Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - omal

Pages: [1]

Tech Clinic / For guestolo

« on: November 05, 2008, 11:57:25 PM »

Yes, I did add those manually, and things seem to be better, I'll let you know of any other problems, one problem i'm almost sure will happen next time I boot up, but i'll save that for tomorrow. Besides that, I just need help with my C: Drive failure (hardware section).

Tech Clinic / For guestolo

« on: November 05, 2008, 11:32:02 PM »

You always know what to do.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

ComboFix Log

ComboFix 08-11-04.02 - Owner 2008-11-05 23:08:47.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Common Files\uninstall information
c:\program files\oemji
c:\program files\SecCenter
c:\program files\SideFind
c:\program files\Video Add-on
c:\windows\Casino.ico
c:\windows\cookies.ini
c:\windows\Free Online Dating.ico
c:\windows\IE4 Error Log.txt
c:\windows\PerfInfo
c:\windows\PerfInfo\aAFgPd1P3Xuc.exe
c:\windows\PerfInfo\aAFgPd1P3Xud.exe
c:\windows\ppqvmpqr
c:\windows\ppqvmpqr\1.png
c:\windows\ppqvmpqr\2.png
c:\windows\ppqvmpqr\3.png
c:\windows\ppqvmpqr\4.png
c:\windows\ppqvmpqr\5.png
c:\windows\ppqvmpqr\6.png
c:\windows\ppqvmpqr\bottom-rc.gif
c:\windows\ppqvmpqr\content.png
c:\windows\ppqvmpqr\download.gif
c:\windows\ppqvmpqr\frame-bottom-left.gif
c:\windows\ppqvmpqr\frame-h1bg.gif
c:\windows\ppqvmpqr\head.png
c:\windows\ppqvmpqr\indexuc.html
c:\windows\ppqvmpqr\indexud.html
c:\windows\ppqvmpqr\main.css
c:\windows\ppqvmpqr\net.png
c:\windows\ppqvmpqr\pc-mag.gif
c:\windows\ppqvmpqr\pc.gif
c:\windows\ppqvmpqr\poloska1.png
c:\windows\ppqvmpqr\poloska2.png
c:\windows\ppqvmpqr\poloska3.png
c:\windows\ppqvmpqr\promouc1.html
c:\windows\ppqvmpqr\promouc2.html
c:\windows\ppqvmpqr\promouc3.html
c:\windows\ppqvmpqr\promouc4.html
c:\windows\ppqvmpqr\promouc5.html
c:\windows\ppqvmpqr\promoud1.html
c:\windows\ppqvmpqr\promoud2.html
c:\windows\ppqvmpqr\promoud3.html
c:\windows\ppqvmpqr\promoud4.html
c:\windows\ppqvmpqr\promoud5.html
c:\windows\ppqvmpqr\reg.png
c:\windows\ppqvmpqr\repair.png
c:\windows\ppqvmpqr\scr-1.png
c:\windows\ppqvmpqr\scr-2.png
c:\windows\ppqvmpqr\styles.css
c:\windows\ppqvmpqr\top-rc.gif
c:\windows\ppqvmpqr\vline.gif
c:\windows\Spyware Remover.ico
c:\windows\system32\ahomsoph.ini
c:\windows\system32\ajpypjqi.ini
c:\windows\system32\anxerknx.ini
c:\windows\system32\anyimomx.ini
c:\windows\system32\bbhwgcfy.ini
c:\windows\system32\bejixwqe.ini
c:\windows\system32\bhjeyutl.ini
c:\windows\system32\bhvkjwai.ini
c:\windows\system32\bqfuguax.ini
c:\windows\system32\brjdhhrp.ini
c:\windows\system32\bwqdiqrl.ini
c:\windows\system32\bxgudjfj.ini
c:\windows\system32\carvwxck.ini
c:\windows\system32\ccyhvotr.ini
c:\windows\system32\cdeeg.bak1
c:\windows\system32\cdeeg.bak2
c:\windows\system32\cdeeg.ini
c:\windows\system32\cdeeg.ini2
c:\windows\system32\cdeeg.tmp
c:\windows\system32\ceiadoof.ini
c:\windows\system32\chahwttl.ini
c:\windows\system32\cknrxxfn.ini
c:\windows\system32\coikupyl.ini
c:\windows\system32\config\systemprofile\Application Data\SpamBlockerUtility
c:\windows\system32\coygqbfl.ini
c:\windows\system32\cvrxcuse.ini
c:\windows\system32\dgpihykj.ini
c:\windows\system32\diokravp.ini
c:\windows\system32\dlrafrga.ini
c:\windows\system32\dmjlqcgs.ini
c:\windows\system32\dnyieaaj.ini
c:\windows\system32\docpegif.ini
c:\windows\system32\doevlgyi.ini
c:\windows\system32\ekkavbym.ini
c:\windows\system32\enaavlny.ini
c:\windows\system32\esxsutrd.ini
c:\windows\system32\etfnwsmb.ini
c:\windows\system32\euvnyfkr.ini
c:\windows\system32\fcwrcckm.ini
c:\windows\system32\fefodmqu.ini
c:\windows\system32\ffmuelim.ini
c:\windows\system32\fgpusilp.ini
c:\windows\system32\fomrmlep.ini
c:\windows\system32\fougkynp.ini
c:\windows\system32\fsbkfovf.ini
c:\windows\system32\gbbuxqoy.ini
c:\windows\system32\gbfjncal.ini
c:\windows\system32\ghijvsrc.ini
c:\windows\system32\glgttwtc.ini
c:\windows\system32\gqptvxaw.ini
c:\windows\system32\grghsjbe.ini
c:\windows\system32\gtrgmeyv.ini
c:\windows\system32\hdxkhtey.ini
c:\windows\system32\hdycgtqt.ini
c:\windows\system32\hivlbtav.ini
c:\windows\system32\hmdejtql.ini
c:\windows\system32\horuahqy.ini
c:\windows\system32\hpbfkcnv.ini
c:\windows\system32\hxgkrvhr.ini
c:\windows\system32\ialxondx.ini
c:\windows\system32\iehycnxp.ini
c:\windows\system32\ilcpscuo.ini
c:\windows\system32\inrairdc.ini
c:\windows\system32\instsrv.exe
c:\windows\system32\iwbvvpfe.ini
c:\windows\system32\iyftlokh.ini
c:\windows\system32\jaidtrgw.ini
c:\windows\system32\jalpcvoy.ini
c:\windows\system32\jcdqcijr.ini
c:\windows\system32\jimjykpg.ini
c:\windows\system32\jknkbsrs.ini
c:\windows\system32\jqbttrtr.ini
c:\windows\system32\juvprpba
c:\windows\system32\juvprpba\bg1.gif
c:\windows\system32\juvprpba\bgtop.gif
c:\windows\system32\juvprpba\bottom1.gif
c:\windows\system32\juvprpba\essentials.gif
c:\windows\system32\juvprpba\icon1.ico
c:\windows\system32\juvprpba\install1.gif
c:\windows\system32\juvprpba\left1.gif
c:\windows\system32\juvprpba\li.gif
c:\windows\system32\juvprpba\logo.gif
c:\windows\system32\juvprpba\main.htm
c:\windows\system32\juvprpba\mainframe.htm
c:\windows\system32\juvprpba\reinstall1.gif
c:\windows\system32\juvprpba\right1.gif
c:\windows\system32\juvprpba\s1.htm
c:\windows\system32\juvprpba\s2.htm
c:\windows\system32\juvprpba\s3.htm
c:\windows\system32\juvprpba\SMTop1.gif
c:\windows\system32\juvprpba\SMTop2.gif
c:\windows\system32\juvprpba\SMTop3.gif
c:\windows\system32\juvprpba\SMTop4.gif
c:\windows\system32\juvprpba\soft1_off.gif
c:\windows\system32\juvprpba\soft1_off_ext.gif
c:\windows\system32\juvprpba\soft1_on.gif
c:\windows\system32\juvprpba\soft1_on_ext.gif
c:\windows\system32\juvprpba\soft2_off.gif
c:\windows\system32\juvprpba\soft2_off_ext.gif
c:\windows\system32\juvprpba\soft2_on.gif
c:\windows\system32\juvprpba\soft2_on_ext.gif
c:\windows\system32\juvprpba\soft3_off.gif
c:\windows\system32\juvprpba\soft3_off_ext.gif
c:\windows\system32\juvprpba\soft3_on.gif
c:\windows\system32\juvprpba\soft3_on_ext.gif
c:\windows\system32\juvprpba\softbottom_off.gif
c:\windows\system32\juvprpba\softbottom_on.gif
c:\windows\system32\juvprpba\softleft_off.gif
c:\windows\system32\juvprpba\softleft_on.gif
c:\windows\system32\juvprpba\top1.gif
c:\windows\system32\juvprpba\top2.gif
c:\windows\system32\juvprpba\turnoff1.gif
c:\windows\system32\juvprpba\turnon1.gif
c:\windows\system32\jvsqsnto.ini
c:\windows\system32\kbldkvfs.ini
c:\windows\system32\kdoujikd.ini
c:\windows\system32\kerpocpl.ini
c:\windows\system32\khcygwdn.ini
c:\windows\system32\kifsvivp.ini
c:\windows\system32\kytcbmrq.ini
