I got hammered by this messy program.

Ran Malwarebyte's program....but I still do not have a wireless network.
McAfee won't come back on line since (and McAfee can't help).
Ran the LSFixx program and it says it's fine.

Ran Hijackthis and here is the output:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:14, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PictureShare\PSClient.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;*.local
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NcpBudget] "C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" autorun
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe" /RunKey
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PictureShare.net Startup.lnk = C:\Program Files\PictureShare\PSClient.exe
O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167533093671
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F42E266-8B81-4F3D-98EF-40A356C65D51}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ncpclcfg - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 16174 bytes

If anyone can help, I would GREATLY appreciate it.

TK Vanacoro
wpcphd@verizon.net :cool:

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)


If you can do those few things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Download and Run RSIT


Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:


log.txt will be opened maximized.
info.txt will be opened minimized.


Please post the contents of both log.txt and info.txt.

Logfile of random's system information tool 1.04 (written by random/random)
Run by TKV at 2008-10-25 18:59:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (11%) free of 149 GB
Total RAM: 3070 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:03, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PictureShare\PSClient.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TKV\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TKV.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;*.local
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NcpBudget] "C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" autorun
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe" /RunKey
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PictureShare.net Startup.lnk = C:\Program Files\PictureShare\PSClient.exe
O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167533093671
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F42E266-8B81-4F3D-98EF-40A356C65D51}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ncpclcfg - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 16334 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Disk Defragmentor.job
C:\WINDOWS\tasks\McAfee SecurityCenter.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2008-07-09 246088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 135168]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"P17Helper"=Rundll32 P17.dll []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"HDInspector.exe"=C:\Program Files\Hard Drive Inspector\HDInspector.exe [2007-05-16 992784]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248]
"Iomega Automatic Backup 1.0.1"=C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe [2002-10-15 3014656]
"Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"NcpBudget"=C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe [2006-12-01 228352]
"NcpPopup"=C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe [2007-11-07 535040]
"NcpMonitor"=C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe [2007-11-13 3451904]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2008-07-10 5129504]
"McAfeeUpdate"=C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe /RunKey []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"IECHECK.EXE"=C:\WINDOWS\iecheck.exe [2004-04-09 91136]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1 []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Iomega Automatic Backup"=C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe [2002-10-15 3014656]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-10 67128]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-09-15 3061248]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2008-06-09 2645528]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-10-08 289088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe
Trillian.lnk - C:\Program Files\Trillian\trillian.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"=C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 69632]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mpfservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL Fanfare\abia.exe"="C:\Program Files\AOL Fanfare\abia.exe:*:Enabled:abia"
"C:\Program Files\AOL Fanfare\ACSConfig.exe"="C:\Program Files\AOL Fanfare\ACSConfig.exe:*:Enabled:ACSConfig"
"C:\Program Files\AOL Fanfare\ac_abook.exe"="C:\Program Files\AOL Fanfare\ac_abook.exe:*:Enabled:ac_abook"
"C:\Program Files\AOL Fanfare\ac_abookd.exe"="C:\Program Files\AOL Fanfare\ac_abookd.exe:*:Enabled:ac_abookd"
"C:\Program Files\AOL Fanfare\ac_authd.exe"="C:\Program Files\AOL Fanfare\ac_authd.exe:*:Enabled:ac_authd"
"C:\Program Files\AOL Fanfare\ac_calendar.exe"="C:\Program Files\AOL Fanfare\ac_calendar.exe:*:Enabled:ac_calendar"
"C:\Program Files\AOL Fanfare\ac_help.exe"="C:\Program Files\AOL Fanfare\ac_help.exe:*:Enabled:ac_help"
"C:\Program Files\AOL Fanfare\ac_idmgr.exe"="C:\Program Files\AOL Fanfare\ac_idmgr.exe:*:Enabled:ac_idmgr"
"C:\Program Files\AOL Fanfare\ac_im.exe"="C:\Program Files\AOL Fanfare\ac_im.exe:*:Enabled:ac_im"
"C:\Program Files\AOL Fanfare\ac_launch.exe"="C:\Program Files\AOL Fanfare\ac_launch.exe:*:Enabled:ac_launch"
"C:\Program Files\AOL Fanfare\ac_mail.exe"="C:\Program Files\AOL Fanfare\ac_mail.exe:*:Enabled:ac_mail"
"C:\Program Files\AOL Fanfare\ac_secdbm.exe"="C:\Program Files\AOL Fanfare\ac_secdbm.exe:*:Enabled:ac_secdbm"
"C:\Program Files\AOL Fanfare\strunner.exe"="C:\Program Files\AOL Fanfare\strunner.exe:*:Enabled:strunner"
"C:\Program Files\AOL Fanfare\Sidebar\contentbrowser.exe"="C:\Program Files\AOL Fanfare\Sidebar\contentbrowser.exe:*:Enabled:contentbrowser"
"C:\Program Files\AOL Fanfare\Sidebar\sidebar.exe"="C:\Program Files\AOL Fanfare\Sidebar\sidebar.exe:*:Enabled:sidebar"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\Program Files\Palm\Hotsync.exe"="C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\WS_FTP Pro\wsftpgui.exe"="C:\Program Files\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe:*:Disabled:AOL Services"
"C:\Program Files\AOL Fanfare\Sidebar\aoldiag.exe"="C:\Program Files\AOL Fanfare\Sidebar\aoldiag.exe:*:Disabled:AOLDiag"
"C:\Program Files\AOL Fanfare\AOLDiag.exe"="C:\Program Files\AOL Fanfare\AOLDiag.exe:*:Disabled:AOLDiag"
