Karl`s PC Help Forums

Hijack this
Pete Hill - 18-11-2008 at 17:47

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.Logfile of HijackThis v1.99.1
Scan saved at 17:43:09, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32slserv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32lxcrcoms.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Documents and SettingsDesktophijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://login.passport.net/uilogin.srf?lc=2057&id=2
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: (no name) - {7C631929-7540-4414-9DE2-742A572EAE76} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [LXCRCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189266177140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132643161656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/sis/slgwebinstall.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.shockwave.com/content/sweetopia/sis/Sweetopia.1.0.0.22.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLMSystemCCSServicesTcpip..{EEF25E6D-22B3-4345-ACB5-D7BD537111A4}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 - Winlogon Notify: apmc - C:WINDOWS
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: geeba - C:WINDOWS
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: lxcr_device - - C:WINDOWSsystem32lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:WINDOWSSYSTEM32slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe


Dreamweaver - 18-11-2008 at 18:06

I should point out to Pancake and crew, Pete had already posted .......

Quote:
Originally posted by Pete Hill
Hi.
My pc is very slow to boot up and after running all my anti- virus and anti scum-ware the problem is still there.
Have tried to run the Panda AV as advised in the sticky but the scan gets to 20% and then stays there (even ran it overnight).
Should I follow the rest of the sticky to post a HJ log or should I try something else?
Thanks
Pete


Pete Hill - 18-11-2008 at 18:19

Thank you DW


Pancake - 19-11-2008 at 00:22

I can see a Vundo infection....

Run both these programs


Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


=====================================================================================

=====================================================================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

[bad img]http://i254.photobucket.com/albums/hh103/velta911/RcAuto1.gif[/bad img]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[bad img]http://i254.photobucket.com/albums/hh103/velta911/whatnext.png[/bad img]


Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.


Pete Hill - 19-11-2008 at 18:41

Thanks Pancake.
Here are the logs.
Malwarebytes' Anti-Malware 1.30
Database version: 1412
Windows 5.1.2600 Service Pack 3

19/11/2008 18:08:17
mbam-log-2008-11-19 (18-08-17).txt

Scan type: Quick Scan
Objects scanned: 97179
Time elapsed: 24 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ComboFix 08-11-18.A2 - Pete Hill 2008-11-19 18:12:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.139 [GMT 0:00]
Running from: c:documents and settingsPete HillDesktopComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsMy DocumentsAUTORUN.INF
c:program filesNeed2Find
c:program filesNeed2FindbarHistorysearch
c:windowsDownloaded Program Filessetup.inf
c:windowssystem32MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_OULTRAF
-------Service_oUltraf


