Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - some1ok

Pages: [1] 2
1
Tech Clinic / Topic for some1ok
« on: April 04, 2008, 09:43:58 PM »
i did them all....but for the combo fix one....it did not find the file :S..

2
Tech Clinic / Topic for some1ok
« on: April 04, 2008, 02:55:25 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:27 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 10616 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:27 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 10616 bytes


things are running good.... how do we get rid of the those files quarantined or whatever?

3
Tech Clinic / Topic for some1ok
« on: April 01, 2008, 05:38:24 PM »
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Tuesday, April 01, 2008 6:55:34 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  1/04/2008
 Kaspersky Anti-Virus database records: 676350
-------------------------------------------------------------------------------

Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

Scan Target - My Computer:
    C:\
    D:\
    E:\

Scan Statistics:
    Total number of scanned objects: 145229
    Number of viruses found: 3
    Number of infected objects: 16
    Number of suspicious objects: 0
    Duration of the scan process: 02:20:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.Crwl    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.gthr    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.ci    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wsb    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy30.gthr    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_ba8.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\cert8.db    Object is locked    skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\history.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\key3.db    Object is locked    skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\parent.lock    Object is locked    skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\search.sqlite    Object is locked    skipped
C:\Documents and Settings\Mathew\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\urlclassifier2.sqlite    Object is locked    skipped
C:\Documents and Settings\Mathew\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Logs\Dfsr00005.log    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\pending.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\dfsr.db    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsr.log    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsrtmp.log    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\tmp.edb    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\real\members.stg    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\shadow\members.stg    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_001_    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_002_    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_003_    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_MAP_    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\MSHist012008040120080402\index.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF650.tmp    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF7C7.tmp    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF8C4.tmp    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF916F.tmp    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF9180.tmp    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DFB3F2.tmp    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DFB43B.tmp    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\My Documents\My Music\iTunes\iTunes Library.itl    Object is locked    skipped
C:\Documents and Settings\Mathew\ntuser.dat    Object is locked    skipped
C:\Documents and Settings\Mathew\ntuser.dat.LOG    Object is locked    skipped
C:\Downloads\Troy KLAXXON\Troy KLAXXON.avi.fb!    Object is locked    skipped
C:\Joel\Logs\April 2008\calvin_liu25Email Removed.txt    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt    Object is locked    skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byddnslj.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\comyctgx.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lioriqcd.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\prdroerp.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wilvcmeb.dll.vir    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip/jkkll.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip/vtuvuvt.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\QooBox\Quarantine\catchme2008-03-17_225736.03.zip    ZIP: infected - 2    skipped
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157105.dll    Infected: not-a-virus:AdTool.Win32.WhenU.r    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157106.exe    Infected: not-a-virus:AdTool.Win32.WhenU.t    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178971.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180037.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180038.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180039.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180040.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180041.dll    Infected: not-a-virus:AdWare.Win32.Virtumonde.gen    skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP744\change.log    Object is locked    skipped
C:\WINDOWS\Debug\PASSWD.LOG    Object is locked    skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt    Object is locked    skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F1A9DCD6-6499-430C-B2F7-698D748F953C}.crmlog    Object is locked    skipped
C:\WINDOWS\SchedLgU.Txt    Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AC27E661-966A-42D2-B506-1C5F33DB1DD6}.bin    Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log    Object is locked    skipped
C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
C:\WINDOWS\system32\config\Antivirus.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\AppEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\DEFAULT    Object is locked    skipped
C:\WINDOWS\system32\config\default.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\Internet.evt    Object is locked    skipped
C:\WINDOWS\system32\config\Media Ce.evt    Object is locked    skipped
C:\WINDOWS\system32\config\ODiag.evt    Object is locked    skipped
C:\WINDOWS\system32\config\OSession.evt    Object is locked    skipped
C:\WINDOWS\system32\config\SAM    Object is locked    skipped
C:\WINDOWS\system32\config\SAM.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SecEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SOFTWARE    Object is locked    skipped
C:\WINDOWS\system32\config\software.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SysEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\SYSTEM    Object is locked    skipped
C:\WINDOWS\system32\config\system.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt    Object is locked    skipped
C:\WINDOWS\system32\drivers\sptd.sys    Object is locked    skipped
C:\WINDOWS\system32\h323log.txt    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP    Object is locked    skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_618.dat    Object is locked    skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt    Object is locked    skipped
C:\WINDOWS\wiadebug.log    Object is locked    skipped
C:\WINDOWS\wiaservc.log    Object is locked    skipped
C:\WINDOWS\WindowsUpdate.log    Object is locked    skipped

Scan process completed.

4
Tech Clinic / Topic for some1ok
« on: March 29, 2008, 03:54:15 PM »
http://www.pcpitstop.com/techexpress.asp?id=CUNHTWCN07GS94GG

5
Tech Clinic / Topic for some1ok
« on: March 29, 2008, 02:03:41 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:45 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 10343 bytes


things are running ok.....my system lags. at randomest times =S....any ideas why?...

6
Tech Clinic / Topic for some1ok
« on: March 28, 2008, 01:51:18 PM »
i uninstalled it a WHILEEE back =|....like a really long while back.

7
Tech Clinic / Topic for some1ok
« on: March 27, 2008, 05:49:17 PM »
HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:40 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href="http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab" target="_blank" rel="nofollow">http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab</a>
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 11637 bytes




ALSO.....i got rid of regcure....but i cant get rid of error fixer....because the file is not there?...so what do i do?.....my comp is doing alright...but uhm .....it just lags at the randomest of times...not quite often...but once in a while...any info on that?

8
Tech Clinic / Topic for some1ok
« on: March 27, 2008, 03:41:53 PM »
uninstall_list

Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Andrew Wommack Bible Commentary
AOL (Choose which version to remove)
AOL Connectivity Services
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
avast! Antivirus
AVG Anti-Spyware 7.5
AviSynth 2.5
Azureus 3.0
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Creative PC-CAM 300 Driver
Creative PC-CAM Center
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
DellSupport
DFX for Windows Media Player
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DreamStation DXi2
Ease Audio Converter 4.40
Efficient Networks SpeedStream DSL
Error Fixer 3.0.1
ESPNMotion
Flash Video Exporter 1.2
FlashGet 1.8.2.1001
Free Window Registry Repair
Games X Copy
GemMaster Mystic
Google Gmail Notifier
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
LANDE PMF PLAYER
Learn2 Player (Uninstall Only)
Macromedia Extension Manager
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Macromedia HomeSite+
Malwarebytes' Anti-Malware
MCU
Messenger Plus! Live
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Theme Ontario
Modem Helper
Mozilla Firefox (2.0.0.13)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nero - Burning Rom
Nero BurnRights
NetWaiting
Nikon Message Center
Nokia Connectivity Cable Driver
Nokia Lifeblog
Nokia Multimedia Factory
Nokia PC Connectivity Solution
Nokia PC Suite
PictureProject
Pop-Up Stopper Free Edition
PowerISO
PSP Video 9 2.25
PSP Video Express(remove only)
QuickTime
RealPlayer
RegCure 1.0.0.43
Riva FLV Encoder 2.0
Rogers Self Healing Software (remove only)
Roxio Backup MyPC
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SUPER © Version 2007.bld.23 (July 4, 2007)
Tabbed Browsing (Windows Live Toolbar)
TopStyle Lite (Version 3.0)
Torrent Episode Downloader
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Manager (remove only)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
VeohTV BETA
VideoLAN VLC media player 0.8.5
WebCyberCoach 3.2 Dell
Windows Desktop Search 3.01
Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
XBC 5.1

9
Tech Clinic / Topic for some1ok
« on: March 26, 2008, 01:56:51 PM »
ahaha.. it works http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

now...uhm...was only my browser that was affected?....or is there more to this stupid virus i downloaded =(......nehow... thanks again man...really appreciate it http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

10
Tech Clinic / Topic for some1ok
« on: March 25, 2008, 01:50:44 PM »
yeah i can see it

11
Tech Clinic / Topic for some1ok
« on: March 24, 2008, 07:49:17 PM »
//@line 1378 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"

//@line 1570 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"

//@line 1759 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"

//@line 1848 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"

//@line 2263 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"

//@line 2331 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"

//@line 2357 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"

//@line 2377 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"

//@line 2385 "/cygdrive/c/builds/tinderbox/Fx-Mozilla1.8-Release/WINNT_5.2_Depend/mozilla/modules/libpref/src/init/all.js"


pref("general.config.filename", "info1.cfg");

12
Tech Clinic / Topic for some1ok
« on: March 24, 2008, 06:46:00 PM »
i am not sure. i probably think i did a LONGG time back =|....but i am pretty sure i uninstalled it. Also i cant change firefox's homepage. It's still the same.....

can u please in brief explain what this virus is doing to my computer?.. i want to know the symptoms and effects. thanks alot.

13
Tech Clinic / Topic for some1ok
« on: March 24, 2008, 05:43:06 PM »
OTMoveIT

C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\Highspeeddownloader.lnk moved successfully.
C:\WINDOWS\system32\SetupClickHere.EXE moved successfully.
File/Folder  not found.
 