"C:\Program Files\Common Files\AOL\EE\AOLHostManager.exe"="C:\Program Files\Common Files\AOL\EE\AOLHostManager.exe:*:Disabled:AOLHostManager"
"C:\Program Files\AOL Fanfare\ActiveX\AOLMediaPlaybackControl.exe"="C:\Program Files\AOL Fanfare\ActiveX\AOLMediaPlaybackControl.exe:*:Disabled:AOLMediaPlaybackControl"
"C:\Program Files\Common Files\AOL\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\EE\AOLServiceHost.exe:*:Disabled:AOLServiceHost"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\CentraOne\bin\launcher.exe"="C:\Program Files\CentraOne\bin\launcher.exe:*:Disabled:CentraOne Launcher"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\setup\hppniprint01.exe"="D:\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"D:\setup\HPPNIPRINT64.EXE"="D:\setup\HPPNIPRINT64.EXE:*:Enabled:hppniprint64.exe"
"D:\setup\HPPNICIFS01.EXE"="D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
"D:\setup\HPNTWKEXE.EXE"="D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe"="C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke"
"C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe"="C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe"="C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe"="C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\WatchGuard\Mobile VPN\NCPMON.exe"="C:\Program Files\WatchGuard\Mobile VPN\NCPMON.exe:*:Enabled:ncpmon.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe"="C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke"
"C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe"="C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe"="C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe"="C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-25 18:48:12 ----D---- C:\rsit
2008-10-25 14:57:20 ----A---- C:\ccsetup212.exe
2008-10-25 14:43:43 ----A---- C:\fixccs.exe
2008-10-25 14:41:59 ----A---- C:\WindowsXP-KB953979-x86-ENU.exe
2008-10-25 14:36:17 ----D---- C:\Program Files\Trend Micro
2008-10-24 18:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 21:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 21:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 21:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 21:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 21:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 22:42:17 ----D---- C:\WINDOWS\Prefetch
2008-10-13 22:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-13 22:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-13 22:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-13 22:29:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-13 22:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-13 22:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-13 22:28:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-13 22:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-13 22:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-13 22:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-13 22:21:43 ----A---- C:\WINDOWS\setuplog.txt
2008-10-13 22:08:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-13 21:39:55 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-13 21:39:41 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-13 21:39:41 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-13 21:39:23 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-13 21:39:17 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-13 21:39:14 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-13 21:39:13 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-13 21:39:06 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-13 21:38:51 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-10-13 21:38:48 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-13 21:38:48 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-13 21:38:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-13 21:38:12 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-13 21:38:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-13 21:38:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-13 21:38:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-13 21:38:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-13 21:37:59 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-10-13 21:37:58 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-10-13 21:37:39 ----A---- C:\WINDOWS\003827_.tmp
2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-13 21:37:29 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-13 21:37:29 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-13 21:37:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-13 21:37:24 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-13 21:37:16 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-13 21:37:16 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-13 21:37:04 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-13 18:35:01 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-13 18:33:15 ----A---- C:\WINDOWS\system32\ncpgina1.dll
2008-10-13 18:29:54 ----D---- C:\Program Files\Common Files\McAfee
2008-10-13 18:29:53 ----D---- C:\Program Files\McAfee.com
2008-10-13 18:29:42 ----D---- C:\Program Files\McAfee
2008-10-13 13:44:58 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-13 10:26:02 ----A---- C:\FCM1E11.tmp
2008-10-13 10:26:02 ----A---- C:\FCM1E10.tmp
2008-10-13 10:26:02 ----A---- C:\FCM1E0F.tmp
2008-10-13 10:26:02 ----A---- C:\FCM1E0E.tmp
2008-10-13 10:26:01 ----A---- C:\FCM1E0D.tmp
2008-10-13 10:09:28 ----D---- C:\Program Files\Citrix
2008-10-12 09:27:45 ----A---- C:\FCM1600.tmp
2008-10-12 09:27:45 ----A---- C:\FCM15FF.tmp
2008-10-12 09:27:45 ----A---- C:\FCM15FE.tmp
2008-10-12 09:27:45 ----A---- C:\FCM15FD.tmp
2008-10-11 01:12:28 ----A---- C:\FCM9B0.tmp
2008-10-11 01:12:26 ----A---- C:\FCM9AE.tmp
2008-10-08 21:25:55 ----D---- C:\Documents and Settings\TKV\Application Data\Malwarebytes
2008-10-08 21:25:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 21:25:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 19:32:57 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-08 18:31:39 ----A---- C:\WINDOWS\yhyxoci.dll
2008-10-08 18:31:39 ----A---- C:\Documents and Settings\All Users\Application Data\otyr.com
2008-10-08 18:31:38 ----A---- C:\Program Files\Common Files\koze.bat
2008-10-08 18:31:38 ----A---- C:\Program Files\Common Files\ipyg.vbs
2008-10-08 18:21:10 ----A---- C:\p2hhr.bat
2008-10-08 18:09:32 ----D---- C:\Documents and Settings\All Users\Application Data\qrebkvyx
2008-10-05 13:06:22 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:05:18 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2008-10-25 18:50:05 ----D---- C:\WINDOWS\Temp
2008-10-25 18:49:26 ----D---- C:\Documents and Settings\TKV\Application Data\DNA
2008-10-25 18:42:27 ----D---- C:\Documents and Settings\TKV\Application Data\BitTorrent