c:\windows\system32\lglpidua.ini
c:\windows\system32\lijtfftp.ini
c:\windows\system32\lorcpthw.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mhjfplnf.ini
c:\windows\system32\mhjuqooi.ini
c:\windows\system32\mkhktigo.ini
c:\windows\system32\mmfcywqi.ini
c:\windows\system32\mnsqtvmi.ini
c:\windows\system32\mocmigcw.ini
c:\windows\system32\mpgkqgon.ini
c:\windows\system32\mqssuuwq.ini
c:\windows\system32\mvwocjjf.ini
c:\windows\system32\mwxqyrcs.ini
c:\windows\system32\mydpkrmk.ini
c:\windows\system32\nhiygvii.ini
c:\windows\system32\njprckha
c:\windows\system32\njprckha\bg1.gif
c:\windows\system32\njprckha\bgtop.gif
c:\windows\system32\njprckha\bottom1.gif
c:\windows\system32\njprckha\essentials.gif
c:\windows\system32\njprckha\icon1.ico
c:\windows\system32\njprckha\install1.gif
c:\windows\system32\njprckha\left1.gif
c:\windows\system32\njprckha\li.gif
c:\windows\system32\njprckha\logo.gif
c:\windows\system32\njprckha\main.htm
c:\windows\system32\njprckha\mainframe.htm
c:\windows\system32\njprckha\reinstall1.gif
c:\windows\system32\njprckha\right1.gif
c:\windows\system32\njprckha\s1.htm
c:\windows\system32\njprckha\s2.htm
c:\windows\system32\njprckha\s3.htm
c:\windows\system32\njprckha\SMTop1.gif
c:\windows\system32\njprckha\SMTop2.gif
c:\windows\system32\njprckha\SMTop3.gif
c:\windows\system32\njprckha\SMTop4.gif
c:\windows\system32\njprckha\soft1_off.gif
c:\windows\system32\njprckha\soft1_off_ext.gif
c:\windows\system32\njprckha\soft1_on.gif
c:\windows\system32\njprckha\soft1_on_ext.gif
c:\windows\system32\njprckha\soft2_off.gif
c:\windows\system32\njprckha\soft2_off_ext.gif
c:\windows\system32\njprckha\soft2_on.gif
c:\windows\system32\njprckha\soft2_on_ext.gif
c:\windows\system32\njprckha\soft3_off.gif
c:\windows\system32\njprckha\soft3_off_ext.gif
c:\windows\system32\njprckha\soft3_on.gif
c:\windows\system32\njprckha\soft3_on_ext.gif
c:\windows\system32\njprckha\softbottom_off.gif
c:\windows\system32\njprckha\softbottom_on.gif
c:\windows\system32\njprckha\softleft_off.gif
c:\windows\system32\njprckha\softleft_on.gif
c:\windows\system32\njprckha\top1.gif
c:\windows\system32\njprckha\top2.gif
c:\windows\system32\njprckha\turnoff1.gif
c:\windows\system32\njprckha\turnon1.gif
c:\windows\system32\njvbtmsr.ini
c:\windows\system32\nkhnfors.ini
c:\windows\system32\nt68rrtc12.sys
c:\windows\system32\ntdpsgak.ini
c:\windows\system32\ntenpabt.ini
c:\windows\system32\nuinopsd
c:\windows\system32\nuinopsd\bg1.gif
c:\windows\system32\nuinopsd\bgtop.gif
c:\windows\system32\nuinopsd\bottom1.gif
c:\windows\system32\nuinopsd\essentials.gif
c:\windows\system32\nuinopsd\icon1.ico
c:\windows\system32\nuinopsd\install1.gif
c:\windows\system32\nuinopsd\left1.gif
c:\windows\system32\nuinopsd\li.gif
c:\windows\system32\nuinopsd\logo.gif
c:\windows\system32\nuinopsd\main.htm
c:\windows\system32\nuinopsd\mainframe.htm
c:\windows\system32\nuinopsd\nuinopsd3.exe
c:\windows\system32\nuinopsd\reinstall1.gif
c:\windows\system32\nuinopsd\right1.gif
c:\windows\system32\nuinopsd\s1.htm
c:\windows\system32\nuinopsd\s2.htm
c:\windows\system32\nuinopsd\s3.htm
c:\windows\system32\nuinopsd\SMTop1.gif
c:\windows\system32\nuinopsd\SMTop2.gif
c:\windows\system32\nuinopsd\SMTop3.gif
c:\windows\system32\nuinopsd\SMTop4.gif
c:\windows\system32\nuinopsd\soft1_off.gif
c:\windows\system32\nuinopsd\soft1_off_ext.gif
c:\windows\system32\nuinopsd\soft1_on.gif
c:\windows\system32\nuinopsd\soft1_on_ext.gif
c:\windows\system32\nuinopsd\soft2_off.gif
c:\windows\system32\nuinopsd\soft2_off_ext.gif
c:\windows\system32\nuinopsd\soft2_on.gif
c:\windows\system32\nuinopsd\soft2_on_ext.gif
c:\windows\system32\nuinopsd\soft3_off.gif
c:\windows\system32\nuinopsd\soft3_off_ext.gif
c:\windows\system32\nuinopsd\soft3_on.gif
c:\windows\system32\nuinopsd\soft3_on_ext.gif
c:\windows\system32\nuinopsd\softbottom_off.gif
c:\windows\system32\nuinopsd\softbottom_on.gif
c:\windows\system32\nuinopsd\softleft_off.gif
c:\windows\system32\nuinopsd\softleft_on.gif
c:\windows\system32\nuinopsd\top1.gif
c:\windows\system32\nuinopsd\top2.gif
c:\windows\system32\nuinopsd\turnoff1.gif
c:\windows\system32\nuinopsd\turnon1.gif
c:\windows\system32\nwrhucfv.ini
c:\windows\system32\oflkrfyl.ini
c:\windows\system32\oioibprv.ini
c:\windows\system32\optktxmc.ini
c:\windows\system32\oqavjxac.ini
c:\windows\system32\oxjgncvb.ini
c:\windows\system32\oxrmvpcn.ini
c:\windows\system32\pffuhaha.ini
c:\windows\system32\pfjpleuu.ini
c:\windows\system32\piypxmem.ini
c:\windows\system32\psjrqshk.ini
c:\windows\system32\pvqdluac.ini
c:\windows\system32\qdachcji.ini
c:\windows\system32\qeoglkqx.ini
c:\windows\system32\rbgfmtjf.ini
c:\windows\system32\rbxjgwhl.ini
c:\windows\system32\rdicwlpo.ini
c:\windows\system32\rhepoojg.ini
c:\windows\system32\rhykwpiw.ini
c:\windows\system32\robkkprm.ini
c:\windows\system32\roddwasp.ini
c:\windows\system32\segtxmgx.ini
c:\windows\system32\shqwcsig.ini
c:\windows\system32\sikyjthp.ini
c:\windows\system32\silrmfao.ini
c:\windows\system32\sjahvbyb.ini
c:\windows\system32\skrbyipy.ini
c:\windows\system32\skrobpfd.ini
c:\windows\system32\slanrbwv.ini
c:\windows\system32\sliwhqog.ini
c:\windows\system32\sluoyuvb.ini
c:\windows\system32\smmbklpk.ini
c:\windows\system32\sstediwj.ini
c:\windows\system32\supygvpd.ini
c:\windows\system32\swinekkk.ini
c:\windows\system32\swiodouo.ini
c:\windows\system32\sxersksm.ini
c:\windows\system32\tbisvmxh.ini
c:\windows\system32\tfipdiwu.ini
c:\windows\system32\tjccryhu.ini
c:\windows\system32\tnajlmud.ini
c:\windows\system32\tybpkkgb.ini
c:\windows\system32\tykupole.ini
c:\windows\system32\tymnefve.ini
c:\windows\system32\ucevoufh.ini
c:\windows\system32\ugkhxvhe.ini
c:\windows\system32\ugvfdfdn.ini
c:\windows\system32\uhryefwa.ini
c:\windows\system32\uqghaswj.ini
c:\windows\system32\uqnrvave.ini
c:\windows\system32\uxiassui.ini
c:\windows\system32\vbmhjkkb.ini
c:\windows\system32\vbwypsil.ini
c:\windows\system32\vdnqsrgx.ini
c:\windows\system32\vghaggtm.ini
c:\windows\system32\vxsuaxwq.ini
c:\windows\system32\vybsnqmv.ini
c:\windows\system32\warwytvn.ini
c:\windows\system32\wwiqbnup.ini
c:\windows\system32\xitkcxep.ini
c:\windows\system32\xjchxxer.ini
c:\windows\system32\xqortocn.ini
c:\windows\system32\xsdgdyun.ini
c:\windows\system32\xsiipmin.ini
c:\windows\system32\xsxboqbw.ini
c:\windows\system32\xvvslkgf.ini
c:\windows\system32\xxwiedca.ini
c:\windows\system32\ydchiowo.ini
c:\windows\system32\yiccutgf.ini
c:\windows\system32\yiqghqbw.ini
c:\windows\system32\yjrrbkwi.ini
c:\windows\system32\yrvoiyji.ini
c:\windows\system32\yybogtsb.ini
c:\windows\system32\yyhhtobj.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZESOFT

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-05 20:30 . 2008-11-05 20:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-05 20:29 . 2008-11-05 20:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 20:29 . 2008-11-05 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 20:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 20:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 00:33 . 2008-11-05 00:34 <DIR> d-------- C:\rsit
2008-11-04 23:41 . 2008-11-04 23:41 <DIR> d-------- c:\program files\Trend Micro
2008-11-03 20:46 . 2008-11-03 23:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3
2008-10-25 23:03 . 2008-10-25 23:03 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-25 23:03 . 2008-10-25 23:03 1,409 --a------ c:\windows\QTFont.for
2008-10-15 06:40 . 2008-10-15 06:40 <DIR> d-------- c:\program files\Symantec
2008-10-15 06:40 . 2008-10-15 06:40 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-15 06:40 . 2008-10-15 06:40 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-10-15 06:40 . 2008-10-15 06:39 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-10-15 06:39 . 2008-10-15 06:39 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-10-15 06:38 . 2008-10-15 06:38 <DIR> d-------- c:\program files\Norton AntiVirus
2008-10-15 06:24 . 2008-10-15 06:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2008-10-15 06:24 . 2008-10-15 06:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-10-15 06:23 . 2008-10-15 06:23 <DIR> d-------- c:\program files\NortonInstaller
2008-10-15 06:23 . 2008-10-15 06:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 00:25 --------- d-----w c:\program files\Plaxo
2008-11-05 07:12 --------- d-----w c:\program files\WildTangent
2008-11-05 07:10 --------- d-----w c:\program files\Viewpoint
2008-11-05 07:10 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-05 04:37 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-03 21:28 --------- d-----w c:\program files\Phun
2008-11-03 21:26 --------- d-----w c:\program files\Google
2008-11-02 01:28 30 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2008-10-15 12:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-15 11:40 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-15 11:40 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-06 06:01 --------- d-----w c:\program files\DivX
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-11 22:27 --------- d-----w c:\program files\IGZones
2008-09-07 17:18 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-09-07 09:53 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-09-07 09:47 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-09-07 09:38 --------- d-----w c:\program files\Yahoo!
2008-08-20 05:33 667,648 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
2004-04-21 00:46 56 --sh--r c:\windows\system32\32B637D536.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-05_ 3.22.36.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-06 00:25:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [BU]
"PlaxoUpdate"="c:\program files\Plaxo\3.16.0.49\PlaxoHelper_en.exe" [2008-10-04 369223]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"PlaxoSysTray"="c:\program files\Plaxo\3.16.0.49\PlaxoSysTray.exe" [2008-10-04 20480]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"NVIEW"="nview.dll" [2003-05-03 c:\windows\system32\nview.dll]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-07 27136]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-07-26 552960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-07-24 16384]
PI Monitor.lnk - c:\program files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2006-02-16 86016]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-09-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 05:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Online Services\\AOL80US\\InstallEmail Removedexe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cwsgcutz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 23:15:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-11-05 23:28:30
ComboFix-quarantined-files.txt 2008-11-06 04:26:58