((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-17 18:05 . 2008-11-17 18:05 <DIR> d-------- c:program filesPanda Security
2008-11-17 18:05 . 2008-06-19 17:24 28,544 --a------ c:windowssystem32driverspavboot.sys
2008-11-13 10:04 . 2008-11-13 10:04 1,393 --a------ c:windowsimsins.BAK
2008-11-13 09:58 . 2008-10-24 11:21 455,296 -----c--- c:windowssystem32dllcachemrxsmb.sys
2008-11-13 09:57 . 2008-09-04 17:15 1,106,944 -----c--- c:windowssystem32dllcachemsxml3.dll
2008-11-09 22:06 . 2008-11-09 22:06 <DIR> d-------- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2008-11-09 22:05 . 2008-11-09 22:05 <DIR> d-------- c:program filesSUPERAntiSpyware
2008-11-09 22:05 . 2008-11-09 22:05 <DIR> d-------- c:documents and settingsPete HillApplication DataSUPERAntiSpyware.com
2008-11-09 13:46 . 2008-11-09 13:46 <DIR> d-------- c:documents and settingsPete HillSaved Games
2008-11-07 17:58 . 2008-11-07 17:58 <DIR> d-------- c:program filesAlwil Software
2008-11-07 17:45 . 2008-11-07 17:45 <DIR> d-------- c:documents and settingsAll UsersApplication DataAvg8
2008-11-06 22:30 . 2008-11-06 22:30 <DIR> d-------- c:documents and settingsCallaApplication DataMalwarebytes
2008-11-02 15:58 . 2008-11-02 15:58 <DIR> d-------- c:documents and settingsRonaldinhoSaved Games
2008-11-02 15:49 . 2008-11-02 15:52 <DIR> d-------- c:program filesDream Day Wedding
2008-10-23 17:26 . 2008-10-15 16:34 337,408 -----c--- c:windowssystem32dllcachenetapi32.dll
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:documents and settingsWINDOWSsystem
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:documents and settingsWINDOWS
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:documents and settingsUserDataKDM3016F
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:documents and settingsUserDataKD678D2R
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:documents and settingsUserDataGP6JOH2V
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:documents and settingsUserData[u]0[/u]5ARC9UR
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--hs---- c:documents and settingsUserData
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--h----- c:documents and settingsTemplates
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> dr------- c:documents and settingsStart MenuPrograms
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> dr------- c:documents and settingsStart Menu
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> dr-h----- c:documents and settingsSendTo
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--hs---- c:documents and settingsRecent
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--h----- c:documents and settingsPrintHood
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:documents and settingsPhone BrowserMy Gallery
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:documents and settingsPhone BrowserMy Contacts
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:documents and settingsPhone BrowserFetched Files
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:documents and settingsPhone Browser
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d---s---- c:documents and settingsNetHoodMy Web Sites on MSN
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d--h----- c:documents and settingsNetHood
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:documents and settingsMy DocumentsBitLord
2008-10-23 15:01 . 2008-10-23 15:01 <DIR> d-------- c:documents and settingsMy DocumentsBBC radio 1 - live lounge
2008-10-23 15:01 . 2008-09-26 20:31 7,516,160 --a------ c:documents and settingspe_c_robbie.rrr
2008-10-23 15:01 . 2007-03-18 10:58 32,768 --a------ c:documents and settingsUserDataindex.dat
2008-10-23 15:01 . 2005-09-02 13:34 2,666 --a------ c:documents and settings.powerupdate.user.properties
2008-10-23 15:00 . 2008-10-23 15:00 <DIR> d-------- c:documents and settingsMy DocumentsConvertXtoDVD
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:documents and settingsMy DocumentsJustin Timberlake - Futuresex Lovesounds
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d---s---- c:documents and settingsMy DocumentsInstantCDDVD
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:documents and settingsMy DocumentsIncomplete
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:documents and settingsMy DocumentsHard-Fi - Stars Of CCTV [2005]
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:documents and settingsMy DocumentsFM Backup
2008-10-23 14:59 . 2008-10-23 14:59 <DIR> d-------- c:documents and settingsMy DocumentsFILES
2008-10-23 14:59 . 2008-11-06 20:38 <DIR> d-------- c:documents and settingsMy DocumentsDownloads
2008-10-23 14:58 . 2008-10-23 14:58 <DIR> d-------- c:documents and settingsMy DocumentsMy eBooks
2008-10-23 14:58 . 2008-10-23 14:58 <DIR> dr------- c:documents and settingsMy DocumentsMy Archives
2008-10-23 14:58 . 2008-10-23 14:58 <DIR> d-------- c:documents and settingsMy DocumentsMSDE2000
2008-10-23 14:58 . 2008-10-23 14:58 <DIR> d-------- c:documents and settingsMy DocumentsMNE Presents The Essential Bands - 2cd's
2008-10-23 14:54 . 2008-11-06 20:45 <DIR> d---s---- c:documents and settingsMy DocumentsMy Music
2008-10-23 14:53 . 2008-11-06 20:40 <DIR> d-------- c:documents and settingsMy DocumentsMy Received Files
2008-10-23 14:53 . 2008-10-23 14:53 <DIR> d---s---- c:documents and settingsMy DocumentsMy Pictures