2008-10-25 18:24:09 ----D---- C:\WINDOWS
2008-10-25 17:35:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-25 15:52:49 ----D---- C:\Program Files\Mozilla Firefox
2008-10-25 15:33:39 ----SHD---- C:\WINDOWS\Installer
2008-10-25 15:05:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-25 14:36:17 ----AD---- C:\Program Files
2008-10-25 13:54:40 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-25 13:49:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 13:47:39 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2008-10-25 13:47:38 ----A---- C:\WINDOWS\ModemLog_Nokia N95 Bluetooth Modem.txt
2008-10-25 13:47:34 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2008-10-25 13:43:58 ----D---- C:\Program Files\Trillian
2008-10-24 22:35:09 ----HD---- C:\WINDOWS\INF
2008-10-24 22:10:44 ----D---- C:\WINDOWS\SYSTEM32
2008-10-24 18:37:43 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-24 18:37:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 18:34:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 21:00:22 ----SHD---- C:\Config.Msi
2008-10-19 11:06:55 ----D---- C:\Program Files\MSECache
2008-10-19 10:54:39 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2008-10-19 10:54:35 ----D---- C:\WINDOWS\WinSxS
2008-10-19 10:54:02 ----D---- C:\Program Files\Nokia
2008-10-19 10:53:51 ----D---- C:\Program Files\Common Files\Nokia
2008-10-15 21:05:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 21:04:45 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 21:04:12 ----D---- C:\Program Files\Internet Explorer
2008-10-15 21:04:04 ----D---- C:\WINDOWS\ie7updates
2008-10-15 21:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 22:54:56 ----D---- C:\Program Files\Messenger
2008-10-13 22:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-13 22:47:46 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-13 22:41:25 ----D---- C:\WINDOWS\system32\Setup
2008-10-13 22:41:25 ----D---- C:\WINDOWS\IME
2008-10-13 22:41:25 ----D---- C:\WINDOWS\AppPatch
2008-10-13 22:41:24 ----D---- C:\WINDOWS\system32\WBEM
2008-10-13 22:41:24 ----D---- C:\Program Files\Outlook Express
2008-10-13 22:41:24 ----D---- C:\Program Files\Common Files\System
2008-10-13 22:41:23 ----RSD---- C:\WINDOWS\Fonts
2008-10-13 22:27:22 ----D---- C:\WINDOWS\SECURITY
2008-10-13 22:20:09 ----D---- C:\WINDOWS\system32\INETSRV
2008-10-13 22:20:08 ----D---- C:\WINDOWS\network diagnostic
2008-10-13 22:20:08 ----D---- C:\WINDOWS\Help
2008-10-13 22:19:57 ----D---- C:\WINDOWS\system32\USMT
2008-10-13 22:19:57 ----D---- C:\WINDOWS\system32\en-US
2008-10-13 22:19:56 ----D---- C:\WINDOWS\system32\scripting
2008-10-13 22:19:54 ----D---- C:\WINDOWS\system32\en
2008-10-13 22:19:54 ----D---- C:\WINDOWS\l2schemas
2008-10-13 22:19:53 ----D---- C:\WINDOWS\system32\bits
2008-10-13 22:19:53 ----D---- C:\WINDOWS\peernet
2008-10-13 22:19:52 ----D---- C:\Program Files\Movie Maker
2008-10-13 22:16:35 ----D---- C:\WINDOWS\system32\Restore
2008-10-13 22:16:35 ----D---- C:\WINDOWS\system32\NPP
2008-10-13 22:16:35 ----D---- C:\WINDOWS\MUI
2008-10-13 22:16:34 ----D---- C:\WINDOWS\MSAGENT
2008-10-13 22:16:32 ----D---- C:\WINDOWS\SRCHASST
2008-10-13 22:16:32 ----D---- C:\Program Files\NetMeeting
2008-10-13 22:16:30 ----D---- C:\WINDOWS\system32\Com
2008-10-13 22:16:28 ----D---- C:\Program Files\Windows Media Player
2008-10-13 22:16:27 ----D---- C:\Program Files\Windows NT
2008-10-13 22:16:11 ----D---- C:\WINDOWS\system32\OOBE
2008-10-13 22:16:09 ----D---- C:\WINDOWS\SYSTEM
2008-10-13 22:12:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-13 22:08:12 ----D---- C:\WINDOWS\EHome
2008-10-13 18:56:31 ----D---- C:\Program Files\Registry Mechanic
2008-10-13 18:33:56 ----A---- C:\WINDOWS\WIN.INI
2008-10-13 18:30:06 ----SD---- C:\WINDOWS\Tasks
2008-10-13 18:29:54 ----D---- C:\Program Files\Common Files
2008-10-13 16:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-13 16:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-13 16:37:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-13 16:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-13 16:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-13 16:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-13 13:26:32 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-12 19:42:55 ----D---- C:\Garmin
2008-10-12 16:56:21 ----D---- C:\WINDOWS\Registration
2008-10-12 16:54:39 ----RSD---- C:\WINDOWS\assembly
2008-10-12 16:54:01 ----D---- C:\WINDOWS\system32\URTTemp
2008-10-11 16:00:52 ----AC---- C:\WINDOWS\wbocx.ini
2008-10-10 23:56:45 ----D---- C:\Documents and Settings\TKV\Application Data\LimeWire
2008-10-08 18:03:27 ----D---- C:\Program Files\DU Meter
2008-10-08 18:02:35 ----D---- C:\Program Files\DNA
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 20:11:25 ----D---- C:\Documents and Settings\TKV\Application Data\EditPlus 3
2008-10-05 18:58:45 ----D---- C:\Program Files\WinRAR
2008-10-05 13:06:45 ----D---- C:\Program Files\iTunes
2008-10-05 13:06:24 ----D---- C:\Program Files\iPod
2008-10-05 13:04:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-05 13:04:42 ----D---- C:\Program Files\Common Files\Apple
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-29 266295]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
R2 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-05-13 189968]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 73852]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [2008-05-02 121360]
R2 Logitech Easy Synchronization;Logitech Easy Synchronization; C:\Program Files\Logitech\Easy Synchronization\servicestub.exe [2005-10-05 65536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]
R2 mcnasvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 mcshield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mpfservice;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 msk80service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-07-09 25416]
R2 ncpclcfg;ncpclcfg; C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
R2 ncprwsnt;ncprwsnt; C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
R2 NcpSec;NcpSec; C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
R2 rwsrsu;RwsRsu; C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2006-12-14 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 InterBaseServer;InterBase Server; C:\Program Files\Borland\Interbase\bin\ibserver.exe []
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2008-07-10 66848]
S3 mcods;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 InterBaseGuardian;InterBase Guardian; C:\Program Files\Borland\Interbase\bin\ibguard.exe []
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 IomegaAccess;IomegaAccess; C:\WINDOWS\System32\iomegaaccess.exe /S []
S4 mcsysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Info File..