Pre-Run: 69,525,766,144 bytes free
Post-Run: 69,530,775,552 bytes free

509 --- E O F --- 2008-11-05 11:53:40

Tech Clinic / For guestolo

« on: November 05, 2008, 10:59:31 PM »

Will do, right now.

Tech Clinic / For guestolo

« on: November 05, 2008, 10:43:39 PM »

I am afraid I couldn't find it. Here is a picture of the message I received, when I should've received my log.

Tech Clinic / For guestolo

« on: November 05, 2008, 10:22:54 PM »

I was able to do everything, including the ComboFix scan, but I couldn't get a log to save for ComboFix, I have a screenshot showing what it says if you want to see it.

Tech Clinic / For guestolo

« on: November 05, 2008, 10:21:18 PM »

Fresh HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19, on 2008-11-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wowway.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.16.0.49\PlaxoSysTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.atribune.org
O15 - Trusted Zone: http://download.bleepingcomputer.com
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.citrix.com/FILES/en/produ...rent/ica32t.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126907207156
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11140 bytes

Tech Clinic / For guestolo

« on: November 05, 2008, 10:18:50 PM »

MBAM Log

Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 5.1.2600 Service Pack 2
2008-11-05 22:10:36
mbam-log-2008-11-05 (22-10-36).txt
Scan type: Quick Scan
Objects scanned: 56331
Time elapsed: 22 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 81
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3c1a06cc-3981-4db9-b5b6-b4b8ecb1d7f2}
(Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9387eaa3-66dc-4da5-b40b-c9d080d6f818}
(Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9cddfbc2-8dc8-4f01-9143-9685d6e16dfc}
(Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cc9aa028-d639-442f-b97d-a2dad8f293a2}
(Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}
(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}
(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}
(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MsSC2 (Trojan.Downloader) ->
Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\wowrlegl (Rogue.Multiple) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\okqipwgf (Rogue.Multiple) -> Quarantined and deleted
successfully.
Files Infected:
C:\WINDOWS\system32\wowrlegl\bg1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\bgtop.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\bottom1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\essentials.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\icon1.ico (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\install1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\left1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\li.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\logo.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\main.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\mainframe.htm (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\reinstall1.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\right1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\s1.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\s2.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\s3.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\SMTop1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\SMTop2.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\SMTop3.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\SMTop4.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft1_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft1_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft1_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft1_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft2_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft2_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft2_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft2_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft3_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft3_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft3_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft3_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\softbottom_off.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\softbottom_on.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\softleft_off.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\softleft_on.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\top1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\top2.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\turnoff1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\turnon1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\bg1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\bgtop.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\bottom1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\essentials.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\icon1.ico (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\install1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\left1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\li.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\logo.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\main.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\mainframe.htm (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\reinstall1.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\right1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\s1.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\s2.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\s3.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\SMTop1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\SMTop2.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\SMTop3.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\SMTop4.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft1_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft1_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft1_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft1_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft2_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft2_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft2_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft2_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft3_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft3_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft3_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft3_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\softbottom_off.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\softbottom_on.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\softleft_off.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\softleft_on.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\top1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\top2.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\turnoff1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\turnon1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf (Adware.Hotbar)
-> Quarantined and deleted successfully.

Tech Clinic / For guestolo

« on: November 05, 2008, 07:40:15 PM »

I'm just keeping you updated.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / For guestolo

« on: November 05, 2008, 07:37:09 PM »

Okay I'm having problems with the combofix.exe file, but I have only tried it once, I'll try again. Also, two identical files named ''dumprep.exe'' are (I think) running a program called ''Microsoft Installer'' that tries to download games to my computer, however, it takes a long time to close and,before the files disappear, take up a LOT of CPU.

Thanks for all your help.

Tech Clinic / For guestolo

« on: November 05, 2008, 01:43:28 AM »

Thanks for your help, I just didn't want all my posts to be all informative and nothing social

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />.

Tech Clinic / For guestolo

« on: November 05, 2008, 01:37:07 AM »

That's a lot of stuff, god i'm not sure how you found about all that, I feel unsecure

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />. And as for following instructions, I deemed it unessecary to save it to my desktop (still wondering how you figured out that I didn't) as I already got the two documents you wanted.

Lots to do, will post when finished.

Tech Clinic / For guestolo

« on: November 05, 2008, 12:39:08 AM »