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> d-------- c:documents and settingsMy DocumentsOasis - Stop The Clocks [2006][2CD+2 SkidVids+Cov]
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> d-------- c:documents and settingsMy DocumentsNero 7.0.1.2 HUN
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> d-------- c:documents and settingsMy DocumentsNero 7
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> dr------- c:documents and settingsMy DocumentsMy Widgets
2008-10-23 14:50 . 2008-10-23 14:50 <DIR> d---s---- c:documents and settingsMy DocumentsMy Webs
2008-10-23 14:50 . 2008-11-06 20:43 <DIR> dr------- c:documents and settingsMy DocumentsMy Videos
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:documents and settingsMy DocumentsSoulseek
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:documents and settingsMy DocumentsSnow_Patrol-Eyes_Open-2006-FM
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:documents and settingsMy DocumentsPinnacle Expression
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:documents and settingsMy DocumentsPcSetup
2008-10-23 14:49 . 2008-10-23 14:49 <DIR> d-------- c:documents and settingsMy DocumentsORK
2008-10-23 14:46 . 2008-10-23 14:46 <DIR> d-------- c:documents and settingsMy DocumentsVA - Essential Songs (2006)
2008-10-23 14:46 . 2008-10-23 14:46 <DIR> d-------- c:documents and settingsMy DocumentsThe Kooks - Inside in, Inside out
2008-10-23 14:46 . 2008-10-23 14:46 <DIR> d-------- c:documents and settingsMy DocumentsSuper.DVD.Creator.v9.5.Multilingual.Incl.Keymaker-CORE
2008-10-23 14:46 . 2008-10-23 14:49 <DIR> d-------- c:documents and settingsMy DocumentsSports Interactive
2008-10-23 14:45 . 2008-10-23 14:45 <DIR> d-------- c:documents and settingsMy DocumentsVA-NME Presents The Essential Bands 2006(with covers) a DHZ.Inc
2008-10-23 14:45 . 2007-10-17 16:55 693,633,024 --a------ c:documents and settingsMy Documentshtd-fm08.bin
2008-10-23 14:45 . 2005-01-10 23:25 21,778,872 --a------ c:documents and settingsMy DocumentsiTunesSetup.exe
2008-10-23 14:45 . 2005-03-10 11:30 15,814,200 --a------ c:documents and settingsMy DocumentsJava Runtime Environment.exe
2008-10-23 14:45 . 2006-01-15 01:55 9,692,886 --a------ c:documents and settingsMy Documentsvlc-0.8.4a-win32.exe
2008-10-23 14:45 . 2005-08-08 18:51 4,825,672 --a------ c:documents and settingsMy DocumentsFirefox.exe
2008-10-23 14:45 . 2006-01-03 12:48 4,042,280 --a------ c:documents and settingsMy DocumentsLWP.exe
2008-10-23 14:45 . 2001-04-04 18:11 1,499,904 -ra------ c:documents and settingsMy DocumentsINSTMSIW.EXE
2008-10-23 14:45 . 2001-04-04 18:11 1,489,152 -ra------ c:documents and settingsMy DocumentsINSTMSI.EXE
2008-10-23 14:45 . 2001-02-28 13:14 476,576 -ra------ c:documents and settingsMy DocumentsSETUP.EXE
2008-10-23 14:44 . 2008-11-19 18:14 <DIR> d---s---- c:documents and settingsMy Documents
2008-10-23 14:38 . 2008-10-23 14:38 <DIR> d-------- c:documents and settingsLocal Settingstemp
2008-10-23 14:38 . 2008-10-23 14:38 <DIR> d--hs---- c:documents and settingsLocal SettingsHistory
2008-10-23 14:38 . 2008-10-23 14:38 <DIR> d-------- c:documents and settingsLocal SettingsApps
2008-10-23 14:37 . 2008-10-23 14:38 <DIR> d--hs---- c:documents and settingsLocal SettingsTemporary Internet Files
2008-10-23 14:37 . 2008-10-23 14:38 <DIR> d--h----- c:documents and settingsLocal Settings
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d--h----- c:documents and settingsInstallAnywhere
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:documents and settingsIncomplete
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:documents and settingsFavoritesMicrosoft Websites
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:documents and settingsFavoritesMicrosoft Web Sites
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:documents and settingsFavoritesLinks
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> dr------- c:documents and settingsFavorites
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:documents and settingsDoctorWebQuarantine
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:documents and settingsDoctorWeb
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:documents and settingsDesktopMassive R&B-Spring Collection - 2008.(http://www.lokotorrents.com)
2008-10-23 14:37 . 2008-11-18 17:42 <DIR> d-------- c:documents and settingsDesktophijackthis
2008-10-23 14:37 . 2008-10-23 14:37 <DIR> d-------- c:documents and settingsDesktopDavid Gray - Greatest Hits (256Kbps)
2008-10-23 14:37 . 2007-05-29 11:20 37,873,216 --a------ c:documents and settingsDesktopiTunesSetup.exe
2008-10-23 14:37 . 2008-01-21 18:32 9,733,451 --a------ c:documents and settingsDesktopvlc-0.8.6d-win32.exe
2008-10-23 14:37 . 2007-09-06 14:47 7,346,072 --a------ c:documents and settingsDesktopcureit.exe
2008-10-23 14:37 . 2007-11-13 09:21 7,014,634 --a------ c:documents and settingsDesktopFOOTBALL.MANAGER.07.V7.02.ENG.RAZOR1911.NOCD.ZIP
2008-10-23 14:37 . 2007-01-20 13:03 6,175,304 --a------ c:documents and settingsDesktopfrostwire-4.13.1.4.windows.exe
2008-10-23 14:37 . 2006-02-14 20:46 5,179,432 --a------ c:documents and settingsDesktopFirefox Setup 1.5.0.1.exe
2008-10-23 14:37 . 2006-10-01 18:12 5,014,254 --a------ c:documents and settingsDesktopdrweb-cureit.exe
2008-10-23 14:37 . 2008-07-12 16:57 4,891,216 --a------ c:documents and settingsDesktopSilverlight.2.0.exe
2008-10-23 14:37 . 2005-09-21 14:08 4,827,288 --a------ c:documents and settingsDesktopFirefox Setup 1.0.7.exe