info.txt logfile of random's system information tool 1.04 2008-10-25 18:48:17

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03DA-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
5 Clicks-->MsiExec.exe /I{63FEE65A-366B-47BC-A696-925A12ABF525}
Adobe Acrobat 8.1.2 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BalanceLog-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A95EA5A4-8A64-40F9-A192-EAFD2C2C1203}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Calculator Pro-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Calculator Pro\gb40Unst.LOG"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Color Schemer Studio-->"C:\Program Files\Color Schemer Studio\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Complete Control Suite-->MsiExec.exe /I{92F08885-8871-4630-B7A0-2C0A6AC45F29}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove/remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
dpeg Cicada-->C:\WINDOWS\iun507.exe C:\Program Files\SomeWare\dpeg v6\\irunin.ini
DU Meter-->"C:\Program Files\DU Meter\unins001.exe"
Easy Video Joiner 5.21-->"C:\Program Files\Easy Video Joiner\unins000.exe"
EditPlus 3-->C:\Program Files\EditPlus 3\remove.exe
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Garmin Communicator Plugin-->MsiExec.exe /X{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}
Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Hard Drive Inspector Pro edition 2.33 build # 385-->C:\Program Files\Hard Drive Inspector\Uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Iomega Automatic Backup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}
Ipswitch WS_FTP Professional 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Karen's LAN Monitor-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\LanMon\ST6UNST.LOG"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire PRO 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
LoanAmortizerPro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ConsultCommerce\LoanAmortizerPro\DeIsL1.isu" -c"C:\Program Files\ConsultCommerce\LoanAmortizerPro\_ISREG32.DLL"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Suite 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE VERSION=11
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{913B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Outlook Personal Folders Backup-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Outlook Web Access S/MIME-->MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Phone Suite Easy Synchronization-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x9
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Repair Tool v1.5.2-->"C:\Program Files\Aspect one\MP3 Repair Tool\unins000.exe"
Mp3Doctor & Mp3Doctor PRO-->"C:\Program Files\Mp3Doctor\unins001.exe"
MSC Editor-->MsiExec.exe /I{8D335ACB-C23D-48DD-9493-BF88BF7B9AE0}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MX-3000 Editor-->MsiExec.exe /X{0F8267D9-3E3D-4187-83AE-863207A935CC}
MX-850 Editor-->MsiExec.exe /I{8C9DCE36-A270-4740-8084-A27B48C2F83E}
MX-900 Editor-->MsiExec.exe /X{30C6798C-2BA6-47AC-AD99-F60F0EBF665D}
MX-950 Editor-->MsiExec.exe /X{B762B2A5-883B-454B-A586-1DF6C4528262}
Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia MTP driver-->MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}
Nokia Multimedia Factory-->MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_eng.exe
Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}
Nokia Software Updater-->MsiExec.exe /X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}
palmOne-->MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}
Password Corral v4.0-->"C:\Program Files\Password Corral v4.02\unins000.exe"
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PictureShare.net-->C:\PROGRA~1\PICTUR~1\UNWISE.EXE C:\PROGRA~1\PICTUR~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
R-Undelete 3.5-->C:\Program Files\R-Undelete\Uninstall.exe
Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SereneScreen Marine Aquarium 2.6-->"C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"
SetPointPatch-->MsiExec.exe /I{CE9DB414-A6E8-46D8-83CF-A3F6945D23E5}
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
TreeSize Professional 5.1.1-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
TX-1000 Editor-->MsiExec.exe /X{1B471546-EC64-47D0-8FAE-BF8E42BA80E3}
Update for Microsoft Office Outlook 2007 (KB950219)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {5C68AEA3-4D35-41C9-B4E4-21EAAA5A040A}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
WatchGuard Mobile VPN-->C:\Program Files\WatchGuard\Mobile VPN\uninst.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O23 - Service: IomegaAccess - Unknown owner - C:\WINDOWS\System32\iomegaaccess.exe (file missing)
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://www.iilelearning.com/SiteRoots/main/Install/CentraDownloader.cab
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)
O4 - HKLM\..\Run: [Auto EPSON PictureMate on BOBBIE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P32 "Auto EPSON PictureMate on BOBBIE" /O17 "\\BOBBIE\Printer4" /M "PictureMate"
O4 - HKLM\..\Run: [Auto EPSON PictureMate on DELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P30 "Auto EPSON PictureMate on DELL" /O15 "\\DELL\Printer4" /M "PictureMate"

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"NcpClntInstallPath"=C:\Program Files\WatchGuard\Mobile VPN

-----------------EOF-----------------

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
C:\WINDOWS\system32\smtpapi.dll
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\WINDOWS\system32\rwnh.dll
C:\WINDOWS\system32\ncpgina1.dll
C:\WINDOWS\yhyxoci.dll
C:\WINDOWS\wbocx.ini

If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)


Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.


@echo off
If exist C:\kresults.txt del /q C:\kresults.txt
FOR %%G IN (
C:\WINDOWS\wbocx.ini
C:\Program Files\Common Files\koze.bat
C:\p2hhr.bat
) DO (
Echo %%G >> C:\kresults.txt
type %%G >> C:\kresults.txt
Echo. >> C:\kresults.txt
Echo. >> C:\kresults.txt
)
dir /L /A /B /S "C:\Documents and Settings\All Users\Application Data\qrebkvyx" >> C:\kresults.txt
start notepad C:\kresults.txt
del /q %0
exit

Double click on look.bat
Please be patient, as this will search the entire disc

Notepad will open, please copy/paste the results here.