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03242008_185403

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:21 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)

--
End of file - 11519 bytes


i dont know which program is not supposed to be there in the allow list :S...am i supposed to see working vista? or something around it?...:S...i dont see

also.....sorry about  not answering...how do i delete it if i have SupportAnyPC

14
Tech Clinic / Topic for some1ok
« on: March 24, 2008, 01:58:40 PM »
main.txt

Deckard's System Scanner v20071014.68
Run by Mathew on 2008-03-24 15:09:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
284: 2008-03-24 19:09:11 UTC - RP739 - Deckard's System Scanner Restore Point
283: 2008-03-24 02:32:57 UTC - RP738 - Restore Operation
282: 2008-03-22 19:39:19 UTC - RP737 - System Checkpoint
281: 2008-03-21 00:47:56 UTC - RP736 - System Checkpoint
280: 2008-03-19 03:26:12 UTC - RP735 - ComboFix created restore point


-- First Restore Point --
1: 2008-03-16 22:55:02 UTC - RP456 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mathew.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:43 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Documents and Settings\Mathew\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mathew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: Highspeeddownloader.lnk = C:\WINDOWS\system32\SetupClickHere.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)

--
End of file - 11333 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080130-095644-297 O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
backup-20080202-102727-147 O2 - BHO: (no name) - {8EE430F9-85E7-44B2-B7D2-1BE83735913A} - (value not set) (file missing)
backup-20080205-174845-417 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

-- File Associations -----------------------------------------------------------

[color=\"red\"].js - JSFile - DefaultIcon - unable to read value[/color]
[color=\"red\"].js - JSFile - shell\open\command - unable to read value[/color]
[color=\"red\"].reg - regfile - shell\open\command - "%1" %*[/color]
[color=\"red\"].scr - scrfile - shell\open\command - "%1" %*[/color]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>

S0 Partizan - c:\windows\system32\drivers\partizan.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 ENETHUSB (Speedstream Ethernet USB Adapter) - c:\windows\system32\drivers\enethusb.sys <Not Verified; Efficient Networks, Inc.; Speedstream Ethernet USB Adapter>
S3 kvpndev (Kerio VPN adapter) - c:\windows\system32\drivers\kvpndrv.sys <Not Verified; Kerio Technologies Inc.; Kerio VPN driver (x86)>
S3 kwflower (Kerio WinRoute Firewall Driver - Lower Layer) - c:\windows\system32\drivers\kwflower.sys (file missing)
S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 SupportAnyPC (SupportAnyPC Service) - "c:\docume~1\mathew\locals~1\temp\winvnc.exe" -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-24 14:45:00       256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-21 18:16:01       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-19 15:40:20       374 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-02-24 and 2008-03-24 -----------------------------

2008-03-23 22:57:14         0 d-------- C:\Program Files\Alwil Software
2008-03-23 22:23:16     36864 --a------ C:\WINDOWS\system32\SetupClickHere.EXE <Not Verified; ; workingvista>
2008-03-20 22:31:21         0 d-------- C:\Program Files\Andrew Wommack Bible Commentary
2008-03-18 23:32:55         0 d-------- C:\Documents and Settings\Mathew\Application Data\Malwarebytes
2008-03-18 23:32:45         0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 23:32:44         0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 16:28:41         0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-17 16:28:37         0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-12 12:22:23         0 d-------- C:\Program Files\Microsoft Games
2008-03-08 13:50:05         0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 22:38:35         0 d-------- C:\Program Files\Rogers
2008-03-05 23:26:37         0 d-------- C:\Program Files\iPod(6)
2008-03-05 15:21:23         0 d-------- C:\Program Files\ACW
2008-02-29 19:22:48         0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-03-24 13:28:59         0 d-------- C:\Program Files\a-squared Anti-Malware
2008-03-23 22:30:16         0 d-------- C:\Program Files\FlashGet
2008-03-22 16:22:24         0 d-------- C:\Documents and Settings\Mathew\Application Data\Macromedia
2008-03-16 23:21:34         0 d-------- C:\Program Files\Common Files
2008-03-16 23:21:25         0 d-------- C:\Program Files\Movie Maker
2008-03-13 23:55:42         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-12 16:35:04         0 d-------- C:\Program Files\DivX
2008-03-05 23:51:40         0 d-------- C:\Program Files\iTunes
2008-03-05 23:51:28         0 d-------- C:\Program Files\QuickTime
2008-02-24 23:40:37         0 d-------- C:\Documents and Settings\Mathew\Application Data\Adobe
2008-02-07 18:46:42         0 d-------- C:\Program Files\Cakewalk
2008-02-07 12:23:06         0 d-------- C:\Program Files\Kontakt Player 2
2008-02-03 16:15:46         0 d-------- C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 16:10:09    118784 --a------ C:\WINDOWS\dsdxirmv.exe
2008-02-01 16:22:26         0 d-------- C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 16:21:36         0 d-------- C:\Program Files\Windows Desktop Search
2008-02-01 16:12:40         0 d-------- C:\Program Files\UltraISO
2008-02-01 16:08:38         0 d-------- C:\Program Files\Yahoo!
2008-02-01 15:58:41         0 d-------- C:\Program Files\Microsoft Expression
2008-02-01 15:41:28         0 d-------- C:\Program Files\MSN Messenger
2008-02-01 15:41:24         0 d-------- C:\Program Files\DellSupport
2008-02-01 15:41:24         0 d-------- C:\Program Files\Common Files\LightScribe
2008-02-01 15:35:35         0 d-------- C:\Program Files\Microsoft Works
2008-02-01 15:14:45         0 d-------- C:\Program Files\MSBuild
2008-02-01 15:08:42         0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-31 16:33:55         0 d-------- C:\Program Files\Windows Installer Clean Up
2008-01-31 16:33:34         0 d-------- C:\Program Files\MSECACHE
2008-01-30 23:43:20         0 d-------- C:\Program Files\PowerISO
2008-01-30 10:53:26         0 d-------- C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-22 11:38:57    155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-12-24 18:21:17       196 --a------ C:\Documents and Settings\Mathew\Application Data\G-Force Prefs (WindowsMediaPlayer).txt


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [01/30/2008 11:19 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/20/2008 03:05 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/22/2008 11:38 AM]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [01/22/2008 11:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [01/22/2008 11:39 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/21/2008 11:28 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/17/2008 12:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/22/2008 11:39 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/30/2008 02:11 PM]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [04/23/2007 04:51 PM]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [10/12/2007 04:30 PM]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [10/12/2007 04:30 PM]

C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
Highspeeddownloader.lnk - C:\WINDOWS\system32\SetupClickHere.EXE [3/23/2008 10:23:16 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/8/2006 6:21:21 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/1/2006 10:25:49 PM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [8/8/2006 2:53:59 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 4:40:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 04:39 PM 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-03-24 15:12:19 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1014.07 MiB / 508.47 MiB
Pagefile Memory (total/avail): 2441.26 MiB / 2036.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.82 MiB

C: is Fixed (NTFS) - 144.33 GiB total, 76.96 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions
  \PARTITION0 - Unknown - 39.19 MiB
  \PARTITION1 (bootable) - Installable File System - 144.33 GiB - C:
  \PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: avast! antivirus 4.7.1098 [VPS 080324-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mathew\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mathew
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\COMPUTER
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mathew\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mathew\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=Mathew
USERPROFILE=C:\Documents and Settings\Mathew
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mathew (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
 --> C:\WINDOWS\WEBDELC.EXE -[PC-CAM Center
 --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Andrew Wommack Bible Commentary --> C:\Program Files\Andrew Wommack Bible Commentary\uninstall.exe
AOL (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_ca.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus 3.0 --> C:\Program Files\Azureus\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Creative PC-CAM 300 Driver --> C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400A&mi_00 -plugin Pd016pin.dll -pluginres Pd016pin.crl
Creative PC-CAM Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\PC-CAM Center\DeIsL1.isu"
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Ease Audio Converter 4.40 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Efficient Networks SpeedStream DSL --> C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall
Error Fixer 3.0.1 --> "C:\Program Files\Error Fixer\unins000.exe"
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Flash Video Exporter 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D61229A-9C20-465E-9EEA-76D98FAFE5F6}\Setup.exe" -l0x9 UNINSTALL
FlashGet 1.8.2.1001 --> C:\Program Files\FlashGet\uninst.exe
Free Window Registry Repair --> C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG
Games X Copy --> MsiExec.exe /X{22CDDA47-7205-4C64-B594-C94C5EE2CE70}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LANDE PMF PLAYER --> MsiExec.exe /I{84159FAA-47D7-4F5C-9E29-F38E23CBDB7F}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Macromedia HomeSite+ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}\Setup.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows Theme Ontario --> MsiExec.exe /X{9757283E-3FCA-4F3D-9257-928859318E55}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog --> MsiExec.exe /I{1240CF7E-11B6-4C95-B4E7-F524CF3F785A}
Nokia Multimedia Factory --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BD72E64C-F0DB-40CB-846B-611C57D8AB0C} /l2057
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PSP Video Express(remove only) --> "C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.0.0.43 --> C:\Program Files\RegCure\uninst.exe
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Rogers Self Healing Software (remove only) --> "C:\Program Files\Rogers\SelfHealing\uninst.exe"
Roxio Backup MyPC --> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
TopStyle Lite (Version 3.0) --> C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
Torrent Episode Downloader --> MsiExec.exe /I{C672363C-69EC-4549-B955-AA9997BCACDA}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Update Manager (remove only) --> "C:\Program Files\Rogers\Update Manager\uninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg  "enginecf.inf,RealUninstallSection,,4"
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XBC 5.1 --> C:\PROGRA~1\XBC\UNWISE.EXE C:\PROGRA~1\XBC\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type29338 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type29337 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type29336 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type29335 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type29334 / Error
Event Submitted/Written: 03/24/2008 03:12:02 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type71361 / Warning
Event Submitted/Written: 03/24/2008 02:34:40 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type71360 / Error
Event Submitted/Written: 03/24/2008 01:32:33 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.2 for the Network Card with network address 9800980098F0 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type71358 / Warning
Event Submitted/Written: 03/24/2008 01:32:32 PM
Event ID/Source: 8 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Did not receive auto-negotiation advertisement from link partner.  A duplex mismatch may occur.