2008-10-23 14:37 . 2007-11-13 09:10 3,003,113 --a------ c:documents and settingsDesktopSetup_MagicISO.exe
2008-10-23 14:37 . 2008-02-21 15:59 2,733,520 --a------ c:documents and settingsDesktopccsetup205.exe
2008-10-23 14:37 . 2008-01-17 14:18 760,661 --a------ c:documents and settingsDesktopDI-514_fw_v1-05.zip
2008-10-23 14:37 . 2007-12-15 01:13 8,833 --a------ c:documents and settingsDesktopGTA San Andreas.zip
2008-10-23 14:34 . 2008-10-23 14:37 <DIR> d---s---- c:documents and settingsDesktop
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d--h----- c:documents and settingsCopy of Contactsrobbiehill2001@hotmail.com
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d--h----- c:documents and settingsCopy of Contactsgroovykat567@msn.com
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsCopy of Contacts
2008-10-23 14:34 . 2008-11-10 00:51 <DIR> d--hs---- c:documents and settingsCookies
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d--h----- c:documents and settingsContactsrobbiehill2001@hotmail.com
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d--h----- c:documents and settingsContactsgroovykat567@msn.com
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsContacts
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsApplication DataFrostWire
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsApplication DataFaxCtr
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsApplication DataDivX
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsApplication DataCreative
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsApplication DataCorel
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsApplication DataBitTorrent
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsApplication DataApple Computer
2008-10-23 14:34 . 2008-10-23 14:34 <DIR> d-------- c:documents and settingsApplication Dataamenelseaudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 18:27 --------- d-----w c:program fileslx_cats
2008-11-19 17:35 --------- d---a-w c:documents and settingsAll UsersApplication DataTEMP
2008-11-10 22:19 --------- d-----w c:program filesCommon FilesAdobe
2008-11-10 00:28 --------- d-----w c:program filesCreative
2008-11-10 00:09 --------- d-----w c:program filesLavasoft
2008-11-10 00:09 --------- d-----w c:program filesCommon FilesWise Installation Wizard
2008-11-09 16:48 --------- d-----w c:program filesSpywareBlaster
2008-11-09 16:46 --------- d-----w c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2008-11-06 22:28 --------- d-----w c:program filesSpybot - Search & Destroy
2008-11-06 16:32 --------- d-----w c:program filesMalwarebytes' Anti-Malware
2008-10-24 11:21 455,296 ----a-w c:windowssystem32driversmrxsmb.sys
2008-10-22 16:10 38,496 ----a-w c:windowssystem32driversmbamswissarmy.sys
2008-10-22 16:10 15,504 ----a-w c:windowssystem32driversmbam.sys
2008-10-21 15:45 83,216 ----a-w c:documents and settingsPete HillApplication DataGDIPFONTCACHEV1.DAT
2008-10-07 18:28 --------- d-----w c:program filesMystery of Shark Island
2008-10-07 18:28 --------- d-----w c:documents and settingsPete HillApplication DataPlayFirst
2008-10-01 20:21 --------- d-----w c:program filesiTunes
2008-10-01 20:21 --------- d-----w c:program filesiPod
2008-10-01 20:21 --------- d-----w c:documents and settingsAll UsersApplication Data{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 20:20 --------- d-----w c:program filesBonjour
2008-10-01 20:19 --------- d-----w c:program filesQuickTime
2008-09-27 23:58 --------- d-----w c:documents and settingsPete HillApplication DataMalwarebytes
2008-09-27 23:58 --------- d-----w c:documents and settingsAll UsersApplication DataMalwarebytes
2008-09-27 23:29 --------- d--h--w c:program filesInstallShield Installation Information
2008-09-27 23:29 --------- d-----w c:program filesTHQ
2008-09-27 20:44 --------- d-----w c:program filesShockwave.com
2008-09-27 20:43 --------- d-----w c:program filesDivX
2008-09-27 20:42 --------- d-----w c:program filesDisney Interactive
2008-09-27 15:15 --------- d-----w c:program filesLEGO Company
2008-09-27 15:13 --------- d-----w c:program filesMindscape
2008-09-27 15:08 --------- d-----w c:program filesMcDonaldsFairies
2008-08-20 10:38 83,216 ----a-w c:documents and settingsCallaApplication DataGDIPFONTCACHEV1.DAT
2007-11-23 21:14 67,896 ----a-w c:documents and settingsRonaldinhoApplication DataGDIPFONTCACHEV1.DAT
2006-07-22 18:37 32 ----a-r c:documents and settingsAll Usershash.dat
2005-04-25 22:24 48,264 -csh--w c:windowsinfcmpa.bak1
2005-05-03 17:27 375,023 -csh--w c:windowsinfcmpa.bak2
2005-05-03 21:29 375,710 -csh--w c:windowsinfcmpa.ini2
2007-09-10 09:47 0 -csha-w c:windowsSMINSTHPCD.sys
2006-05-03 09:06 163,328 --sh--r c:windowssystem32flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:windowssystem32msfDX.dll
2008-05-16 14:44 32,768 --sha-w c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5MSHist012008051620080517index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2008-09-03 1576176]
"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"LXCRCATS"="c:windowsSystem32spoolDRIVERSW32X863LXCRtime.dll" [2005-12-01 65536]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2004-07-13 4112384]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2008-07-23 16:28 352256 c:program filesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"vidc.i420"= i420vfw.dll