File has already been analysed: C:\WINDOWS\system32\smtpapi.dll


MD5: f22ed2cd5e26514c6e8d21b5da4572a3 First received: - Date: 09.24.2008 10:33:43 (CET) [>31D] Results: 0/35 Permalink: analisis/a9a456a64b61e6f2de6962f90a5709a2 (http://www.virustotal.com/analisis/a9a456a64b61e6f2de6962f90a5709a2)

File rwnh.dll received on 10.26.2008 01:31:29 (CET)
Result: 0/36 (0%)




Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 9728 bytesMD5...: 5d55defb3ab92bc43c4dfd06935fa0f1SHA1..: 632b9318f8a2d743f7d2c303ad8ebb64b19eff96SHA256: e5ef7d3e3a9e955ec7162b4b43096316faae8c3c68c660ce125bb4aaa0494343SHA512: 83b64ed372c84b3426c3477fa256bce878c9748a3b57b6e57501b68c54c2acb3
68b8123f5664e478f471f4424e2268eb18ec4ab2b6f044b3e996f23ab4aee442PEiD..: -TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)PEInfo: PE Structure information

File yhyxoci.dll received on 10.26.2008 01:34:04 (CET)
Result: 0/36 (0%)
Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 10350 bytesMD5...: e5d08ae6e89328e5131490066643268cSHA1..: d0abe5154237ccbbde471f8376f3f4b4e03761bfSHA256: 8330bedc8669c4a5d2b57b2834726d0c70548f0c256fbad571b6ca45b478400eSHA512: 6ac30334cb5ca16026c1577ef6ec2988d6f93f0452bf98c405fda22ebaf68a6b
a0f230b6f39927d096c2c9c4a2f2006b698075f3ad0f4b27f5e74d7b6be36ea7PEiD..: -TrID..: File type identification
Adobe PhotoShop Brush (100.0%)PEInfo: -

File wbocx.ini received on 10.26.2008 01:36:25 (CET)
Result: 0/36 (0%)
Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 558 bytesMD5...: fa2e3a500e575cd5ddbe71fdb07c342aSHA1..: 24a022680c29338f3c77e4416b4fb863a99560c8SHA256: 7c2a0b57a406dc26acb83a4c385ab6aad5acc2509f87a90b15f4a0d9e3083967SHA512: 9ae29fe5387fb9687a85ea723a4e6909c946328fc1fedca147e434136a8a930f
aae94cdca984dd245fd7fef7e5e57a51c9902d5cbe33947043df21bea3699f65PEiD..: -TrID..: File type identification
Generic INI configuration (100.0%)PEInfo: -

C:\WINDOWS\wbocx.ini
[aaaa]
GetSystemMetrics=2
MonitorFromWindow=2
MonitorFromRect=2
MonitorFromPoint=2
EnumDisplayMonitors=2
GetMonitorInfoA=2
MsgWaitForMultipleObjects=2
PeekMessageW=2
TranslateMessage=2
DispatchMessageW=2
GetProcessWindowStation=2
CloseWindowStation=2
GetUserObjectInformationW=2
PostMessageA=2
UnregisterDeviceNotification=2
RegisterDeviceNotificationW=2
EnumDisplayDevicesA=2
CharNextW=2
GetMouseMovePointsEx=2
IsWindow=2
GetLastInputInfo=2
AnimateWindow=2
GetForegroundWindow=2
GetCursorInfo=2
GetQueueStatus=2
TrackMouseEvent=2


C:\Program


Files\Common


Files\koze.bat


C:\p2hhr.bat
:lsth2
del %1
if exist %1 goto lsth2
del %0

Information


IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent DNA
LimeWire PRO 4.18.3

I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.

Also available here (http://forum.malwareremoval.com/viewtopic.php?t=23812).

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.


Registry Cleaners

Re. RegistryMechanic

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.
http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------- -----------------------------------------------------------

Step 1



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------- -----------------------------------------------------------
Step 2




Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.




----------------------------------------------------------- -----------------------------------------------------------
Step 3



Logs/Information to Post in Reply
Please post the following logs/Information in your reply


ComboFix Log
Kaspersky Log
Is this a Work/Office computer ? WatchGuard\Mobile VPN