Event Record #/Type71355 / Error
Event Submitted/Written: 03/24/2008 09:07:39 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.2 for the Network Card with network address 9800980098F0 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type71353 / Warning
Event Submitted/Written: 03/24/2008 09:07:34 AM
Event ID/Source: 8 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Did not receive auto-negotiation advertisement from link partner.  A duplex mismatch may occur.



-- End of Deckard's System Scanner: finished at 2008-03-24 15:12:19 ------------

15
Tech Clinic / Topic for some1ok
« on: March 24, 2008, 12:18:46 PM »
here it is

HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:22 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.turbo-search101.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: Highspeeddownloader.lnk = C:\WINDOWS\system32\SetupClickHere.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)

--
End of file - 11309 bytes

16
Tech Clinic / Topic for some1ok
« on: March 23, 2008, 09:36:34 PM »
i jus did something REALLy stupid =(

i think i downloaded a virus and INSTALLED IT http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

here is the youtube link from where i first saw this so called "high speed torrent" thing
http://youtube.com/watch?v=AMpDQz8_sos&feature=bz301

please help asap

17
Tech Clinic / Topic for some1ok
« on: March 19, 2008, 02:58:36 PM »
MBAM

Malwarebytes' Anti-Malware 1.08
Database version: 506

Scan type: Full Scan (C:\|)
Objects scanned: 168540
Time elapsed: 44 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\TWF0aGV3\asappsrv.dll.vir (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP632\A0146335.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178911.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178912.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178913.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178914.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178915.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178917.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178919.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178921.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178923.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180042.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180270.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180271.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180272.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.

ComboFix
ComboFix 08-03-17.1 - Mathew 2008-03-18 23:26:26.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.502 [GMT -4:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mathew\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\byddnslj.dll
C:\WINDOWS\system32\comyctgx.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\louggdya(4).dll
C:\WINDOWS\system32\mnbmjort.dll
C:\WINDOWS\system32\sclfrbhw.exe
C:\WINDOWS\system32\sehkywog.exe
C:\WINDOWS\system32\vtuvuvt.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\02032008_001353.log
C:\_OTMoveIt\MovedFiles\02032008_001353.res
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\QTFont.for
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\QTFont.qfn
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\afclphcl.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\aofhowyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\awmtyiop.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\axngxfum.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bbjjseyv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bdpeqctw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\brqpwybf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\btjsvbaq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bxkselcu.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bynedhug.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\cybkvget.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dudfovud.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dunfhdjs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\duoonbvd.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\egvccocs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\elowntrq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fcfokshy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fjuwbcsa.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fowyhsxj.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fwivhisp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\gxphnjwt.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\h323log.txt
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hfdksuik.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hlwpcugk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hnqdmvrg.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hntgtvos.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hqgsmriy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hvhmwiiy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ieroawar.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ipllfccv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ippnefck.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ivlmkvgn.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jbugsbix.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jeiipcsi.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jnacioyq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jxnaorra.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jydtqvbb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kfepkutf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kguhpelp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kkkduksp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\leqpfbxa.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\lhephphs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(2).dll
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(3).dll
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mhkjyfxn.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mitnheou.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\msbwkwqc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nebvrlkb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nfxloqyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nllekavm.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nnlvxtnh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nqdrfkrv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nythtitw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\oumeseis.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\phyvbbvk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pnjuhkcr.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pxkonjug.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rjhhkwgb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rtlqrwwj.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ruxhjjyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\sfsecrrw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\slaeinkp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\stokaygw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tgwcxqaw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcqlmmh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcuuktb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tyxcuwmf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ucxittxc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ufutgxpk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\uyauncnt.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\virgsvje.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vjjxpvtx.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vplcglyp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vqxxgwxy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wryafqwe.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wshvpnhu.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xbckvfdo.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xlvlaxap.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xobbsvip.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xokrmyvd.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xurqyxkv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xwctnyxc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ytcekcdh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\yxghwhui.exe
C:\_OTMoveIt\MovedFiles\02052008_175017.log
C:\_OTMoveIt\MovedFiles\02052008_175017.res
C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\wamilqvn.exe
C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\yygqlcjj.exe
C:\_OTMoveIt\MovedFiles\02052008_175024.log
C:\_OTMoveIt\MovedFiles\02052008_175024.res
C:\_OTMoveIt\MovedFiles\03172008_162242.log
C:\_OTMoveIt\MovedFiles\03172008_162242.res
C:\VundoFix Backups
C:\VundoFix Backups\aeuketyb.exe.bad
C:\VundoFix Backups\aldbpxki.exe.bad
C:\VundoFix Backups\bsiphhlh.exe.bad
C:\VundoFix Backups\dkeklfqu.exe.bad
C:\VundoFix Backups\dpllaehs.exe.bad
C:\VundoFix Backups\dyjkjnor.exe.bad
C:\VundoFix Backups\gryrgnyv.exe.bad
C:\VundoFix Backups\hpkfnpgn.exe.bad
C:\VundoFix Backups\hsoncatk.exe.bad
C:\VundoFix Backups\ijkkj.ini.bad
C:\VundoFix Backups\ijkkj.ini2.bad
C:\VundoFix Backups\ikaufucs.exe.bad
C:\VundoFix Backups\jkkji.dll.bad
C:\VundoFix Backups\jngkwjjm.exe.bad
C:\VundoFix Backups\jnrxdkbu.exe.bad
C:\VundoFix Backups\mhyrwhnv.exe.bad
C:\VundoFix Backups\mrsfpnet.exe.bad
C:\VundoFix Backups\mrwfmwvp.exe.bad
C:\VundoFix Backups\nncdfxer.exe.bad
C:\VundoFix Backups\ogoluuoe.exe.bad
C:\VundoFix Backups\PageHistory.txt.bad
C:\VundoFix Backups\pthyprtn.exe.bad
C:\VundoFix Backups\rdbfjubl.exe.bad
C:\VundoFix Backups\rwouqdwi.exe.bad
C:\VundoFix Backups\tiftdcaf.exe.bad
C:\VundoFix Backups\tkmgdgfr.exe.bad
C:\VundoFix Backups\tkmyxdnr.exe.bad
C:\VundoFix Backups\WebHistory.txt.bad
C:\VundoFix Backups\weumsjux.exe.bad
C:\VundoFix Backups\woqgqnxl.exe.bad
C:\VundoFix Backups\xwuxefbv.exe.bad
C:\VundoFix Backups\ykiwcned.exe.bad
C:\VundoFix Backups\ykuantjj.exe.bad
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon\domains.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon\log.txt
C:\WINDOWS\system32\louggdya(4).dll
C:\WINDOWS\system32\sclfrbhw.exe
C:\WINDOWS\system32\sehkywog.exe
C:\WINDOWS\system32\tf5
C:\WINDOWS\system32\xk1

.
(((((((((((((((((((((((((   Files Created from 2008-02-19 to 2008-03-19  )))))))))))))))))))))))))))))))
.

