-21 07:55 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-21 07:54 . 2008-05-21 07:55 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-21 07:54 . 2008-05-21 07:54 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Simply Super Software
2008-05-21 07:54 . 2008-05-21 07:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-16 15:50 . 2008-05-30 05:28 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\skypePM
2008-05-16 15:44 . 2008-05-16 15:44 <DIR> d-------- C:\Program Files\Skype
2008-05-16 15:44 . 2008-05-16 15:44 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-16 15:44 . 2008-05-30 05:47 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Skype
2008-05-16 15:44 . 2008-05-16 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-10 15:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-10 15:51 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-10 15:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-08 13:17 . 2008-05-08 13:17 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-08 13:15 . 2008-05-08 13:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-07 08:42 . 2008-05-19 09:34 <DIR> d-------- C:\Program Files\DC++
2008-05-06 10:14 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-06 10:13 . 2008-05-06 10:13 <DIR> d-------- C:\Program Files\MSBuild
2008-05-06 10:13 . 2008-05-06 10:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-06 10:10 . 2008-05-06 10:13 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-06 10:10 . 2008-05-14 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-06 10:09 . 2008-05-06 10:09 <DIR> dr-h----- C:\MSOCache
2008-05-06 09:39 . 2008-05-27 18:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-06 09:33 . 2008-05-06 09:34 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-06 09:33 . 2008-05-06 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-06 09:02 . 2008-05-06 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-06 01:04 . 2008-05-11 16:32 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Ahead
2008-05-06 01:02 . 2008-05-06 01:02 <DIR> d-------- C:\Program Files\Nero
2008-05-05 10:32 . 2008-05-05 10:33 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-05 10:02 . 2008-05-05 10:02 <DIR> d-------- C:\WINDOWS\Sun
2008-05-05 10:01 . 2008-05-05 10:01 <DIR> d-------- C:\Program Files\Java
2008-05-05 10:01 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-05 10:00 . 2008-05-05 10:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-05 09:56 . 2008-05-05 09:56 <DIR> d-------- C:\Program Files\iTunes
2008-05-05 09:56 . 2008-05-05 09:56 <DIR> d-------- C:\Program Files\iPod
2008-05-05 09:56 . 2008-05-05 09:56 <DIR> d-------- C:\Program Files\Bonjour
2008-05-05 09:56 . 2008-05-05 09:56 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Apple Computer
2008-05-05 09:56 . 2008-05-30 05:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-05 09:56 . 2008-05-05 09:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-05 09:55 . 2008-05-05 09:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-05 09:55 . 2008-05-05 09:56 <DIR> d-------- C:\Program Files\QuickTime
2008-05-05 09:55 . 2008-05-05 09:55 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-05 09:55 . 2008-05-05 09:55 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-05 09:55 . 2008-05-05 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-05 09:55 . 2008-05-05 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-05 09:29 . 2008-05-05 09:29 425 --a------ C:\WINDOWS\BRWMARK.INI
2008-05-05 09:29 . 2008-05-05 09:29 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2008-05-05 09:29 . 2008-05-05 09:29 30 --a------ C:\WINDOWS\system32\brss01a.ini
2008-05-05 09:29 . 2008-05-05 09:29 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-05-05 09:28 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-05 09:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-05 09:24 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-05 09:22 . 2008-05-05 09:32 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Creative
2008-05-05 09:22 . 2008-05-05 09:22 584 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-05-05 09:22 . 2008-05-05 09:22 584 --a------ C:\WINDOWS\system32\settings.sfm
2008-05-05 09:20 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-05-05 09:20 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-05-05 09:15 . 1999-12-13 02:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-05-05 09:15 . 1999-11-18 02:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-05-05 09:09 . 2008-05-05 09:09 <DIR> d-------- C:\WINDOWS\system32\Data
2008-05-05 09:09 . 2000-12-13 11:21 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2
2008-05-05 09:09 . 2000-12-05 02:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2008-05-05 09:09 . 1999-09-22 08:18 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2
2008-05-05 09:09 . 2005-06-27 11:37 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2008-05-05 09:09 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE
2008-05-05 09:09 . 2005-06-15 04:07 11,264 --a------ C:\WINDOWS\INRES.DLL
2008-05-05 09:09 . 2005-07-07 10:26 5,627 -ra------ C:\WINDOWS\system32\Ludap17.ini
2008-05-05 09:09 . 2005-03-08 07:14 39 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-05-05 09:07 . 2008-05-05 09:20 <DIR> d-------- C:\Program Files\Creative
2008-05-05 08:29 . 2008-05-05 08:29 <DIR> d-------- C:\Program Files\BT Yahoo! Internet
2008-05-05 08:01 . 2008-05-05 08:01 <DIR> d-------- C:\Program Files\CCleaner
2008-05-05 07:58 . 2008-05-21 09:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 07:57 . 2008-05-05 07:57 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-05 07:57 . 2005-04-15 19:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-05 07:57 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-05-05 07:57 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-05 07:55 . 2008-05-05 07:55 <DIR> d-------- C:\Program Files\BillP Studios
2008-05-05 07:55 . 2008-05-05 07:55 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\WinPatrol
2008-05-05 07:34 . 2008-05-05 07:34 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-05 07:34 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-05 07:33 . 2008-05-15 09:43 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-05 07:33 . 2008-05-05 07:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 07:33 . 2008-05-05 07:33 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\TuneUp Software
2008-05-05 07:33 . 2008-05-05 07:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-05 07:27 . 2008-05-11 11:55 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Vso
2008-05-05 07:27 . 2008-05-05 07:27 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-05 07:27 . 2008-05-05 07:27 47,360 --a------ C:\Documents and Settings\Tom\Application Data\pcouffin.sys
2008-05-05 07:26 . 2008-05-05 07:26 <DIR> d-------- C:\Program Files\VSO
2008-05-05 07:26 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-05-05 07:26 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-05-05 07:26 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-05-05 07:26 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-05-05 07:26 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-05-05 07:26 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-05-05 07:26 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-05-05 07:20 . 2008-05-26 11:24 67 --a------ C:\WINDOWS\IDMan.INI