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:windowspssWindows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:program filesAdobeReader 8.0Readerreader_sl.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAudioDeck]
-ra------ 2006-07-26 06:19 540672 c:program filesVIAudioiSBADeckADeck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:windowssystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:program filesD-Toolsdaemon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEzPrint]
--a------ 2006-02-07 05:10 98304 c:program filesLexmark 2400 Seriesezprint.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFaxCenterServer]
--a------ 2006-02-02 08:11 290816 c:program filesLexmark Fax Solutionsfm3032.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreglxcrmon.exe]
--a------ 2006-01-22 17:45 286720 c:program filesLexmark 2400 Serieslxcrmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMicrosoft Works Update Detection]
--a--c--- 2003-06-10 14:11 50688 c:program filesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:windowssystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
--a------ 2004-07-13 20:50 4112384 c:windowssystem32nvcpl.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
--a------ 2004-07-13 20:50 81920 c:windowssystem32nvmctray.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPinnacleDriverCheck]
--a------ 2003-11-11 20:06 406016 c:windowssystem32PSDrvCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
--a------ 2008-09-06 14:09 413696 c:program filesQuickTimeQTTask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:program filesSpybot - Search & DestroyTeaTimer.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:program filesJavajre1.6.0_05binjusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMAAD]
--a------ 2007-02-16 18:41 110592 c:program filesSonyWALKMAN LauncherWMAAD.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
--a------ 2004-07-13 20:50 843776 c:windowssystem32nwiz.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
--a------ 2004-02-10 05:54 65024 c:windowsSOUNDMAN.EXE