log.txt :-------------------------------------------------------------------------------------------------[size="2"]Logfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-11-05 00:33:48Microsoft Windows XP Home Edition Service Pack 2System drive C: has 60 GB (55%) free of 109 GBTotal RAM: 504 MB (31% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:34:00 AM, on 11/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\ps2.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeC:\Program Files\WildTangent\Apps\GameChannel.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\WINDOWS\system32\igfxtray.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\LTMSG.exeC:\Program Files\WildTangent\Apps\CDA\GameDrvr.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeC:\Program Files\interMute\SpamSubtract\SpamSubtract.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\Java\jre1.6.0_02\bin\jucheck.exeC:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\taskmgr.exeC:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O5I3SLYB\RSIT[1].exeC:\Program Files\Trend Micro\HijackThis\Owner.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wowway.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - C:\Program Files\Ziztmutr\cgilvgjh.dll (file missing)O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Program Files\Ztqacway\ddikgary.dll (file missing)O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Program Files\Kihxksmy\meghaajp.dll (file missing)O2 - BHO: (no name) - {2BAD0253-E6F1-0EB1-50C6-08D1DF0D4119} - C:\Program Files\Dljdirmz\tcfjcmjk.dll (file missing)O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Cunzkvux\zruxevfi.dll (file missing)O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - C:\Program Files\Zmdzdabd\bwbgrxmn.dll (file missing)O2 - BHO: (no name) - {65FF10BB-F36A-68E9-AA35-02257E958C1F} - C:\Program Files\Esjocaup\goncrdzw.dll (file missing)O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dllO2 - BHO: (no name) - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\rqrspqq.dll (file missing)O2 - BHO: PersonalWebBHO - {D35980CB-66DF-477B-BF63-64EB8F48CB3A} - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1108.dllO2 - BHO: (no name) - {D5FD0C23-8963-4741-BF49-EC79463ABF08} - C:\WINDOWS\system32\geedc.dll (file missing)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeO4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exeO4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"O4 - HKLM\..\Run: [PkIifOLC9] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W}Ã¯ÃzÃ®[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W}Ã¯ÃzÃ®Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Â¸K0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startupO4 - HKLM\..\Run: [PersonalWeb] "C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe"O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osbootO4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exeO4 - HKLM\..\Run: [smgr] mgrs.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\tqtgcydh.dll",sitypnowO4 - HKLM\..\Run: [durmvufi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\durmvufi.dll"O4 - HKLM\..\Run: [lolyboho] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lolyboho.dll"O4 - HKLM\..\Run: [dsbgrora] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dsbgrora.dll"O4 - HKLM\..\Run: [bideberg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bideberg.dll"O4 - HKLM\..\Run: [ejkhupqb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejkhupqb.dll"O4 - HKLM\..\Run: [tefovmzc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tefovmzc.dll"O4 - HKLM\..\Run: [ubcnurin] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ubcnurin.dll"O4 - HKLM\..\Run: [kvilmxah] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kvilmxah.dll"O4 - HKLM\..\Run: [evcpodwp] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\evcpodwp.dll"O4 - HKLM\..\Run: [cbqjefur] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\cbqjefur.dll"O4 - HKLM\..\Run: [qrgnwjut] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qrgnwjut.dll"O4 - HKLM\..\Run: [otepcjgz] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otepcjgz.dll"O4 - HKLM\..\Run: [yhipebkr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\yhipebkr.dll"O4 - HKLM\..\Run: [lsxahobc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lsxahobc.dll"O4 - HKLM\..\Run: [dejuvqhq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dejuvqhq.dll"O4 - HKLM\..\Run: [gzivqhgh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gzivqhgh.dll"O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe -aO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINIO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.16.0.49\PlaxoSysTray.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKLM\..\Policies\Explorer\Run: [aAFgPd1P3X] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServerO4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exeO4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exeO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: download.adobe.comO15 - Trusted Zone: http://www.adobe.comO15 - Trusted Zone: www.agesanctuary.comO15 - Trusted Zone: *.agesanctuary.comO15 - Trusted Zone: http://www.airsoftforum.comO15 - Trusted Zone: http://www.wireless.att.comO15 - Trusted Zone: http://www.azlyrics.comO15 - Trusted Zone: http://www.cbs.comO15 - Trusted Zone: dl.cdn-downloads.comO15 - Trusted Zone: http://www.comedycentral.comO15 - Trusted Zone: http://monopoly.corsis.comO15 - Trusted Zone: http://www.dodge.comO15 - Trusted Zone: www.dvdzip.orgO15 - Trusted Zone: http://dnama.dyndns.orgO15 - Trusted Zone: http://www.exoticcarrental.comO15 - Trusted Zone: http://www.eyeslipsface.comO15 - Trusted Zone: http://halo2.filefront.comO15 - Trusted Zone: http://*.findmeatune.comO15 - Trusted Zone: http://www.forbes.comO15 - Trusted Zone: http://www.fox.comO15 - Trusted Zone: http://www.fraps.comO15 - Trusted Zone: http://www.freedownloadscenter.comO15 - Trusted Zone: www.games.comO15 - Trusted Zone: http://www.games.comO15 - Trusted Zone: download2.gamespot.comO15 - Trusted Zone: www.heatwolephoto.comO15 - Trusted Zone: http://aom.heavengames.comO15 - Trusted Zone: http://www.hobbytron.comO15 - Trusted Zone: www.igzones.comO15 - Trusted Zone: www.igzones.netO15 - Trusted Zone: downloadmirror.intel.comO15 - Trusted Zone: http://www.macomb.k12.mi.usO15 - Trusted Zone: http://www.limewire.comO15 - Trusted Zone: http://www.liveperson.comO15 - Trusted Zone: cnn-4.vo.llnwd.netO15 - Trusted Zone: http://classifieds.macombdaily.comO15 - Trusted Zone: fpdownload.macromedia.comO15 - Trusted Zone: http://www.maidmarian.comO15 - Trusted Zone: images.malwareremoval.comO15 - Trusted Zone: http://www.mapquest.comO15 - Trusted Zone: http://*.megavideo.comO15 - Trusted Zone: www.micro-sys.dkO15 - Trusted Zone: http://www.mileyworld.comO15 - Trusted Zone: http://bb.misd.netO15 - Trusted Zone: rsddownload.motorola.comO15 - Trusted Zone: http://www.mozilla.comO15 - Trusted Zone: http://download.mozilla.orgO15 - Trusted Zone: http://www.mypyramid.govO15 - Trusted Zone: http://users.bigpond.net.auO15 - Trusted Zone: tucows.netnitco.netO15 - Trusted Zone: ftp-mozilla.netscape.comO15 - Trusted Zone: http://www.nfl.comO15 - Trusted Zone: http://www.nick.comO15 - Trusted Zone: http://www.nintendo.comO15 - Trusted Zone: www.oxygenxml.comO15 - Trusted Zone: http://www.pearsonsuccessnet.comO15 - Trusted Zone: http://www.phunland.comO15 - Trusted Zone: www.piettes.comO15 - Trusted Zone: download.piratesonline.comO15 - Trusted Zone: http://www.playnet.comO15 - Trusted Zone: http://www.profootballhof.comO15 - Trusted Zone: http://*.qvc.comO15 - Trusted Zone: www.readyroom.orgO15 - Trusted Zone: software-dl.real.comO15 - Trusted Zone: http://www.rivals.comO15 - Trusted Zone: http://www.roman-empire.netO15 - Trusted Zone: http://www.rottentomatoes.comO15 - Trusted Zone: mp3support.sandisk.comO15 - Trusted Zone: http://www.sega.comO15 - Trusted Zone: www.sharewareguide.netO15 - Trusted Zone: http://*.sourceforge.netO15 - Trusted Zone: http://www.southparkzone.comO15 - Trusted Zone: *.symantec product downloadsO15 - Trusted Zone: lcsitemain.symantec.comO15 - Trusted Zone: lcsitemain.symantyc.comO15 - Trusted Zone: http://mail.tenibac.comO15 - Trusted Zone: http://*.thefuntimesguide.comO15 - Trusted Zone: http://www.totalwar.comO15 - Trusted Zone: www.transformersgame.comO15 - Trusted Zone: www.trendsecure.comO15 - Trusted Zone: http://www.verizonwireless.comO15 - Trusted Zone: www.vob-converter.comO15 - Trusted Zone: http://upload.wikimedia.orgO15 - Trusted Zone: http://en.wikipedia.orgO15 - Trusted Zone: http://portal.wowway.netO15 - Trusted Zone: download.yimg.comO15 - Trusted Zone: http://*.youtube.comO15 - Trusted Zone: *.zango.comO15 - Trusted Zone: *.zangocash.comO15 - Trusted Zone: www.zelda.comO16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/6cdf283501374c8c07...86362523_35.exeO16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.citrix.com/FILES/en/produ...rent/ica32t.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/ward...tall_wm1001.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cabO16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocxO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126907207156O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exeO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cabO20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)O20 - Winlogon Notify: rqrspqq - rqrspqq.dll (file missing)O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO24 - Desktop Component 0: (no name) - http://www.wildgames.com/ECS/ECSData/DP/wt..._pack_large.gifO24 - Desktop Component 1: (no name) - http://portal.wowway.com/templates/maya/im...els_date_bg.gif--End of file - 21408 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\MP Scheduled Scan.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CF46468-AC82-9EC5-5B79-008AA7762D88}]C:\Program Files\Ziztmutr\cgilvgjh.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}]C:\Program Files\Ztqacway\ddikgary.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{261C35B4-9283-6344-C5C0-005CF873D624}]C:\Program Files\Kihxksmy\meghaajp.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BAD0253-E6F1-0EB1-50C6-08D1DF0D4119}]C:\Program Files\Dljdirmz\tcfjcmjk.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C6B6C8-E01E-3175-B583-04FDA1EE088B}]C:\Program Files\Cunzkvux\zruxevfi.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62780D18-D103-03D3-323A-01F43008B839}]C:\Program Files\Zmdzdabd\bwbgrxmn.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65FF10BB-F36A-68E9-AA35-02257E958C1F}]C:\Program Files\Esjocaup\goncrdzw.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL [2008-10-15 107896][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-05-31 2554944][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-22 652784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC358019-D328-40B4-8E2D-818CE142616C}]C:\WINDOWS\system32\rqrspqq.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D35980CB-66DF-477B-BF63-64EB8F48CB3A}]PersonalWebBHO - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1108.dll [2006-05-30 601600][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FD0C23-8963-4741-BF49-EC79463ABF08}]C:\WINDOWS\system32\geedc.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-05-31 2554944][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-05-03 4640768]"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []"PS2"=C:\WINDOWS\system32\ps2.exe [2002-07-31 81920]"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-27 172032]"WT GameChannel"=C:\Program Files\WildTangent\Apps\GameChannel.exe [2003-04-30 184784]"QuickFinder Scheduler"=c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [2003-03-07 77887]"PkIifOLC9"=C:\WINDOWS\prabjnbr.exe []"Â¢â€°Â¸K0Â¨4W}Ã¯ÃzÃ®[8C:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"Â¢â€°Â¸K0Â¨4W}Ã¯ÃzÃ®Å¾igÃC:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾iC:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Â¸K0C:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2004-09-22 53248]"Â¢â€°Â¸K0Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾igÃC:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]"Spam Blocker for Outlook Express"=C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe []"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]"LTMSG"=LTMSG.exe 7 []"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]"SpySpotter System Defender"=C:\Program Files\SpySpotter3\Defender.exe -startup []"PersonalWeb"=C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe []"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot []"avp"=C:\WINDOWS\avp.exe []"smgr"=mgrs.exe []"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]"MSOffice"=C:\WINDOWS\system32\tqtgcydh.dll []"durmvufi"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\durmvufi.dll []"lolyboho"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\lolyboho.dll []"dsbgrora"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\dsbgrora.dll []"bideberg"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\bideberg.dll []"ejkhupqb"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\ejkhupqb.dll []"tefovmzc"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\tefovmzc.dll []"ubcnurin"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\ubcnurin.dll []"kvilmxah"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\kvilmxah.dll []"evcpodwp"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\evcpodwp.dll []"cbqjefur"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\cbqjefur.dll []"qrgnwjut"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\qrgnwjut.dll []"otepcjgz"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\otepcjgz.dll []"yhipebkr"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\yhipebkr.dll []"lsxahobc"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\lsxahobc.dll []"dejuvqhq"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\dejuvqhq.dll []"gzivqhgh"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\gzivqhgh.dll [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]"aAFgPd1P3X"=C:\WINDOWS\system32\ndaTqsVqrX.dll [][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"NVIEW"=C:\WINDOWS\System32\nview.dll [2003-05-03 835654]"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2002-07-17 200767]"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []"PlaxoUpdate"=C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe [2008-10-04 369223]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-06 68856]"SpeedItUpEX"=C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI []"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]"PlaxoSysTray"=C:\Program Files\Plaxo\3.16.0.49\PlaxoSysTray.exe [2008-10-04 20480]"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]C:\Documents and Settings\All Users\Start Menu\Programs\StartupAdobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeCompaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exePI Monitor.lnk - C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeQuicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exeC:\Documents and Settings\Owner\Start Menu\Programs\StartupAdobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exespamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geedc]C:\WINDOWS\system32\geedc.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\System32\igfxsrvc.dll [2005-06-21 348160][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrspqq]rqrspqq.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\System32\WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winccf32]winccf32.