2008-03-17 16:28 . 2008-03-17 16:28    <DIR>    d--------    C:\WINDOWS\system32\Kaspersky Lab
2008-03-17 16:28 . 2008-03-17 16:28    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 19:01 . 2008-03-17 19:01    1,359,325    ---hs----    C:\WINDOWS\system32\trojmbnm.ini
2008-03-12 12:22 . 2008-03-13 23:50    <DIR>    d--------    C:\Program Files\Microsoft Games
2008-03-08 13:50 . 2008-03-08 13:50    <DIR>    d--------    C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 22:38 . 2008-03-06 22:39    <DIR>    d--------    C:\Program Files\Rogers
2008-03-05 23:26 . 2008-03-05 23:51    <DIR>    d--------    C:\Program Files\iPod(6)
2008-03-05 15:21 . 2008-03-05 23:51    <DIR>    d--------    C:\Program Files\ACW
2008-02-29 19:22 . 2008-03-05 23:51    <DIR>    d--------    C:\Program Files\iPod

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 00:07    ---------    d-----w    C:\Program Files\FlashGet
2008-03-14 03:55    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-03-12 20:35    ---------    d-----w    C:\Program Files\DivX
2008-03-12 02:00    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 03:51    ---------    d-----w    C:\Program Files\QuickTime
2008-03-06 03:51    ---------    d-----w    C:\Program Files\iTunes
2008-02-07 22:46    ---------    d-----w    C:\Program Files\Cakewalk
2008-02-07 16:23    ---------    d-----w    C:\Program Files\Kontakt Player 2
2008-02-07 16:23    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 20:15    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 20:10    118,784    ----a-w    C:\WINDOWS\dsdxirmv.exe
2008-02-01 20:22    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 20:21    ---------    d-----w    C:\Program Files\Windows Desktop Search
2008-02-01 20:12    ---------    d-----w    C:\Program Files\UltraISO
2008-02-01 20:08    ---------    d-----w    C:\Program Files\Yahoo!
2008-02-01 19:58    ---------    d-----w    C:\Program Files\Microsoft Expression
2008-02-01 19:41    ---------    d-----w    C:\Program Files\MSN Messenger
2008-02-01 19:41    ---------    d-----w    C:\Program Files\DellSupport
2008-02-01 19:41    ---------    d-----w    C:\Program Files\Common Files\LightScribe
2008-02-01 19:35    ---------    d-----w    C:\Program Files\Microsoft Works
2008-02-01 19:14    ---------    d-----w    C:\Program Files\MSBuild
2008-02-01 19:08    ---------    d-----w    C:\Program Files\Microsoft Visual Studio 8
2008-01-31 20:33    ---------    d-----w    C:\Program Files\Windows Installer Clean Up
2008-01-31 20:33    ---------    d-----w    C:\Program Files\MSECACHE
2008-01-31 03:43    ---------    d-----w    C:\Program Files\PowerISO
2008-01-30 15:41    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-30 14:54    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 23:15    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 01:59    ---------    dcsh--w    C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 01:59    ---------    d-----w    C:\Program Files\Windows Live
2008-01-24 01:59    ---------    d-----w    C:\Program Files\Messenger Plus! Live
2008-01-23 21:55    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 21:45    ---------    d-----w    C:\Program Files\Windows Live Safety Center
2008-01-23 20:59    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 20:58    ---------    d-----w    C:\Program Files\Lavasoft
2008-01-23 20:57    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:34    ---------    d-----w    C:\Program Files\CCleaner
2008-01-23 20:20    ---------    d-----w    C:\Program Files\Trend Micro
2008-01-23 20:10    ---------    d-----w    C:\Program Files\STOPzilla!
2008-01-23 20:10    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-23 20:05    1,024    ----a-w    C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 18:01    2,048    ----a-w    C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 18:00    ---------    d-----w    C:\Program Files\PrevxCSI
2008-01-22 17:39    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 17:39    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 16:26    ---------    d-----w    C:\Program Files\SUPERAntiSpyware
2008-01-22 16:26    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-22 16:25    ---------    d-----w    C:\Program Files\a-squared Anti-Malware
2008-01-22 16:23    5,120    ----a-w    C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 15:39    15,360    ----a-w    C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-22 15:39    15,360    ----a-w    C:\WINDOWS\system32\ctfmon.exe
2008-01-22 15:38    98,304    ----a-w    C:\WINDOWS\system32\igfxtray.exe
2008-01-22 15:38    94,208    ----a-w    C:\WINDOWS\system32\igfxpers.exe
2008-01-22 15:38    155,648    ----a-w    C:\WINDOWS\system32\NeroCheck.exe
2008-01-22 15:38    114,688    ----a-w    C:\WINDOWS\system32\hkcmd.exe
2008-01-22 15:36    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-22 03:53    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-22 03:38    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-22 02:34    25,773    ----a-w    C:\WINDOWS\system32\drivers\regguard.sys
2008-01-22 02:13    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 02:08    ---------    d-----w    C:\Program Files\Greatis
2008-01-22 01:00    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-22 00:55    716,272    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 19:47    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 07:07    33,292    ----a-w    C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-11 05:53    44,544    ----a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01    347,136    ----a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-04-28 13:06    173,376    -c--a-w    C:\Program Files\AO
2006-08-09 17:58    251    ----a-w    C:\Program Files\wt3d.ini
2006-08-09 02:00    149    ----a-w    C:\Program Files\INSTALL.LOG
2006-08-08 23:00    88    --sh--r    C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45    56    --sh--r    C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06    163,328    --sha-r    C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48    4,184    --sha-w    C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47    31,232    --sha-r    C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05    351    --sha-w    C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.

(((((((((((((((((((((((((((((   snapshot@2008-03-17_23.02.47.84   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-18 00:09:10    32,768    ----a-w    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-19 02:31:37    32,768    ----a-w    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-18 00:09:10    32,768    ----a-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 02:31:37    32,768    ----a-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 02:31:37    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 11:39 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 16:30 5166392]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 16:30 136504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 11:19 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-22 11:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 11:38 999424]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2008-01-22 11:39 303104]

C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 18:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 22:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 14:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 03:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:iPhone
"5061:UDP"= 5061:UDP:iPhone
"5062:UDP"= 5062:UDP:iPhone
"5004:UDP"= 5004:UDP:iPhone
"5005:UDP"= 5005:UDP:iPhone
"5006:UDP"= 5006:UDP:iPhone

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 14:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 13:00]
S3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 13:00]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 22:34]
S3 SupportAnyPC;SupportAnyPC Service;"C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -service []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-19 02:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 19:40:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 23:29:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Completion time: 2008-03-18 23:30:15
ComboFix-quarantined-files.txt  2008-03-19 03:30:07
ComboFix2.txt  2008-03-18 03:03:13
ComboFix3.txt  2008-02-03 21:39:40
ComboFix4.txt  2008-02-01 19:52:17
ComboFix5.txt  2008-01-30 15:32:34
.
2008-03-12 02:01:04    --- E O F ---  


Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:00 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)

--
End of file - 10891 bytes

18
Tech Clinic / Topic for some1ok
« on: March 17, 2008, 09:50:51 PM »
ComboFix log

ComboFix 08-03-17.1 - Mathew 2008-03-17 22:50:59.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.525 [GMT -4:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mathew\Application Data\SSEMBL~1
C:\Documents and Settings\Mathew\Application Data\SSEMBL~1\?ssembly\
C:\Program Files\network monitor
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM0b755898.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byddnslj.dll
C:\WINDOWS\system32\comyctgx.dll
C:\WINDOWS\system32\dcqiroil.ini
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\lioriqcd.dll
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prdroerp.dll
C:\WINDOWS\system32\vtuvuvt.dll
C:\WINDOWS\system32\wilvcmeb.dll
C:\WINDOWS\TWF0aGV3\
C:\WINDOWS\TWF0aGV3\\asappsrv.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor


(((((((((((((((((((((((((   Files Created from 2008-02-18 to 2008-03-18  )))))))))))))))))))))))))))))))
.

2008-03-17 16:28 . 2008-03-17 16:28    <DIR>    d--------    C:\WINDOWS\system32\Kaspersky Lab
2008-03-17 16:28 . 2008-03-17 16:28    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 19:01 . 2008-03-17 19:01    1,359,325    ---hs----    C:\WINDOWS\system32\trojmbnm.ini
2008-03-16 18:45 . 2008-03-16 23:20    <DIR>    d--------    C:\WINDOWS\system32\xk1
2008-03-16 18:45 . 2008-03-16 23:21    <DIR>    d--------    C:\WINDOWS\system32\tf5
2008-03-16 18:45 . 2008-03-16 18:45    <DIR>    d--------    C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
2008-03-16 18:45 . 2008-03-16 18:45    687,592    --a------    C:\WINDOWS\system32\atmtd.dll._
2008-03-16 18:45 . 2008-03-16 18:45    687,592    --a------    C:\WINDOWS\system32\atmtd.dll
2008-03-16 18:45 . 2008-03-16 18:45    37,376    --a------    C:\WINDOWS\mrofinu572.exe
2008-03-16 18:45 . 2008-03-16 18:45    37,376    --a------    C:\WINDOWS\mrofinu1000106.exe
2008-03-12 12:22 . 2008-03-13 23:50    <DIR>    d--------    C:\Program Files\Microsoft Games
2008-03-08 13:50 . 2008-03-08 13:50    <DIR>    d--------    C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 22:38 . 2008-03-06 22:39    <DIR>    d--------    C:\Program Files\Rogers
2008-03-05 23:26 . 2008-03-05 23:51    <DIR>    d--------    C:\Program Files\iPod(6)
2008-03-05 15:21 . 2008-03-05 23:51    <DIR>    d--------    C:\Program Files\ACW
2008-02-29 19:22 . 2008-03-05 23:51    <DIR>    d--------    C:\Program Files\iPod