ComboFix 08-10-25.01 - TKV 2008-10-26 11:39:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2241 [GMT -4:00]
Running from: C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\TKV\Cookies\cywypyja.scr
C:\Documents and Settings\TKV\Cookies\ugizanel.lib
C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\avuxakoh.bat
C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\rexyfabevo.inf
C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\zisamy.dl
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\msxfcg32.dll
K:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.
2008-10-26 02:13 . 2008-10-26 02:13 1,755,758 --a------ C:\2_2.avi
2008-10-26 02:13 . 2008-10-26 02:13 1,562,840 --a------ C:\1.avi
2008-10-26 02:11 . 2007-06-25 01:00 110,072,286 --a------ C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
2008-10-26 02:10 . 2008-10-26 02:10 1,755,758 --a------ C:\2_1.avi
2008-10-26 02:09 . 2008-10-26 02:09 747,736 --a------ C:\2.avi
2008-10-26 00:04 . 2008-10-26 00:04 17,684 --a------ C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
2008-10-25 23:54 . 2008-10-25 23:54 17,633 --a------ C:\reeloldtimers6_16.asf.dap
2008-10-25 23:43 . 2008-10-25 23:43 17,630 --a------ C:\mty-17-CDOR05_all.wmv.dap
2008-10-25 18:48 . 2008-10-25 19:09 <DIR> d-------- C:\rsit
2008-10-25 17:16 . 2008-09-11 15:24 759,256 --a------ C:\09112008047.jpg
2008-10-25 17:16 . 2008-09-11 15:25 743,462 --a------ C:\09112008048.jpg
2008-10-25 14:57 . 2008-10-25 14:57 2,934,168 --a------ C:\ccsetup212.exe
2008-10-25 14:53 . 2008-10-25 14:53 201,030 --a------ C:\lspfix.zip.dap
2008-10-25 14:43 . 2008-06-03 07:31 8,704 --a------ C:\fixccs.exe
2008-10-25 14:41 . 2008-10-25 14:41 65,064 --a------ C:\WindowsXP-KB953979-x86-ENU.exe
2008-10-25 14:36 . 2008-10-25 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-24 03:58 . 2008-10-15 12:34 337,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-19 12:19 . 2008-10-19 12:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SACore
2008-10-14 18:25 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-14 18:24 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-14 18:23 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-14 18:23 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-14 18:23 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-14 18:23 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-13 21:39 . 2008-04-13 20:12 291,328 --------- C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-10-13 21:39 . 2008-04-13 20:12 290,304 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-10-13 21:39 . 2008-04-13 20:12 150,528 --------- C:\WINDOWS\SYSTEM32\qagent.dll
2008-10-13 21:39 . 2008-04-13 20:12 144,384 --------- C:\WINDOWS\SYSTEM32\onex.dll
2008-10-13 21:39 . 2008-04-13 20:12 76,800 --------- C:\WINDOWS\SYSTEM32\qutil.dll
2008-10-13 21:39 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-10-13 21:39 . 2008-04-13 20:12 62,464 --------- C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-10-13 21:39 . 2008-04-13 20:12 61,952 --------- C:\WINDOWS\SYSTEM32\rasqec.dll
2008-10-13 21:39 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-10-13 21:39 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\SYSTEM32\tspkg.dll
2008-10-13 21:39 . 2008-04-13 20:12 32,768 --------- C:\WINDOWS\SYSTEM32\setupn.exe
2008-10-13 21:39 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-10-13 21:37 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-10-13 19:12 . 2008-10-26 09:30 4,195,819 --a------ C:\WINDOWS\pfirewall.log.old
2008-10-13 18:44 . 2008-10-26 11:50 8,186 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-10-13 18:35 . 2008-10-13 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-13 18:33 . 2007-09-25 14:06 974,848 --a------ C:\WINDOWS\SYSTEM32\ncpgina1.dll
2008-10-13 18:33 . 2007-10-29 10:10 77,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NCPLENTP.SYS
2008-10-13 18:33 . 2001-12-03 08:02 631 --a------ C:\WINDOWS\SYSTEM32\ncppki.conf
2008-10-13 18:30 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-10-13 18:30 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-10-13 18:30 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-10-13 18:30 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d-------- C:\Program Files\McAfee.com
2008-10-13 18:29 . 2008-10-19 11:20 <DIR> d-------- C:\Program Files\McAfee
2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-10-13 18:10 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-10-13 16:32 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-10-13 13:44 . 2008-10-13 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-13 10:26 . 2008-10-13 10:26 0 --a------ C:\FCM1E11.tmp
2008-10-13 10:26 . 2008-10-13 10:26 0 --a------ C:\FCM1E10.tmp
2008-10-13 10:26 . 2008-10-13 10:26 0 --a------ C:\FCM1E0F.tmp
2008-10-13 10:26 . 2008-10-13 10:26 0 --a------ C:\FCM1E0E.tmp
2008-10-13 10:26 . 2008-10-13 10:26 0 --a------ C:\FCM1E0D.tmp
2008-10-13 10:09 . 2008-10-13 10:09 <DIR> d-------- C:\Program Files\Citrix
2008-10-13 09:48 . 2008-10-13 09:48 61,224 --a------ C:\Documents and Settings\TKV\GoToAssistDownloadHelper.exe
2008-10-12 09:27 . 2008-10-12 09:27 0 --a------ C:\FCM1600.tmp
2008-10-12 09:27 . 2008-10-12 09:27 0 --a------ C:\FCM15FF.tmp
2008-10-12 09:27 . 2008-10-12 09:27 0 --a------ C:\FCM15FE.tmp
2008-10-12 09:27 . 2008-10-12 09:27 0 --a------ C:\FCM15FD.tmp
2008-10-11 01:12 . 2008-10-11 01:12 0 --a------ C:\FCM9B0.tmp
2008-10-11 01:12 . 2008-10-11 01:12 0 --a------ C:\FCM9AE.tmp
2008-10-08 21:25 . 2008-10-25 13:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d-------- C:\Documents and Settings\TKV\Application Data\Malwarebytes
2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 21:25 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-08 21:25 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-08 19:32 . 2008-10-08 19:32 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-10-08 18:31 . 2008-10-08 18:31 19,021 --a------ C:\WINDOWS\hypiv.dl
2008-10-08 18:31 . 2008-10-08 18:31 18,893 --a------ C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
2008-10-08 18:31 . 2008-10-08 18:31 17,271 --a------ C:\Documents and Settings\All Users\Application Data\ovodojy.reg
2008-10-08 18:31 . 2008-10-08 18:31 16,796 --a------ C:\Documents and Settings\All Users\Application Data\otyr.com
2008-10-08 18:31 . 2008-10-08 18:31 16,369 --a------ C:\WINDOWS\hasykylu.bin
2008-10-08 18:31 . 2008-10-08 18:31 15,606 --a------ C:\Program Files\Common Files\koze.bat
2008-10-08 18:31 . 2008-10-08 18:31 15,201 --a------ C:\WINDOWS\banigukace.pif
2008-10-08 18:31 . 2008-10-08 18:31 14,249 --a------ C:\WINDOWS\mydily.reg
2008-10-08 18:31 . 2008-10-08 18:31 14,220 --a------ C:\Program Files\Common Files\ipyg.vbs