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"c:\Program Files\BitLord\BitLord.exe"=
"c:\Program Files\FrostWire\FrostWire.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Messenger\livecall.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2008-11-17 28544]
R0 videX32;videX32;c:windowssystem32DRIVERSvideX32.sys [2007-09-17 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:windowssystem32DRIVERSxfilt.sys [2007-09-17 11264]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2008-11-07 78416]
R2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys [2008-11-07 20560]
R2 SVKP;SVKP;??c:windowssystem32SVKP.sys [2006-07-30 2368]
S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys [2008-09-27 38496]
S3 PortlUSB;PortlUSB;c:windowssystem32DRIVERSH10USB.sys [2004-06-24 7552]
S3 RiotDrv;Rio Riot driver;c:windowssystem32DriversRiotDrv.sys [2005-02-28 12610]
S3 SndTDriverV32;SndTDriverV32;c:windowssystem32driversSndTDriverV32.sys [2008-07-02 513152]
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7C631929-7540-4414-9DE2-742A572EAE76} - (no file)
HKU-Default-Run-ITWSS6_Suite - c:program filesIT Works Security Suite 6itwss.exe
HKU-Default-Run-ITWSS6_SAFE - c:program filesIT Works Security Suite 6safe.exe
HKU-Default-Run-ITWSS6_SPM - c:program filesIT Works Security Suite 6spm.exe
Notify-apmc - (no file)
Notify-geeba - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:documents and settingsPete HillApplication DataMozillaFirefoxProfilesxr0ymn7g.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=2057&_lang=EN FF -: plugin - c:program filesiTunesMozilla Pluginsnpitunes.dll
FF -: plugin - c:program filesMicrosoft Silverlight2.0.30523.8npctrl.dll
FF -: plugin - c:program filesMozilla Firefoxpluginsnpmozax.dll
FF -: plugin - c:program filesRealRealOne PlayerNetscape6nppl3260.dll
FF -: plugin - c:program filesRealRealOne PlayerNetscape6nprjplug.dll
FF -: plugin - c:program filesRealRealOne PlayerNetscape6nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 18:26:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:program filesBonjourmDNSResponder.exe
c:windowssystem32nvsvc32.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:windowssystem32lxcrcoms.exe
c:windowssystem32imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-19 18:33:25 - machine was rebooted [Pete Hill]
ComboFix-quarantined-files.txt 2008-11-19 18:33:11

Pre-Run: 49,128,198,144 bytes free
Post-Run: 49,957,208,064 bytes free

321 --- E O F --- 2008-11-13 10:08:58
Logfile of HijackThis v1.99.1
Scan saved at 18:39:25, on 19/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32lxcrcoms.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32notepad.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsDesktophijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = https://login.passport.net/uilogin.srf?lc=2057&id=2
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O4 - HKLM..Run: [LXCRCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189266177140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132643161656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/sis/slgwebinstall.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.shockwave.com/content/sweetopia/sis/Sweetopia.1.0.0.22.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLMSystemCCSServicesTcpip..{EEF25E6D-22B3-4345-ACB5-D7BD537111A4}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: lxcr_device - - C:WINDOWSsystem32lxcrcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:WINDOWSSYSTEM32slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe


Pancake - 19-11-2008 at 21:24

Ok.That looks like it fixed the malware so you should be fine now.

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.



ComboFix /u

[bad img]http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png[/bad img]


Pete Hill - 19-11-2008 at 22:27

Thanks Pancake. Much better now :) and thanks for the quick response.
Pete


Pancake - 20-11-2008 at 00:37

Your welcome.