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 00:07    ---------    d-----w    C:\Program Files\FlashGet
2008-03-14 03:55    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-03-12 20:35    ---------    d-----w    C:\Program Files\DivX
2008-03-12 02:00    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 03:51    ---------    d-----w    C:\Program Files\QuickTime
2008-03-06 03:51    ---------    d-----w    C:\Program Files\iTunes
2008-02-07 22:46    ---------    d-----w    C:\Program Files\Cakewalk
2008-02-07 16:23    ---------    d-----w    C:\Program Files\Kontakt Player 2
2008-02-07 16:23    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 20:15    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 20:10    118,784    ----a-w    C:\WINDOWS\dsdxirmv.exe
2008-02-01 20:22    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 20:21    ---------    d-----w    C:\Program Files\Windows Desktop Search
2008-02-01 20:12    ---------    d-----w    C:\Program Files\UltraISO
2008-02-01 20:08    ---------    d-----w    C:\Program Files\Yahoo!
2008-02-01 19:58    ---------    d-----w    C:\Program Files\Microsoft Expression
2008-02-01 19:41    ---------    d-----w    C:\Program Files\MSN Messenger
2008-02-01 19:41    ---------    d-----w    C:\Program Files\DellSupport
2008-02-01 19:41    ---------    d-----w    C:\Program Files\Common Files\LightScribe
2008-02-01 19:35    ---------    d-----w    C:\Program Files\Microsoft Works
2008-02-01 19:14    ---------    d-----w    C:\Program Files\MSBuild
2008-02-01 19:08    ---------    d-----w    C:\Program Files\Microsoft Visual Studio 8
2008-01-31 20:33    ---------    d-----w    C:\Program Files\Windows Installer Clean Up
2008-01-31 20:33    ---------    d-----w    C:\Program Files\MSECACHE
2008-01-31 03:43    ---------    d-----w    C:\Program Files\PowerISO
2008-01-30 15:41    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-30 14:54    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 23:15    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 01:59    ---------    dcsh--w    C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 01:59    ---------    d-----w    C:\Program Files\Windows Live
2008-01-24 01:59    ---------    d-----w    C:\Program Files\Messenger Plus! Live
2008-01-23 21:55    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 21:45    ---------    d-----w    C:\Program Files\Windows Live Safety Center
2008-01-23 20:59    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 20:58    ---------    d-----w    C:\Program Files\Lavasoft
2008-01-23 20:57    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:34    ---------    d-----w    C:\Program Files\CCleaner
2008-01-23 20:20    ---------    d-----w    C:\Program Files\Trend Micro
2008-01-23 20:10    ---------    d-----w    C:\Program Files\STOPzilla!
2008-01-23 20:10    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-23 20:05    1,024    ----a-w    C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 18:01    2,048    ----a-w    C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 18:00    ---------    d-----w    C:\Program Files\PrevxCSI
2008-01-22 17:39    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 17:39    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 16:26    ---------    d-----w    C:\Program Files\SUPERAntiSpyware
2008-01-22 16:26    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-22 16:25    ---------    d-----w    C:\Program Files\a-squared Anti-Malware
2008-01-22 16:23    5,120    ----a-w    C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 15:36    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-22 03:53    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-22 03:38    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-22 02:34    25,773    ----a-w    C:\WINDOWS\system32\drivers\regguard.sys
2008-01-22 02:13    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 02:08    ---------    d-----w    C:\Program Files\Greatis
2008-01-22 01:00    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-22 00:55    716,272    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 19:47    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 07:07    33,292    ----a-w    C:\WINDOWS\system32\drivers\scdemu.sys
2007-04-28 13:06    173,376    -c--a-w    C:\Program Files\AO
2006-08-09 17:58    251    ----a-w    C:\Program Files\wt3d.ini
2006-08-09 02:00    149    ----a-w    C:\Program Files\INSTALL.LOG
2006-08-08 23:00    88    --sh--r    C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45    56    --sh--r    C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06    163,328    --sha-r    C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48    4,184    --sha-w    C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47    31,232    --sha-r    C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05    351    --sha-w    C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E7848A1-3C96-424B-549F-2D5EFEC522D1}]
            C:\Program Files\Windows Media Player\qudawuqe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DA617EF-469F-4AD0-A378-605EC78D208C}]
            C:\Program Files\Movie Maker\pytegyri89104.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 11:39 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 16:30 5166392]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 16:30 136504]
"Uaol"="C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 11:19 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2008-01-22 11:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 11:38 999424]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2008-01-22 11:39 303104]

C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 18:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 22:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 14:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvuvt]
vtuvuvt.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 03:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:iPhone
"5061:UDP"= 5061:UDP:iPhone
"5062:UDP"= 5062:UDP:iPhone
"5004:UDP"= 5004:UDP:iPhone
"5005:UDP"= 5005:UDP:iPhone
"5006:UDP"= 5006:UDP:iPhone

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 14:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 13:00]
S3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 13:00]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 22:34]
S3 SupportAnyPC;SupportAnyPC Service;"C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -service []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 02:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 19:40:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 22:57:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2008-03-17 23:03:12 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-18 03:03:06
ComboFix2.txt  2008-02-03 21:39:40
ComboFix3.txt  2008-02-01 19:52:17
ComboFix4.txt  2008-01-30 15:32:34
.
2008-03-12 02:01:04    --- E O F ---  










HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:28 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: 0 - {6E7848A1-3C96-424B-549F-2D5EFEC522D1} - C:\Program Files\Windows Media Player\qudawuqe.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {8DA617EF-469F-4AD0-A378-605EC78D208C} - C:\Program Files\Movie Maker\pytegyri89104.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" -vt yazb
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: vtuvuvt - vtuvuvt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)

--
End of file - 11184 bytes

19
Tech Clinic / Topic for some1ok
« on: March 17, 2008, 07:38:49 PM »
OTMoveit

File/Folder C:\WINDOWS\system32\wamilqvn.exe not found.
File/Folder C:\WINDOWS\system32\wryafqwe.exe not found.
File/Folder C:\WINDOWS\system32\wshvpnhu.exe not found.
File/Folder C:\WINDOWS\system32\xbckvfdo.exe not found.
File/Folder C:\WINDOWS\system32\xlvlaxap.exe not found.
File/Folder C:\WINDOWS\system32\xobbsvip.exe not found.
File/Folder C:\WINDOWS\system32\xokrmyvd.exe not found.
File/Folder C:\WINDOWS\system32\xurqyxkv.exe not found.
File/Folder C:\WINDOWS\system32\xwctnyxc.exe not found.
File/Folder C:\WINDOWS\system32\ytcekcdh.exe not found.
File/Folder C:\WINDOWS\system32\yxghwhui.exe not found.
File/Folder C:\WINDOWS\system32\yygqlcjj.exe not found.
 
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_162242


Kaspersky Log

KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
      Monday, March 17, 2008 7:49:46 PM
      Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
      2600)
      Kaspersky Online Scanner version: 5.0.98.0
      Kaspersky Anti-Virus database last update: 17/03/2008
      Kaspersky Anti-Virus database records: 636169


      Scan Settings
      Scan using the following antivirus databaseextended
      Scan Archivestrue
      Scan Mail Basestrue

      Scan TargetMy Computer
      C:\
      D:\
      E:\

      Scan Statistics
      Total number of scanned objects135147
      Number of viruses found21
      Number of infected objects203
      Number of suspicious objects0
      Duration of the scan process02:28:56

      Infected Object NameVirus NameLast Action
      C:\Documents and Settings\All Users\Application
      Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked
      skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked
      skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is
      locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wsb
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2.gthr
      Object is locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked
      skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is
      locked skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked
      skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked
      skipped

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_bcc.dat Object
      is locked skipped

      C:\Documents and Settings\Mathew\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\cert8.db Object is locked
      skipped

      C:\Documents and Settings\Mathew\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\formhistory.dat Object is
      locked skipped

      C:\Documents and Settings\Mathew\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\history.dat Object is
      locked skipped

      C:\Documents and Settings\Mathew\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\key3.db Object is locked
      skipped

      C:\Documents and Settings\Mathew\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\search.sqlite Object is
      locked skipped

      C:\Documents and Settings\Mathew\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\urlclassifier2.sqlite
      Object is locked skipped

      C:\Documents and Settings\Mathew\Cookies\index.dat Object is locked
      skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Logs\Dfsr00005.log
      Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\pending.dat
      Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\dfsr.db
      Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsr.log
      Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsrtmp.log
      Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\tmp.edb
      Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\real\members.stg
      Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_001_ Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_002_ Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_003_ Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Application
      Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_MAP_ Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local
      Settings\History\History.IE5\index.dat Object is locked skipped

      C:\Documents and Settings\Mathew\Local
      Settings\History\History.IE5\MSHist012008031720080318\index.dat Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Temp\snapsnet.exe/data0006
      Infected: Trojan-Downloader.Win32.VB.caw skipped

      C:\Documents and Settings\Mathew\Local Settings\Temp\snapsnet.exe NSIS:
      infected - 1 skipped