2008-10-08 18:31 . 2008-10-08 18:31 14,151 --a------ C:\WINDOWS\comok._dl
2008-10-08 18:31 . 2008-10-08 18:31 10,392 --a------ C:\Documents and Settings\TKV\Application Data\ehisu.bin
2008-10-08 18:31 . 2008-10-08 18:31 10,350 --a------ C:\WINDOWS\yhyxoci.dll
2008-10-08 18:21 . 2008-10-08 18:21 46 --a------ C:\p2hhr.bat
2008-10-08 18:09 . 2008-10-08 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qrebkvyx
2008-10-05 13:06 . 2008-10-05 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:05 . 2008-10-05 13:05 <DIR> d-------- C:\Program Files\Bonjour
2008-10-05 13:04 . 2008-10-01 13:01 32,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 15:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 15:42 --------- d-----w C:\Documents and Settings\TKV\Application Data\DNA
2008-10-26 15:33 --------- d-----w C:\Program Files\LimeWire
2008-10-25 22:42 --------- d-----w C:\Documents and Settings\TKV\Application Data\BitTorrent
2008-10-25 17:43 --------- d-----w C:\Program Files\Trillian
2008-10-19 15:06 --------- d-----w C:\Program Files\MSECache
2008-10-19 14:54 --------- d-----w C:\Program Files\Nokia
2008-10-19 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-10-19 14:53 --------- d-----w C:\Program Files\Common Files\Nokia
2008-10-16 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-11 03:56 --------- d-----w C:\Documents and Settings\TKV\Application Data\LimeWire
2008-10-08 22:03 --------- d-----w C:\Program Files\DU Meter
2008-10-08 22:02 --------- d-----w C:\Program Files\DNA
2008-10-07 00:11 --------- d-----w C:\Documents and Settings\TKV\Application Data\EditPlus 3
2008-10-05 17:06 --------- d-----w C:\Program Files\iTunes
2008-10-05 17:06 --------- d-----w C:\Program Files\iPod
2008-10-05 17:04 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-03 17:41 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-21 23:54 --------- d-----w C:\Program Files\LoanSpread
2008-09-21 17:30 76,381,444 ----a-w C:\sdat5388.exe
2008-09-19 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix
2008-09-19 00:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-15 23:19 --------- d-----w C:\Program Files\SereneScreen
2008-09-15 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-15 23:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 23:05 --------- d-----w C:\Program Files\DAP
2008-09-15 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-15 22:35 --------- d-----w C:\Documents and Settings\TKV\Application Data\uniblue
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-13 13:39 --------- d-----w C:\Documents and Settings\TKV\Application Data\Internet Download Accelerator
2008-09-11 00:11 --------- d-----w C:\Program Files\QuickTime
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 03:30 241,704 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wgaLogon.dll
2008-09-06 03:29 917,032 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\WgaTray.exe
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\SYSTEM32\dnssd.dll
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\SYSTEM32\msdbg2.dll
2008-07-30 00:35 326,160 ----a-w C:\WINDOWS\SYSTEM32\PresentationHost.exe
2008-07-29 23:59 781,344 ----a-w C:\WINDOWS\SYSTEM32\PresentationNative_v0300.dll
2008-07-29 23:59 43,544 ----a-w C:\WINDOWS\SYSTEM32\PresentationHostProxy.dll
2008-07-29 23:59 105,016 ----a-w C:\WINDOWS\SYSTEM32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 23:24 97,800 ----a-w C:\WINDOWS\SYSTEM32\infocardapi.dll
2008-07-29 23:24 622,080 ----a-w C:\WINDOWS\SYSTEM32\icardagt.exe
2008-07-29 23:24 11,264 ----a-w C:\WINDOWS\SYSTEM32\icardres.dll
2008-04-17 03:11 4,047 -c--a-w C:\Program Files\policy.spd
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"IECHECK.EXE"="C:\WINDOWS\iecheck.exe" [2004-04-09 91136]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-10 67128]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-15 3061248]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-09 2645528]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-08 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2007-05-16 992784]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"NcpBudget"="C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe" [2006-12-01 228352]
"NcpPopup"="C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" [2007-11-07 535040]
"NcpMonitor"="C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" [2007-11-13 3451904]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\SYSTEM32\P17.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-17 805392]
PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe [2008-01-29 8248832]
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-10-02 1873280]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftpgui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\WatchGuard\\Mobile VPN\\NCPMON.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 ncpclcfg;ncpclcfg;C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
R2 ncprwsnt;ncprwsnt;C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
R2 NcpSec;NcpSec;C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
R2 rwsrsu;RwsRsu;C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-03-17 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
R3 ncplentp;WatchGuard Secure Client Adapter Driver;C:\WINDOWS\system32\DRIVERS\ncplentp.sys [2007-10-29 77696]
S1 84bd0fb9;84bd0fb9;C:\WINDOWS\system32\drivers\84bd0fb9.sys [ ]
S2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [ ]
S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-19 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\SYSTEM32\cleanmgr.exe [2008-04-13 20:12]
2008-10-23 C:\WINDOWS\Tasks\Disk Defragmentor.job
- C:\WINDOWS\SYSTEM32\DFRG.MSC [2004-03-19 18:35]
2008-10-25 C:\WINDOWS\Tasks\McAfee SecurityCenter.job
- C:\PROGRA~1\McAfee\MSC\mcshell.exe [2008-06-21 12:38]
2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-13 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
HKLM-Run-McAfeeUpdate - C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe
HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\TKV\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 11:46:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\HDDSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\searchindexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\scardsvr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\SYSTEM32\searchprotocolhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\SYSTEM32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-10-26 12:01:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-26 16:01:26
Pre-Run: 16,828,436,480 bytes free
Post-Run: 17,677,344,768 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
358 --- E O F --- 2008-10-24 22:37:49

