Thanks for the reply. I have followed your instructions (although I forgot to turn off my firewall and antvirus the first time I ran combofix, the second time i just forgot spywareguard was running, hope this is ok. Also I am in my lunch hour so i didnt reboot the pc before running hijack this as I am rushing a bit!).
My log files are attached, thanks for looking at them (PS I thought that my multiple posts might have been the problem, thanks for making that clear)
Duncan/Leftfield27
ComboFix 08-04-06.1 - Duncan 2008-04-07 14:17:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1284 [GMT 1:00]
Running from: C:\Documents and Settings\Duncan\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Duncan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Duncan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.
2008-04-05 00:38 . 2008-04-07 13:38 53,865 --a------ C:\1.gif
2008-03-30 23:33 . 2008-04-07 13:42 6,696,992 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2008-03-30 23:33 . 2008-04-07 13:42 54,068 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2008-03-30 19:57 . 2008-03-30 19:57 24,576 --a------ C:\WINNT\system32\VundoFixSVC.exe
2008-03-30 19:04 . 2008-03-30 20:51 <DIR> d-------- C:\VundoFix Backups
2008-03-30 18:22 . 2008-03-30 18:22 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-30 18:22 . 2008-03-30 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 18:21 . 2008-03-30 18:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 13:08 . 2008-03-30 13:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-30 13:08 . 2008-04-07 11:46 <DIR> d-------- C:\Documents and Settings\Duncan\Application Data\skypePM
2008-03-30 13:08 . 2008-03-30 13:08 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-29 21:03 . 2008-04-07 13:44 <DIR> d-------- C:\Program Files\AutoShutdown
2008-03-29 16:09 . 2008-04-07 13:41 256 --a------ C:\WINNT\onlineeye.INI
2008-03-29 15:31 . 2008-03-29 16:09 <DIR> d-------- C:\Program Files\Onlineeye
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-07 11:46 --------- d-----w C:\Documents and Settings\Duncan\Application Data\Skype
2008-04-07 10:43 --------- d-----w C:\Documents and Settings\Duncan\Application Data\Azureus
2008-04-07 07:35 --------- d-----w C:\Documents and Settings\Duncan\Application Data\dvdcss
2008-04-06 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-04-06 19:03 94,208 ----a-w C:\WINNT\DUMPaf2b.tmp
2008-04-06 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-06 15:45 --------- d-----w C:\Program Files\Replay AV 8
2008-03-31 07:42 --------- d-----w C:\Program Files\RegScrubXP
2008-03-30 21:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 20:43 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-30 19:40 --------- d-----w C:\Program Files\Java
2008-03-30 19:24 --------- d-----w C:\Program Files\Elantech
2008-03-30 19:22 --------- d-----w C:\Documents and Settings\Duncan\Application Data\AVG7
2008-03-30 17:44 --------- d-----w C:\Program Files\MediaMonkey
2008-03-30 12:08 --------- d-----w C:\Program Files\Skype
2008-03-30 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-29 22:32 --------- d-----w C:\Program Files\Winamp
2008-03-29 15:00 --------- d-----w C:\Program Files\SpywareGuard
2008-03-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-13 22:11 75,248 ----a-w C:\WINNT\zllsputility.exe
2008-03-13 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-07 08:15 --------- d-----w C:\Program Files\Azureus
2008-03-05 21:18 --------- d-----w C:\Documents and Settings\Duncan\Application Data\MCMPEGEnc
2008-03-03 13:18 --------- d-----w C:\Documents and Settings\Duncan\Application Data\Windows Desktop Search
2008-03-03 13:17 --------- d-----w C:\Program Files\Windows Desktop Search
2008-03-01 18:59 --------- d-----w C:\Documents and Settings\Duncan\Application Data\ArcSoft
2008-03-01 18:50 --------- d-----w C:\Program Files\Kontiki
2008-03-01 18:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 18:41 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-03-01 18:41 --------- d-----w C:\Program Files\ArcSoft
2008-03-01 18:39 --------- d-----w C:\Program Files\USB PC Camera
2008-02-29 22:27 --------- d-----w C:\Documents and Settings\Duncan\Application Data\DivX
2008-02-29 22:05 --------- d-----w C:\Program Files\DivX
2008-02-28 14:47 --------- d-----w C:\Program Files\Cloudbrain
2008-02-27 19:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 23:22 691,545 ----a-w C:\WINNT\unins000.exe
2008-02-26 19:59 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-26 19:58 --------- d-----w C:\Program Files\AVSMedia
2008-02-26 19:56 --------- d-----w C:\Program Files\ImTOO
2005-11-01 13:02 79 ----a-w C:\Program Files\Show Desktop.scf
2005-07-14 18:31 27,648 --sha-w C:\WINNT\system32\AVSredirect.dll
2007-03-05 07:29 739,873 --sh--w C:\WINNT\system32\jmllm.bak1
2007-03-09 13:22 775,849 --sh--w C:\WINNT\system32\jmllm.bak2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-09 21:15 171448]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-01-25 11:08 1032376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINNT\system32\HdAShCut.exe]
"KTPWare"="C:\Program Files\Elantech\Ktp.exe" [2005-09-05 06:29 253952]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-25 23:50 579072]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINNT\RTHDCPL.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"DSL Connection Manager"="C:\Program Files\INTEL\DSLSetup\ProDsl.exe" [2002-05-10 14:30 65536]