      C:\Documents and Settings\Mathew\Local Settings\Temp\~DF2B3D.tmp Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Temp\~DF702E.tmp Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Temp\~DF7039.tmp Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
      locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\0WY8F8TH\wavvsnet[1].exe Infected:
      Trojan-Downloader.Win32.Small.swa skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\74VE2V6T\17PHolmes[1].cmt Infected:
      Trojan-Downloader.Win32.Agent.lbx skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\index.dat Object is locked skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\MA2TXEZJ\css4[1] Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\MA2TXEZJ\hctp[1] Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\NPAKQ9VN\ptch[1] Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\WD388BOH\17PHolmes[1].cmt Infected:
      Trojan-Downloader.Win32.Agent.lbx skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\WD388BOH\rasesnet[1].exe Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\YPHQMV20\iddqd[1] Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\YPHQMV20\snapsnet[1].exe/data0006 Infected:
      Trojan-Downloader.Win32.VB.caw skipped

      C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
      Files\Content.IE5\YPHQMV20\snapsnet[1].exe NSIS: infected - 1 skipped

      C:\Documents and Settings\Mathew\My Documents\My Music\iTunes\iTunes
      Library.itl Object is locked skipped

      C:\Documents and Settings\Mathew\ntuser.dat Object is locked skipped

      C:\Documents and Settings\Mathew\ntuser.dat.LOG Object is locked skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\duruaknp.dll.vir Infected:
      Trojan-Spy.Win32.VBStat.h skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\fravaxbv.dll.vir Infected:
      Packed.Win32.Klone.j skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\gdrileax.dll.vir Infected:
      Packed.Win32.Klone.j skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\jkkji.dll.vir Infected:
      not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\jsnardlx.dll.vir Infected:
      Packed.Win32.Klone.j skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\mdnsnjsd.dll.vir Infected:
      Trojan-Spy.Win32.VBStat.h skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\oplsisoj.dll.vir Infected:
      Trojan-Spy.Win32.VBStat.h skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\yosvesth.dll.vir Infected:
      Packed.Win32.Klone.j skipped

      C:\QooBox\Quarantine\C\WINDOWS\system32\yrideqtt.dll.vir Infected:
      Trojan-Spy.Win32.VBStat.h skipped

      C:\System Volume Information\MountPointManagerRemoteDatabase Object is
      locked skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131258.dll
      Infected: Trojan.Win32.BHO.g skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131259.dll
      Infected: Trojan.Win32.BHO.o skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe/data0002
      Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe
      NSIS: infected - 1 skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150502.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150503.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150504.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150505.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150506.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150507.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150508.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150509.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150510.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150511.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150512.dll
      Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150513.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150514.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150515.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150516.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150517.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150518.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150519.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150520.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150521.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150522.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150523.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150524.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150525.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150526.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150527.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150528.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150529.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150530.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150557.dll
      Infected: Trojan-Spy.Win32.VBStat.h skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150558.dll
      Infected: Packed.Win32.Klone.j skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150559.dll
      Infected: Packed.Win32.Klone.j skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150560.dll
      Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150561.dll
      Infected: Packed.Win32.Klone.j skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150562.dll
      Infected: Trojan-Spy.Win32.VBStat.h skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150563.dll
      Infected: Trojan-Spy.Win32.VBStat.h skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150564.dll
      Infected: Packed.Win32.Klone.j skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150565.dll
      Infected: Trojan-Spy.Win32.VBStat.h skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157105.dll
      Infected: not-a-virus:AdTool.Win32.WhenU.r skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157106.exe
      Infected: not-a-virus:AdTool.Win32.WhenU.t skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178911.exe
      Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178912.exe
      Infected: Trojan.Win32.BHO.ab skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178913.exe
      Infected: Trojan-Downloader.Win32.PurityScan.fj skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178914.exe
      Infected: Trojan-Downloader.Win32.Small.buy skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178915.exe
      Infected: Trojan-Downloader.Win32.VB.caw skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178916.exe
      Infected: Virus.Win32.Trats.d skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178917.dll
      Infected: Trojan.Win32.BHO.ab skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe/data0001
      Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe
      NSIS: infected - 1 skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178919.dll
      Infected: not-a-virus:AdWare.Win32.TTC.d skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe/data0002
      Infected: not-a-virus:AdWare.Win32.TTC.d skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe
      NSIS: infected - 1 skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178921.exe
      Infected: Trojan.Win32.Scapur.k skipped

      C:\System Volume
      Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\change.log
      Object is locked skipped

      C:\VundoFix Backups\aeuketyb.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\aldbpxki.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\bsiphhlh.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\dkeklfqu.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\dpllaehs.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\dyjkjnor.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\gryrgnyv.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\hpkfnpgn.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\hsoncatk.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\ikaufucs.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\jkkji.dll.bad Infected:
      not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

      C:\VundoFix Backups\jngkwjjm.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\jnrxdkbu.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\mhyrwhnv.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\mrsfpnet.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\mrwfmwvp.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\nncdfxer.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\ogoluuoe.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\pthyprtn.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\rdbfjubl.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\rwouqdwi.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\tiftdcaf.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\tkmgdgfr.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\tkmyxdnr.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\weumsjux.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\woqgqnxl.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\xwuxefbv.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\ykiwcned.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\VundoFix Backups\ykuantjj.exe.bad Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

      C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked
      skipped

      C:\WINDOWS\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.lbx
      skipped

      C:\WINDOWS\mrofinu572.exe Infected: Trojan-Downloader.Win32.Agent.lbx
      skipped

      C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4CB64E7B-E236-4508-99F5-329990CB0A2A}.crmlog
      Object is locked skipped

      C:\WINDOWS\SchedLgU.Txt Object is locked skipped

      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
      skipped

      C:\WINDOWS\Sti_Trace.log Object is locked skipped

      C:\WINDOWS\system32\byddnslj.dll Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

      C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

      C:\WINDOWS\system32\comyctgx.dll Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

      C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

      C:\WINDOWS\system32\config\default.LOG Object is locked skipped

      C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

      C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

      C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

      C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

      C:\WINDOWS\system32\config\SAM Object is locked skipped

      C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

      C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

      C:\WINDOWS\system32\config\SECURITY Object is locked skipped

      C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

      C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

      C:\WINDOWS\system32\config\software.LOG Object is locked skipped

      C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

      C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

      C:\WINDOWS\system32\config\system.LOG Object is locked skipped

      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application
      Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked
      skipped

      C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

      C:\WINDOWS\system32\h323log.txt Object is locked skipped

      C:\WINDOWS\system32\jkkll.dll Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\WINDOWS\system32\louggdya(4).dll Infected: Packed.Win32.Klone.j skipped


      C:\WINDOWS\system32\mnbmjort.dll Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\WINDOWS\system32\sclfrbhw.exe Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\WINDOWS\system32\sehkywog.exe Infected:
      not-a-virus:AdWare.Win32.Agent.at skipped

      C:\WINDOWS\system32\vtuvuvt.dll Infected:
      not-a-virus:AdWare.Win32.Virtumonde.gen skipped

      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
      skipped

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
      skipped

      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
      skipped

      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
      skipped

      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
      skipped

      C:\WINDOWS\TWF0aGV3\asappsrv.dll Infected:
      not-a-virus:AdWare.Win32.CommAd.a skipped

      C:\WINDOWS\wiadebug.log Object is locked skipped

      C:\WINDOWS\wiaservc.log Object is locked skipped

      C:\WINDOWS\WindowsUpdate.log Object is locked skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\afclphcl.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\aofhowyy.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\awmtyiop.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\axngxfum.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bbjjseyv.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bdpeqctw.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\brqpwybf.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\btjsvbaq.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bxkselcu.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bynedhug.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\cybkvget.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dudfovud.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dunfhdjs.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\duoonbvd.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\egvccocs.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\elowntrq.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fcfokshy.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fjuwbcsa.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fowyhsxj.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fwivhisp.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\gxphnjwt.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hfdksuik.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hlwpcugk.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hnqdmvrg.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hntgtvos.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hqgsmriy.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hvhmwiiy.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ieroawar.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ipllfccv.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ippnefck.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ivlmkvgn.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jbugsbix.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jeiipcsi.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jnacioyq.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jxnaorra.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jydtqvbb.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kfepkutf.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kguhpelp.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kkkduksp.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\leqpfbxa.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\lhephphs.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(2).dll
      Infected: Packed.Win32.Klone.j skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(3).dll
      Infected: Packed.Win32.Klone.j skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mhkjyfxn.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mitnheou.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\msbwkwqc.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nebvrlkb.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nfxloqyy.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nllekavm.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nnlvxtnh.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nqdrfkrv.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nythtitw.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\oumeseis.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\phyvbbvk.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pnjuhkcr.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pxkonjug.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rjhhkwgb.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rtlqrwwj.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ruxhjjyy.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\sfsecrrw.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\slaeinkp.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\stokaygw.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tgwcxqaw.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcqlmmh.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcuuktb.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tyxcuwmf.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ucxittxc.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ufutgxpk.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\uyauncnt.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\virgsvje.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vjjxpvtx.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vplcglyp.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vqxxgwxy.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wryafqwe.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wshvpnhu.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xbckvfdo.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xlvlaxap.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xobbsvip.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xokrmyvd.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xurqyxkv.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xwctnyxc.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ytcekcdh.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\yxghwhui.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\wamilqvn.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\yygqlcjj.exe
      Infected: not-a-virus:AdWare.Win32.Agent.at skipped

      Scan process completed.

Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:34 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [SupportAnyPC] "C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [08466b04] rundll32.exe "C:\WINDOWS\system32\lioriqcd.dll",b
O4 - HKLM\..\Run: [BM0b755898] Rundll32.exe "C:\WINDOWS\system32\prdroerp.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" -vt yazb
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0aGV3\command.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Out of the Box Consulting, Inc. - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe

--
End of file - 10315 bytes









its been a while lol....

20
Tech Clinic / Topic for some1ok
« on: February 03, 2008, 04:41:51 PM »
the computre is doing much better than the first stages of the infection....but i still know....its not its normal self. it takes alot more time to open programs than normal .....

here are the logs...


ComboFix log
ComboFix 08-02.03.1 - Mathew 2008-02-03 16:35:21.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.620 [GMT -5:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((   Files Created from 2008-01-03 to 2008-02-03  )))))))))))))))))))))))))))))))
.

2008-02-03 15:15 . 2008-02-03 15:15    <DIR>    d--------    C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 15:10 . 2008-02-03 15:10    118,784    --a------    C:\WINDOWS\dsdxirmv.exe
2008-02-03 15:01 . 2006-11-30 15:49    368,640    --a------    C:\WINDOWS\system32\ReWire.dll
2008-02-03 15:01 . 2004-04-13 14:48    233,472    --a------    C:\WINDOWS\system32\REX Shared Library.dll
2008-02-03 15:00 . 2008-02-03 15:00    <DIR>    d--------    C:\WINDOWS\LastGood
2008-02-03 15:00 . 2008-02-03 15:09    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 15:00 . 2008-02-03 15:27    <DIR>    d--------    C:\Cakewalk Projects
2008-02-03 00:15 . 2008-02-03 08:09    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-02-03 00:15 . 2008-02-03 00:15    1,409    --a------    C:\WINDOWS\QTFont.for
2008-02-03 00:13 . 2008-02-03 00:13    <DIR>    d--------    C:\_OTMoveIt
2008-02-02 10:30 . 2008-02-02 10:30    <DIR>    d--------    C:\WINDOWS\system32\Kaspersky Lab
2008-02-02 10:30 . 2008-02-02 10:30    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-01 15:22 . 2008-02-01 15:22    <DIR>    d--------    C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 15:21 . 2008-02-01 15:21    <DIR>    d--------    C:\Program Files\Windows Desktop Search
2008-02-01 15:21 . 2008-02-01 15:21    1,355    --a------    C:\WINDOWS\imsins.BAK
2008-02-01 15:20 . 2006-09-15 07:36    192,000    ---------    C:\WINDOWS\system32\dllcache\offfilt.dll
2008-02-01 15:20 . 2006-09-15 07:36    98,304    ---------    C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-02-01 15:20 . 2006-09-15 07:36    29,696    ---------    C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-02-01 14:57 . 2008-02-01 14:58    <DIR>    d--------    C:\Program Files\Microsoft Expression
2008-02-01 14:17 . 2006-10-26 19:56    32,592    --a------    C:\WINDOWS\system32\msonpmon.dll
2008-02-01 14:14 . 2008-02-01 14:14    <DIR>    d--------    C:\Program Files\MSBuild
2008-02-01 14:08 . 2008-02-01 14:08    <DIR>    d--------    C:\Program Files\Microsoft Visual Studio 8
2008-01-31 15:33 . 2008-01-31 15:33    <DIR>    d--------    C:\Program Files\Windows Installer Clean Up
2008-01-30 23:09 . 2008-02-02 10:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-30 22:43 . 2008-01-30 22:43    <DIR>    d--------    C:\Program Files\PowerISO
2008-01-30 12:22 . 2008-02-03 15:08    <DIR>    d--------    C:\Program Files\Cakewalk
2008-01-30 11:28 . 2008-01-30 11:30    <DIR>    d--------    C:\Program Files\DAEMON Tools Lite
2008-01-30 09:57 . 2008-01-30 10:15    <DIR>    d--------    C:\VundoFix Backups
2008-01-24 18:15 . 2008-01-24 18:15    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 19:15 . 2008-01-23 20:59    <DIR>    d--hsc---    C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 19:14 . 2008-01-30 10:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-23 19:06 . 2008-01-23 20:59    <DIR>    d--------    C:\Program Files\Windows Live
2008-01-23 18:52 . 2008-01-31 15:33    <DIR>    d--------    C:\Program Files\MSECACHE
2008-01-23 16:55 . 2008-01-23 16:55    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 15:58 . 2008-01-23 15:58    <DIR>    d--------    C:\Program Files\Lavasoft
2008-01-23 15:58 . 2008-01-23 15:59    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 15:34 . 2008-01-23 15:34    <DIR>    d--------    C:\Program Files\CCleaner
2008-01-23 15:20 . 2008-01-23 15:20    <DIR>    d--------    C:\Program Files\Trend Micro
2008-01-23 15:05 . 2008-01-23 15:05    1,024    --a------    C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 13:00 . 2008-01-22 13:01    2,048    --a------    C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 12:39 . 2008-01-22 12:39    <DIR>    d--------    C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 12:39 . 2008-01-22 12:39    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:39 . 2007-05-30 07:10    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 11:23 . 2008-01-22 11:23    5,120    --a------    C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 11:21 . 2008-01-23 15:10    <DIR>    d--------    C:\Program Files\STOPzilla!
2008-01-22 11:21 . 2008-01-23 15:10    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-22 10:55 . 2008-01-22 11:25    <DIR>    d--------    C:\Program Files\a-squared Anti-Malware
2008-01-22 10:36 . 2008-01-22 10:36    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-21 22:51 . 2008-01-22 13:00    <DIR>    d--------    C:\Program Files\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:53    <DIR>    d--------    C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:38    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 22:28 . 2008-01-22 10:39    15,360    --a------    C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-21 22:28 . 2008-01-22 10:39    15,360    --a------    C:\WINDOWS\system32\ctfmon.exe
2008-01-21 21:19 . 2008-01-22 10:38    155,648    --a------    C:\WINDOWS\system32\NeroCheck.exe
2008-01-21 21:18 . 2008-01-22 10:38    114,688    --a------    C:\WINDOWS\system32\hkcmd.exe
2008-01-21 21:18 . 2008-01-22 10:38    98,304    --a------    C:\WINDOWS\system32\igfxtray.exe
2008-01-21 21:18 . 2008-01-22 10:38    94,208    --a------    C:\WINDOWS\system32\igfxpers.exe
2008-01-21 21:13 . 2008-01-22 11:26    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-01-21 21:13 . 2008-01-22 11:26    <DIR>    d--------    C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-21 21:13 . 2008-01-21 21:13    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 21:09 . 2008-01-21 21:34    25,773    --a------    C:\WINDOWS\system32\drivers\regguard.sys
2008-01-21 21:08 . 2008-01-21 21:08    <DIR>    d--------    C:\Program Files\Greatis
2008-01-21 21:08 .     C:\WINDOWS\(2)        C:\ComboFix\winstart.bat
2008-01-21 20:13 . 2008-02-01 15:12    <DIR>    d--------    C:\Program Files\UltraISO
2008-01-21 20:00 . 2008-01-21 20:00    <DIR>    d--------    C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-21 19:55 . 2008-01-21 19:55    716,272    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 14:47 . 2008-02-01 15:08    <DIR>    d--------    C:\Program Files\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47    <DIR>    d--------    C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 02:07 . 2008-01-20 02:07    33,292    --a------    C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-10 15:27 . 2008-01-10 15:27    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts
2008-01-08 18:10 . 2008-01-16 15:16    <DIR>    d--------    C:\Program Files\Graboid