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{CC358019-D328-40B4-8E2D-818CE142616C}"=C:\WINDOWS\system32\rqrspqq.dll []"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe"="C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576""C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk""C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger""C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader""C:\Program Files\Common Files\AOL\1155267434\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1155267434\ee\aolsoftware.exe:*:Enabled:AOL Services""C:\Program Files\Common Files\AOL\1155267434\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1155267434\ee\aim6.exe:*:Enabled:AIM""C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire""C:\Program Files\SwiftSwitch\SwiftSwitch.exe"="C:\Program Files\SwiftSwitch\SwiftSwitch.exe:*:Enabled:SwiftSwitch""C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer""C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion""C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper""C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome""C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II""C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXUBST63\aimexpress.aol[1].com"="C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXUBST63\aimexpress.aol[1].com:*:Enabled:aimexpress.aol[1]""C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires""C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YJKKX5NI\Office_Space.avi-downloader[1].exe"="C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YJKKX5NI\Office_Space.avi-downloader[1].exe:*:Enabled:Blizzard Downloader""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3""C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer""C:\Program Files\Common Files\aolshare\sysinfo\sinf.exe"="C:\Program Files\Common Files\aolshare\sysinfo\sinf.exe:*:Enabled:AOL System Information""C:\Program Files\Online Services\AOL80US\InstallEmail Removedexe"="C:\Program Files\Online Services\AOL80US\InstallEmail Removedexe:*:Enabled:America Online""C:\Program Files\America Online 8.0\Email Removedexe"="C:\Program Files\America Online 8.0\Email Removedexe:*:Enabled:America Online 8.0""C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe"="C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0""C:\Program Files\Hexacto Games\Lemonade Tycoon\Lemonade.exe"="C:\Program Files\Hexacto Games\Lemonade Tycoon\Lemonade.exe:*:Enabled:Lemonade""C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe"="C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War""C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo""C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade""C:\Program Files\Microsoft Games\Age of Mythology\aom.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger""C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server""C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server""C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]shell\AutoRun\command - G:\LaunchU3.exe -a ======File associations======.reg - open - "regedit.exe" "%1"======List of files/folders created in the last 1 months======2008-11-05 00:33:48 ----D---- C:\rsit2008-11-04 23:41:29 ----D---- C:\Program Files\Trend Micro2008-11-03 20:46:49 ----D---- C:\Documents and Settings\Owner\Application Data\U32008-10-23 21:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$2008-10-16 02:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$2008-10-16 02:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$2008-10-16 02:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$2008-10-16 02:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$2008-10-16 02:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$2008-10-16 02:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$2008-10-15 06:40:15 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL2008-10-15 06:40:13 ----D---- C:\Program Files\Symantec2008-10-15 06:38:57 ----D---- C:\Program Files\Norton AntiVirus2008-10-15 06:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings2008-10-15 06:24:12 ----D---- C:\Documents and Settings\All Users\Application Data\Norton2008-10-15 06:23:56 ----D---- C:\Program Files\NortonInstaller2008-10-15 06:23:56 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller======List of files/folders modified in the last 1 months======2008-11-05 00:32:12 ----D---- C:\Documents and Settings2008-11-05 00:31:18 ----D---- C:\WINDOWS\system32\CatRoot_bak2008-11-05 00:31:18 ----D---- C:\WINDOWS\system32\CatRoot2008-11-05 00:31:17 ----D---- C:\WINDOWS\system32\CatRoot22008-11-05 00:29:33 ----HD---- C:\WINDOWS\inf2008-11-05 00:26:32 ----D---- C:\WINDOWS\Temp2008-11-04 23:58:35 ----SHD---- C:\WINDOWS\Installer2008-11-04 23:58:22 ----A---- C:\WINDOWS\OEWABLog.txt2008-11-04 23:41:29 ----D---- C:\Program Files2008-11-04 23:29:08 ----D---- C:\Program Files\Plaxo2008-11-04 23:27:59 ----SD---- C:\WINDOWS\Tasks2008-11-04 01:23:57 ----A---- C:\WINDOWS\SchedLgU.Txt2008-11-03 17:12:40 ----D---- C:\WINDOWS\system322008-11-03 16:28:29 ----D---- C:\Program Files\Phun2008-11-03 16:26:05 ----D---- C:\Program Files\Google2008-11-03 16:18:42 ----D---- C:\WINDOWS\Prefetch2008-11-03 16:07:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater2008-11-02 09:56:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI2008-10-27 23:54:23 ----D---- C:\Program Files\Mozilla Firefox2008-10-25 23:03:04 ----D---- C:\WINDOWS2008-10-23 21:04:25 ----RSHDC---- C:\WINDOWS\system32\dllcache2008-10-23 21:03:50 ----HD---- C:\WINDOWS\$hf_mig$2008-10-17 00:26:27 ----D---- C:\WINDOWS\.mpr_file_store_322008-10-16 02:05:58 ----A---- C:\WINDOWS\imsins.BAK2008-10-16 02:05:55 ----D---- C:\WINDOWS\system32\drivers2008-10-16 02:02:41 ----D---- C:\Program Files\Internet Explorer2008-10-15 16:58:08 ----A---- C:\YServer.txt2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll2008-10-15 07:02:42 ----D---- C:\Program Files\Common Files\Symantec Shared2008-10-15 06:40:54 ----SHD---- C:\System Volume Information2008-10-06 01:01:12 ----D---- C:\Program Files\DivX======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys []R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys []R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081031.001\IDSxpx86.sys []R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]R1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SRTSPX.SYS []R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMTDI.SYS []R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-12-31 28352]R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081104.025\NAVENG.SYS []R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081104.025\NAVEX15.SYS []R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\System32\drivers\pfc.sys []R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808]R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]R3 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SRTSP.SYS []R3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMDNS.SYS []R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []R3 SYMFW;SYMFW; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMFW.SYS []R3 SYMIDS;SYMIDS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMIDS.SYS []R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-10-15 35888]R3 SYMNDIS;SYMNDIS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMNDIS.SYS []R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS []R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-05-01 33588]S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]S3 Fadpu16E;Fadpu16E; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\Fadpu16E.sys []S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2004-03-30 118106]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]S3 S3Psddr;S3Psddr; C:�

Software / MsMpEng.exe taking up too much CPU

« on: November 04, 2008, 11:52:41 PM »

I run Windows XP, and I posted my HiJackthis log in the tech clinic as you requested.

Tech Clinic / For guestolo

« on: November 04, 2008, 11:50:56 PM »

My HiJackthis log:

I expect it to be full of crap ^^

-----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:52 PM, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\SoftwareDistribution\Download\a09af09928e177cd9ba61ead21886d9e\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wowway.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - C:\Program Files\Ziztmutr\cgilvgjh.dll (file missing)
O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Program Files\Ztqacway\ddikgary.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Program Files\Kihxksmy\meghaajp.dll (file missing)
O2 - BHO: (no name) - {2BAD0253-E6F1-0EB1-50C6-08D1DF0D4119} - C:\Program Files\Dljdirmz\tcfjcmjk.dll (file missing)
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Cunzkvux\zruxevfi.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - C:\Program Files\Zmdzdabd\bwbgrxmn.dll (file missing)
O2 - BHO: (no name) - {65FF10BB-F36A-68E9-AA35-02257E958C1F} - C:\Program Files\Esjocaup\goncrdzw.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\rqrspqq.dll (file missing)
O2 - BHO: PersonalWebBHO - {D35980CB-66DF-477B-BF63-64EB8F48CB3A} - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1108.dll
O2 - BHO: (no name) - {D5FD0C23-8963-4741-BF49-EC79463ABF08} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [PkIifOLC9] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W
}Ã¯ÃzÃ®[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W
}Ã¯ÃzÃ®Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Â¸K0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [PersonalWeb] "C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\tqtgcydh.dll",sitypnow
O4 - HKLM\..\Run: [durmvufi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\durmvufi.dll"
O4 - HKLM\..\Run: [lolyboho] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lolyboho.dll"
O4 - HKLM\..\Run: [dsbgrora] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dsbgrora.dll"
O4 - HKLM\..\Run: [bideberg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bideberg.dll"
O4 - HKLM\..\Run: [ejkhupqb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejkhupqb.dll"
O4 - HKLM\..\Run: [tefovmzc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tefovmzc.dll"
O4 - HKLM\..\Run: [ubcnurin] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ubcnurin.dll"
O4 - HKLM\..\Run: [kvilmxah] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kvilmxah.dll"
O4 - HKLM\..\Run: [evcpodwp] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\evcpodwp.dll"
O4 - HKLM\..\Run: [cbqjefur] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\cbqjefur.dll"
O4 - HKLM\..\Run: [qrgnwjut] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qrgnwjut.dll"
O4 - HKLM\..\Run: [otepcjgz] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otepcjgz.dll"
O4 - HKLM\..\Run: [yhipebkr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\yhipebkr.dll"
O4 - HKLM\..\Run: [lsxahobc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lsxahobc.dll"
O4 - HKLM\..\Run: [dejuvqhq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dejuvqhq.dll"
O4 - HKLM\..\Run: [gzivqhgh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gzivqhgh.dll"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.16.0.49\PlaxoSysTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [aAFgPd1P3X] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: download.adobe.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: www.agesanctuary.com
O15 - Trusted Zone: *.agesanctuary.com
O15 - Trusted Zone: http://www.airsoftforum.com
O15 - Trusted Zone: http://www.wireless.att.com
O15 - Trusted Zone: http://www.azlyrics.com
O15 - Trusted Zone: http://www.cbs.com
O15 - Trusted Zone: dl.cdn-downloads.com
O15 - Trusted Zone: http://www.comedycentral.com
O15 - Trusted Zone: http://monopoly.corsis.com
O15 - Trusted Zone: http://www.dodge.com
O15 - Trusted Zone: www.dvdzip.org
O15 - Trusted Zone: http://dnama.dyndns.org
O15 - Trusted Zone: http://www.exoticcarrental.com
O15 - Trusted Zone: http://www.eyeslipsface.com
O15 - Trusted Zone: http://halo2.filefront.com
O15 - Trusted Zone: http://*.findmeatune.com
O15 - Trusted Zone: http://www.forbes.com
O15 - Trusted Zone: http://www.fox.com
O15 - Trusted Zone: http://www.fraps.com
O15 - Trusted Zone: http://www.freedownloadscenter.com
O15 - Trusted Zone: www.games.com
O15 - Trusted Zone: http://www.games.com
O15 - Trusted Zone: download2.gamespot.com
O15 - Trusted Zone: www.heatwolephoto.com
O15 - Trusted Zone: http://aom.heavengames.com
O15 - Trusted Zone: http://www.hobbytron.com
O15 - Trusted Zone: www.igzones.com
O15 - Trusted Zone: www.igzones.net
O15 - Trusted Zone: downloadmirror.intel.com
O15 - Trusted Zone: http://www.macomb.k12.mi.us
O15 - Trusted Zone: http://www.limewire.com
O15 - Trusted Zone: http://www.liveperson.com
O15 - Trusted Zone: cnn-4.vo.llnwd.net
O15 - Trusted Zone: http://classifieds.macombdaily.com
O15 - Trusted Zone: fpdownload.macromedia.com
O15 - Trusted Zone: http://www.maidmarian.com
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://*.megavideo.com
O15 - Trusted Zone: www.micro-sys.dk
O15 - Trusted Zone: http://www.mileyworld.com
O15 - Trusted Zone: http://bb.misd.net
O15 - Trusted Zone: rsddownload.motorola.com
O15 - Trusted Zone: http://www.mozilla.com
O15 - Trusted Zone: http://download.mozilla.org
O15 - Trusted Zone: http://www.mypyramid.gov
O15 - Trusted Zone: http://users.bigpond.net.au
O15 - Trusted Zone: tucows.netnitco.net
O15 - Trusted Zone: ftp-mozilla.netscape.com
O15 - Trusted Zone: http://www.nfl.com
O15 - Trusted Zone: http://www.nick.com
O15 - Trusted Zone: http://www.nintendo.com
O15 - Trusted Zone: www.oxygenxml.com
O15 - Trusted Zone: http://www.pearsonsuccessnet.com
O15 - Trusted Zone: http://www.phunland.com
O15 - Trusted Zone: www.piettes.com
O15 - Trusted Zone: download.piratesonline.com
O15 - Trusted Zone: http://www.playnet.com
O15 - Trusted Zone: http://www.profootballhof.com
O15 - Trusted Zone: http://*.qvc.com
O15 - Trusted Zone: www.readyroom.org
O15 - Trusted Zone: software-dl.real.com
O15 - Trusted Zone: http://www.rivals.com
O15 - Trusted Zone: http://www.roman-empire.net
O15 - Trusted Zone: http://www.rottentomatoes.com
O15 - Trusted Zone: mp3support.sandisk.com
O15 - Trusted Zone: http://www.sega.com
O15 - Trusted Zone: www.sharewareguide.net
O15 - Trusted Zone: http://*.sourceforge.net
O15 - Trusted Zone: http://www.southparkzone.com
O15 - Trusted Zone: *.symantec product downloads
O15 - Trusted Zone: lcsitemain.symantec.com
O15 - Trusted Zone: lcsitemain.symantyc.com
O15 - Trusted Zone: http://mail.tenibac.com
O15 - Trusted Zone: http://*.thefuntimesguide.com
O15 - Trusted Zone: http://www.totalwar.com
O15 - Trusted Zone: www.transformersgame.com
O15 - Trusted Zone: www.trendsecure.com
O15 - Trusted Zone: http://www.verizonwireless.com
O15 - Trusted Zone: www.vob-converter.com
O15 - Trusted Zone: http://upload.wikimedia.org
O15 - Trusted Zone: http://en.wikipedia.org
O15 - Trusted Zone: http://portal.wowway.net
O15 - Trusted Zone: download.yimg.com
O15 - Trusted Zone: http://*.youtube.com
O15 - Trusted Zone: *.zango.com
O15 - Trusted Zone: *.zangocash.com
O15 - Trusted Zone: www.zelda.com
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/6cdf283501374c8c07...86362523_35.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.citrix.com/FILES/en/produ...rent/ica32t.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/ward...tall_wm1001.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126907207156
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)
O20 - Winlogon Notify: rqrspqq - rqrspqq.dll (file missing)
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.wildgames.com/ECS/ECSData/DP/wt..._pack_large.gif
O24 - Desktop Component 1: (no name) - http://portal.wowway.com/templates/maya/im...els_date_bg.gif

--
End of file - 21353 bytes

Hardware / Hardware Issue

« on: November 04, 2008, 11:34:29 PM »

Yes, it is my C: and D: drives that are failing. I don't know how to back them up if they are failing, seeing as that's where i would put back up files.

Software / MsMpEng.exe taking up too much CPU

« on: November 03, 2008, 07:58:56 PM »

I don't know how to stop it, if possible, in addition to fixing the problem, are there any ways I can expand my CPU without any hardware intervention? Thanks for all help.

Hardware / Hardware Issue

« on: November 03, 2008, 07:56:53 PM »

Okay, everytime I startup my computer it says that I need to back up my files because my hardware is failing. I think I need to replace my C: Drive but I'm not sure, so I'll ask you experts first. I'll give any information, if you need my DxDiag I can provide. Thank you for any help, just tell me what you need and I'll give.

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - omal

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Tech Clinic / For guestolo

Software / MsMpEng.exe taking up too much CPU

Tech Clinic / For guestolo

Hardware / Hardware Issue

Software / MsMpEng.exe taking up too much CPU

Hardware / Hardware Issue