"BCD2000"="C:\WINNT\system32\bcd2kcpan.exe" [2007-08-11 23:33 532480]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 07:35 36352]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 02:31 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 23:50 356352]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 23:46 401408]
"VersionCheck"="C:\Program Files\Onlineeye\vcheck.exe" [2008-03-06 12:22 71680]
"OnlineTime"="c:\program files\onlineeye\onlineeye.exe" [2008-03-06 12:22 422400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-25 23:51 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 01:12:44 113664]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 23:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.CDVC"= cdvccodc.dll
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"msacm.ac3acm"= AC3ACM.acm
"vidc.dvsd"= mcdvd_32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINNT\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINNT\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk
backup=C:\WINNT\pss\Hawking Wireless Utility.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2008-01-25 11:08 1032376 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2005-10-19 18:19 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoMailChecker]
C:\Program Files\Clevo\AutoMailChkr\MailChkr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 C:\WINNT\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2001-12-26 15:12 472576 C:\WINNT\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
--a------ 2005-11-23 15:04 1544192 C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-03-12 22:43 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote]
--a------ 2006-04-26 18:28 57344 C:\Program Files\LifeView DTV\RemoteControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-01-03 11:41 1385472 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2008-01-25 11:08 1032376 C:\Program Files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINNT\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
--a------ 2004-04-28 01:41 188416 C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-03-27 15:58 1744896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-09 21:15 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINNT\\system32\\dpvsetup.exe"=
"C:\\WINNT\\system32\\rundll32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 d346bus;d346bus;C:\WINNT\system32\DRIVERS\d346bus.sys [2004-03-12 22:41]
R0 d346prt;d346prt;C:\WINNT\system32\Drivers\d346prt.sys [2004-03-12 22:41]
R1 Asapi;Asapi;C:\WINNT\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 ndisrd;ndisrd;C:\WINNT\system32\drivers\ndisrd.sys [2008-01-24 09:18]
R2 AutoShutdown;AutoShutdown Service;C:\PROGRA~1\AUTOSH~1\AS_Service.exe [2006-07-23 14:15]
R2 gmxfwsvc;Onlineeye Firewall Service;"C:\Program Files\Onlineeye\gmxffcsrv.exe" -service []
R3 Ktp;Elantech Touchpad;C:\WINNT\system32\DRIVERS\Ktp.sys [2005-08-16 02:06]
R3 LVHybrid;LVHybrid service;C:\WINNT\system32\DRIVERS\LVHybrid.sys [2005-10-21 18:22]
S2 P32LOAD;IntelŪ AnyPointŪ 3240 USB Modem Firmware Loader;C:\WINNT\system32\DRIVERS\p31usbld.sys [2002-04-23 18:15]
S3 APL531;OVT Scanner;C:\WINNT\system32\Drivers\ov550i.sys [2006-07-31 20:44]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\APLMp50.sys [2005-02-16 08:06]
S3 BCD2000;Behringer BCD2000 V1.1.1.0;C:\WINNT\system32\Drivers\BCD2000.SYS [2007-08-11 23:33]
S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;C:\WINNT\system32\Drivers\BCD2000WDM.SYS [2007-08-11 23:33]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINNT\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 PRO3200P;IntelŪ USB ADSL Modem;C:\WINNT\system32\DRIVERS\p32d2kP.sys [2002-04-26 23:23]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);C:\WINNT\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-07 14:19:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-07 14:20:51
ComboFix-quarantined-files.txt 2008-04-07 13:20:28
Pre-Run: 7,745,368,064 bytes free
Post-Run: 7,774,498,816 bytes free
.
2008-03-17 00:18:23 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:53, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\AUTOSH~1\AS_Service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Elantech\Ktp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\INTEL\DSLSetup\ProDsl.exe
C:\WINNT\system32\bcd2kcpan.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\program files\onlineeye\onlineeye.exe
C:\Program Files\Onlineeye\gmxffcsrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\SearchIndexer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Duncan\Desktop\Firefox downloads and info\Analyser.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [VersionCheck] "C:\Program Files\Onlineeye\vcheck.exe"
O4 - HKLM\..\Run: [OnlineTime] "c:\program files\onlineeye\onlineeye.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BC5FCE5-46A9-4F26-99F6-3EC5EE8E863F}: NameServer = 212.159.6.9 212.159.6.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AutoShutdown Service (AutoShutdown) - Barefoot Productions, Inc. - C:\PROGRA~1\AUTOSH~1\AS_Service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eveatclt - Ralink Technology, Corp. - C:\WINNT\system32\drivers\Dr71WU.sys
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Onlineeye Firewall Service (gmxfwsvc) - GMX - C:\Program Files\Onlineeye\gmxffcsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
--
End of file - 11769 bytes