2008-05-05 07:08 . 2008-05-11 10:35 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-05-05 07:08 . 2008-05-05 07:20 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\IDM
2008-05-05 07:08 . 2008-05-30 05:48 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\DMCache
2008-05-04 17:50 . 2008-05-05 00:01 0 --a------ C:\WINDOWS\_INS33IS._MP
2008-05-04 17:49 . 2008-05-04 17:49 <DIR> d-------- C:\Program Files\ASUS
2008-05-04 17:49 . 2005-01-28 09:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-05-04 17:49 . 2004-09-07 11:41 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-05-04 17:49 . 2004-10-14 10:52 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-05-04 17:49 . 2004-03-10 14:31 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-05-04 14:08 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-05-04 14:08 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-05-04 14:08 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-05-04 12:53 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-04 12:53 . 2008-05-04 17:50 382 --a------ C:\WINDOWS\_delis32.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 07:56 155,995 ----a-w C:\WINDOWS\java\Packages\LZHZVLJ3.ZIP
2008-05-03 17:31 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 11:59 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-26_11.35.17.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
- 2008-05-26 10:30:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-30 04:27:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-05-05 07:21 878848]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 02:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 14:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 14:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 14:49 86016]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 18:31 333120]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]
"P17Helper"="P17.dll" [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-05-18 14:19 877136]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 17:41 223984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-05 07:34]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 16:25:33 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-24 20:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-30 05:51:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-30 5:53:08
ComboFix-quarantined-files.txt 2008-05-30 04:53:04
ComboFix2.txt 2008-05-27 07:01:20
ComboFix3.txt 2008-05-26 10:35:34
Pre-Run: 188,255,195,136 bytes free
Post-Run: 188,246,863,872 bytes free
275 --- E O F --- 2008-05-28 23:07:39
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 7:12:27 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 814071
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 41563
Number of viruses found: 10
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 00:35:27
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B50E081A.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\D8FB97F7.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom\Application Data\IDM\DwnlData\Tom\nero_7\Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE\Nero-7.7.5.1_all_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Tom\Application Data\IDM\DwnlData\Tom\nero_7\Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE\Nero-7.7.5.1_all_trial.exe RAR: infected - 1 skipped
C:\Documents and Settings\Tom\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Temp\~DF224C.tmp Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom\My Documents\Downloads\Programs\Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE\Nero-7.7.5.1_all_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Tom\My Documents\Downloads\Programs\Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE\Nero-7.7.5.1_all_trial.exe RAR: infected - 1 skipped
C:\Documents and Settings\Tom\My Documents\Downloads\Programs\nero.exe/Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE/Nero-7.7.5.1_all_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Tom\My Documents\Downloads\Programs\nero.exe/Ahead.Nero.v7.7.5.1.Multilingual.Incl.Keymaker-EMBRACE/Nero-7.7.5.1_all_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Tom\My Documents\Downloads\Programs\nero.exe RAR: infected - 2 skipped
C:\Documents and Settings\Tom\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tom\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-05-30.05-27-14.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.7\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\blthqpjp.dll.vir.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.syt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\edqbusuw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.trd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hnpnlbyi.dll.vir Infected: Trojan.Win32.Obfuscated.auw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jqkcncab.dll.vir Infected: Trojan.Win32.Obfuscated.auw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pqkxhetq.dll.vir Infected: Trojan.Win32.Obfuscated.auw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qhbjxuty.dll.vir Infected: Trojan.Win32.Obfuscated.auw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xnucauxu.dll.vir.vir Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP62\A0005634.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sca skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP62\A0005681.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP62\A0005682.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.srg skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP62\A0005693.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.syt skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP62\A0005710.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP63\A0005789.dll Infected: Trojan.Win32.Monder.jn skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP64\A0005797.dll Infected: Trojan.Win32.Monder.jn skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP65\A0005800.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tbv skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP65\A0005803.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tbv skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP66\A0005850.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trl skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP66\A0005851.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trv skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP68\A0005904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trl skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP75\A0006596.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trd skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP75\A0006599.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP75\A0006601.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP75\A0006603.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP75\A0006604.dll Infected: Trojan.Win32.Obfuscated.auw skipped
C:\System Volume Information\_restore{1623E98B-424D-47A1-A46C-96AE8AF226B9}\RP75\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E4A5E6C3-2FF9-4149-9E44-20061B7EBED7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\JETCACA.tmp Object is locked skipped
C:\WINDOWS\TEMP\JETCB76.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:19:54, on 30/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\bluefoot.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) -
http://uk.midas.game...l/kingcomie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 12432 bytes