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 20:15    ---------    d-----w    C:\Program Files\FlashGet
2008-02-01 20:09    ---------    d-----w    C:\Program Files\DivX
2008-02-01 19:46    ---------    d-----w    C:\Program Files\iTunes
2008-02-01 19:41    ---------    d-----w    C:\Program Files\MSN Messenger
2008-02-01 19:41    ---------    d-----w    C:\Program Files\DellSupport
2008-02-01 19:41    ---------    d-----w    C:\Program Files\Common Files\LightScribe
2008-02-01 19:35    ---------    d-----w    C:\Program Files\Microsoft Works
2008-01-30 14:54    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 01:59    ---------    d-----w    C:\Program Files\Messenger Plus! Live
2008-01-23 21:45    ---------    d-----w    C:\Program Files\Windows Live Safety Center
2008-01-23 20:57    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:05    ---------    d-----w    C:\Program Files\QuickTime
2008-01-16 22:04    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Azureus
2008-01-16 20:16    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-01-14 23:11    ---------    d-----w    C:\Documents and Settings\Mathew\Application Data\Move Networks
2008-01-04 22:50    ---------    d-----w    C:\Program Files\Windows Media Connect 2
2008-01-04 22:50    ---------    d-----w    C:\Program Files\Windows Live Toolbar
2008-01-04 22:50    ---------    d-----w    C:\Program Files\NetWaiting
2008-01-04 22:50    ---------    d-----w    C:\Program Files\Modem Helper
2008-01-04 22:50    ---------    d-----w    C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-04 22:50    ---------    d-----w    C:\Program Files\GemMaster
2008-01-04 22:50    ---------    d-----w    C:\Program Files\ESPNMotion
2008-01-04 22:50    ---------    d-----w    C:\Program Files\AOL 9.0
2007-12-27 22:14    ---------    d-----w    C:\Program Files\eRightSoft
2007-12-27 21:48    ---------    d-----w    C:\Program Files\Red Kawa
2007-12-27 21:42    ---------    d-----w    C:\Program Files\E-Zsoft
2007-12-14 16:32    12,632    ----a-w    C:\WINDOWS\system32\lsdelete.exe
2007-12-14 02:14    ---------    d-----w    C:\Program Files\Veoh Networks
2007-12-11 22:34    9,464    ------w    C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34    9,336    ------w    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34    43,528    ------w    C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-11 22:34    129,784    ----a-w    C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34    120,056    ----a-w    C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34    118,520    ----a-w    C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:32    156,992    ----a-w    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-07 09:26    721,920    ----a-w    C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26    721,920    ------w    C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-04-28 13:06    173,376    -c--a-w    C:\Program Files\AO
2006-08-09 17:58    251    ----a-w    C:\Program Files\wt3d.ini
2006-08-09 02:00    149    ----a-w    C:\Program Files\INSTALL.LOG
2006-08-08 23:00    88    --sh--r    C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45    56    --sh--r    C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06    163,328    --sha-r    C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48    4,184    --sha-w    C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47    31,232    --sha-r    C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05    351    --sha-w    C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 10:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 10:19 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-30 10:18 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 02:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-22 10:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 10:38 999424]

C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 17:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 21:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 13:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 02:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-30 10:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

R3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 12:00]
R3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 12:00]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 21:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 23:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-03 20:45:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-30 20:40:13 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 16:39:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  MPFEXE = "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-03 16:39:39
ComboFix-quarantined-files.txt  2008-02-03 21:39:36
ComboFix2.txt  2008-02-01 19:52:17
ComboFix3.txt  2008-01-30 15:32:34
.
2008-02-02 14:52:20    --- E O F ---  

--------------------------------------------------------------------------------------------------------------------------
OTMoveit

C:\WINDOWS\system32\afclphcl.exe moved successfully.
C:\WINDOWS\system32\aofhowyy.exe moved successfully.
C:\WINDOWS\system32\awmtyiop.exe moved successfully.
C:\WINDOWS\system32\axngxfum.exe moved successfully.
C:\WINDOWS\system32\bbjjseyv.exe moved successfully.
C:\WINDOWS\system32\bdpeqctw.exe moved successfully.
C:\WINDOWS\system32\brqpwybf.exe moved successfully.
C:\WINDOWS\system32\btjsvbaq.exe moved successfully.
C:\WINDOWS\system32\bxkselcu.exe moved successfully.
C:\WINDOWS\system32\bynedhug.exe moved successfully.
C:\WINDOWS\system32\wryafqwe.exe moved successfully.
C:\WINDOWS\system32\wshvpnhu.exe moved successfully.
C:\WINDOWS\system32\xbckvfdo.exe moved successfully.
C:\WINDOWS\system32\xlvlaxap.exe moved successfully.
C:\WINDOWS\system32\xobbsvip.exe moved successfully.
C:\WINDOWS\system32\xokrmyvd.exe moved successfully.
C:\WINDOWS\system32\xurqyxkv.exe moved successfully.
C:\WINDOWS\system32\xwctnyxc.exe moved successfully.
C:\WINDOWS\system32\ytcekcdh.exe moved successfully.
C:\WINDOWS\system32\yxghwhui.exe moved successfully.
C:\WINDOWS\system32\cybkvget.exe moved successfully.
C:\WINDOWS\system32\dudfovud.exe moved successfully.
C:\WINDOWS\system32\dunfhdjs.exe moved successfully.
C:\WINDOWS\system32\duoonbvd.exe moved successfully.
C:\WINDOWS\system32\egvccocs.exe moved successfully.
C:\WINDOWS\system32\elowntrq.exe moved successfully.
C:\WINDOWS\system32\fcfokshy.exe moved successfully.
C:\WINDOWS\system32\fjuwbcsa.exe moved successfully.
C:\WINDOWS\system32\fowyhsxj.exe moved successfully.
C:\WINDOWS\system32\fwivhisp.exe moved successfully.
C:\WINDOWS\system32\gxphnjwt.exe moved successfully.
File move failed. C:\WINDOWS\system32\h323log.txt scheduled to be moved on reboot.
C:\WINDOWS\system32\hfdksuik.exe moved successfully.
C:\WINDOWS\system32\hlwpcugk.exe moved successfully.
C:\WINDOWS\system32\hnqdmvrg.exe moved successfully.
C:\WINDOWS\system32\hntgtvos.exe moved successfully.
C:\WINDOWS\system32\hqgsmriy.exe moved successfully.
C:\WINDOWS\system32\hvhmwiiy.exe moved successfully.
C:\WINDOWS\system32\ieroawar.exe moved successfully.
C:\WINDOWS\system32\ipllfccv.exe moved successfully.
C:\WINDOWS\system32\ippnefck.exe moved successfully.
C:\WINDOWS\system32\ivlmkvgn.exe moved successfully.
C:\WINDOWS\system32\jbugsbix.exe moved successfully.
C:\WINDOWS\system32\jeiipcsi.exe moved successfully.
C:\WINDOWS\system32\jnacioyq.exe moved successfully.
C:\WINDOWS\system32\jxnaorra.exe moved successfully.
C:\WINDOWS\system32\jydtqvbb.exe moved successfully.
C:\WINDOWS\system32\kfepkutf.exe moved successfully.
C:\WINDOWS\system32\kguhpelp.exe moved successfully.
C:\WINDOWS\system32\kkkduksp.exe moved successfully.
C:\WINDOWS\system32\leqpfbxa.exe moved successfully.
C:\WINDOWS\system32\lhephphs.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\louggdya(2).dll
C:\WINDOWS\system32\louggdya(2).dll NOT unregistered.
C:\WINDOWS\system32\louggdya(2).dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\louggdya(3).dll
C:\WINDOWS\system32\louggdya(3).dll NOT unregistered.
C:\WINDOWS\system32\louggdya(3).dll moved successfully.
C:\WINDOWS\system32\mhkjyfxn.exe moved successfully.
C:\WINDOWS\system32\mitnheou.exe moved successfully.
C:\WINDOWS\system32\msbwkwqc.exe moved successfully.
C:\WINDOWS\system32\nebvrlkb.exe moved successfully.
C:\WINDOWS\system32\nfxloqyy.exe moved successfully.
C:\WINDOWS\system32\nllekavm.exe moved successfully.
C:\WINDOWS\system32\nnlvxtnh.exe moved successfully.
C:\WINDOWS\system32\nqdrfkrv.exe moved successfully.
C:\WINDOWS\system32\nythtitw.exe moved successfully.
C:\WINDOWS\system32\oumeseis.exe moved successfully.
C:\WINDOWS\system32\phyvbbvk.exe moved successfully.
C:\WINDOWS\system32\pnjuhkcr.exe moved successfully.
C:\WINDOWS\system32\pxkonjug.exe moved successfully.
C:\WINDOWS\system32\rjhhkwgb.exe moved successfully.
C:\WINDOWS\system32\rtlqrwwj.exe moved successfully.
C:\WINDOWS\system32\ruxhjjyy.exe moved successfully.
File/Folder C:\WINDOWS\system32\sclfrbhw.exe ** not found.
C:\WINDOWS\system32\sfsecrrw.exe moved successfully.
C:\WINDOWS\system32\slaeinkp.exe moved successfully.
C:\WINDOWS\system32\stokaygw.exe moved successfully.
C:\WINDOWS\system32\tgwcxqaw.exe moved successfully.
C:\WINDOWS\system32\ttcqlmmh.exe moved successfully.
C:\WINDOWS\system32\ttcuuktb.exe moved successfully.
C:\WINDOWS\system32\tyxcuwmf.exe moved successfully.
C:\WINDOWS\system32\ucxittxc.exe moved successfully.
C:\WINDOWS\QTFont.qfn moved successfully.
C:\WINDOWS\QTFont.for moved successfully.
C:\WINDOWS\system32\ufutgxpk.exe moved successfully.
C:\WINDOWS\system32\uyauncnt.exe moved successfully.
C:\WINDOWS\system32\virgsvje.exe moved successfully.
C:\WINDOWS\system32\vjjxpvtx.exe moved successfully.
C:\WINDOWS\system32\vplcglyp.exe moved successfully.
C:\WINDOWS\system32\vqxxgwxy.exe moved successfully.
File/Folder C:\Program Files\AdVantage not found.
 
OTMoveIt2 v1.0.17 log created on 02032008_001353

--------------------------------------------------------------------------------------------------------------------------
HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:30 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 10110 bytes

Pages: [1] 2