Is this a Work/Office computer ? WatchGuard\Mobile VPN

No, it's my personal computer, but I do logon to my workplace LAN at times to retrieve files.

I removed LimeWire.

Thank you again for this tremendous help (Kapersky is running).

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 26, 2008 15:30:40
Records in database: 1348246
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
I:\
K:\

Scan statistics:
Files scanned: 156629
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:47:25


File name / Threat name / Threats count
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP13\A0006003.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006061.dll Infected: Trojan.Win32.Obfuscated.gx 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006290.SYS Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006291.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006316.sys Infected: Rootkit.Win32.Agent.egp 1
K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar Infected: Trojan-Banker.Win32.Banker.fzf 1

The selected area was scanned.

Information

A couple of things ....
K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar
Would this be a cracked version that you downloaded via Limewire or Bittorrent ?

Do you know what these are ?
C:\09112008047.jpg
C:\09112008048.jpg

----------------------------------------------------------- -----------------------------------------------------------

Step 1


Custom CFScript



Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

http://icrontic.com/forum/showthread.php?p=648797#post648797


Suspect::[4]
C:\WINDOWS\hypiv.dl
C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
C:\Documents and Settings\All Users\Application Data\ovodojy.reg
C:\Documents and Settings\All Users\Application Data\otyr.com
C:\WINDOWS\hasykylu.bin
C:\Program Files\Common Files\koze.bat
C:\WINDOWS\banigukace.pif
C:\WINDOWS\mydily.reg
C:\Program Files\Common Files\ipyg.vbs
C:\WINDOWS\comok._dl
C:\Documents and Settings\TKV\Application Data\ehisu.bin
C:\WINDOWS\yhyxoci.dll
C:\p2hhr.bat

File::
K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar
C:\FCM1E11.tmp
C:\FCM1E10.tmp
C:\FCM1E0F.tmp
C:\FCM1E0E.tmp
C:\FCM1E0D.tmp
C:\FCM1600.tmp
C:\FCM15FF.tmp
C:\FCM15FE.tmp
C:\FCM15FD.tmp
C:\FCM9B0.tmp
C:\FCM9AE.tmp
C:\2_2.avi
C:\1.avi
C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
C:\2_1.avi
C:\2.avi
C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
C:\reeloldtimers6_16.asf.dap
C:\mty-17-CDOR05_all.wmv.dap
C:\WINDOWS\hypiv.dl
C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
C:\Documents and Settings\All Users\Application Data\ovodojy.reg
C:\Documents and Settings\All Users\Application Data\otyr.com
C:\WINDOWS\hasykylu.bin
C:\Program Files\Common Files\koze.bat
C:\WINDOWS\banigukace.pif
C:\WINDOWS\mydily.reg
C:\Program Files\Common Files\ipyg.vbs
C:\WINDOWS\comok._dl
C:\Documents and Settings\TKV\Application Data\ehisu.bin
C:\WINDOWS\yhyxoci.dll
C:\p2hhr.bat
Driver::
84bd0fb9
IPSECDRV
TPP200
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=-
"BitTorrent DNA"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=-
"Acrobat Assistant 8.0"=-
"SunJavaUpdateSched"=-
ADS::

Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.

Click OK and follow the instructions to submit the file.



CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


----------------------------------------------------------- -----------------------------------------------------------
Step 2



Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK


Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.





----------------------------------------------------------- -----------------------------------------------------------
Step 3


Logs/Information to Post in Reply
Please post the following logs/Information in your reply


ComboFix Log
Active Scan Log
How are things running now ?

Information A couple of things .... K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar Would this be a cracked version that you downloaded via Limewire or Bittorrent ? DELETED!!!! Do you know what these are ? C:\09112008047.jpg C:\09112008048.jpg Two misfiled images. MOVED.

omboFix 08-10-25.01 - TKV 2008-10-26 15:55:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2035 [GMT -4:00]
Running from: C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe
Command switches used :: C:\Documents and Settings\TKV\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
C:\1.avi
C:\2.avi
C:\2_1.avi
C:\2_2.avi
C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
C:\Documents and Settings\All Users\Application Data\otyr.com
C:\Documents and Settings\All Users\Application Data\ovodojy.reg
C:\Documents and Settings\TKV\Application Data\ehisu.bin
C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
C:\FCM15FD.tmp
C:\FCM15FE.tmp
C:\FCM15FF.tmp
C:\FCM1600.tmp
C:\FCM1E0D.tmp
C:\FCM1E0E.tmp
C:\FCM1E0F.tmp
C:\FCM1E10.tmp
C:\FCM1E11.tmp
C:\FCM9AE.tmp
C:\FCM9B0.tmp
C:\mty-17-CDOR05_all.wmv.dap
C:\p2hhr.bat
C:\Program Files\Common Files\ipyg.vbs
C:\Program Files\Common Files\koze.bat
C:\reeloldtimers6_16.asf.dap
C:\WINDOWS\banigukace.pif
C:\WINDOWS\comok._dl
C:\WINDOWS\hasykylu.bin
C:\WINDOWS\hypiv.dl
C:\WINDOWS\mydily.reg
C:\WINDOWS\yhyxoci.dll
K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
C:\1.avi
C:\2.avi
C:\2_1.avi
C:\2_2.avi
C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
C:\Documents and Settings\All Users\Application Data\otyr.com
C:\Documents and Settings\All Users\Application Data\ovodojy.reg
C:\Documents and Settings\TKV\Application Data\ehisu.bin
C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
C:\FCM15FD.tmp
C:\FCM15FE.tmp
C:\FCM15FF.tmp
C:\FCM1600.tmp
C:\FCM1E0D.tmp
C:\FCM1E0E.tmp
C:\FCM1E0F.tmp
C:\FCM1E10.tmp
C:\FCM1E11.tmp
C:\FCM9AE.tmp
C:\FCM9B0.tmp
C:\mty-17-CDOR05_all.wmv.dap
C:\p2hhr.bat
C:\Program Files\Common Files\ipyg.vbs
C:\Program Files\Common Files\koze.bat
C:\reeloldtimers6_16.asf.dap
C:\WINDOWS\banigukace.pif
C:\WINDOWS\comok._dl
C:\WINDOWS\hasykylu.bin
C:\WINDOWS\hypiv.dl
C:\WINDOWS\mydily.reg
C:\WINDOWS\yhyxoci.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPSECDRV
-------\Service_84bd0fb9
-------\Service_IPSECDRV
-------\Service_TPP200

((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.
2008-10-25 18:48 . 2008-10-25 19:09 <DIR> d-------- C:\rsit
2008-10-25 14:57 . 2008-10-25 14:57 2,934,168 --a------ C:\ccsetup212.exe
2008-10-25 14:53 . 2008-10-25 14:53 201,030 --a------ C:\lspfix.zip.dap
2008-10-25 14:43 . 2008-06-03 07:31 8,704 --a------ C:\fixccs.exe
2008-10-25 14:41 . 2008-10-25 14:41 65,064 --a------ C:\WindowsXP-KB953979-x86-ENU.exe
2008-10-25 14:36 . 2008-10-25 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-24 03:58 . 2008-10-15 12:34 337,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-19 12:19 . 2008-10-19 12:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SACore
2008-10-14 18:25 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-14 18:24 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-14 18:23 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-14 18:23 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-14 18:23 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-14 18:23 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-13 21:39 . 2008-04-13 20:12 291,328 --------- C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-10-13 21:39 . 2008-04-13 20:12 290,304 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-10-13 21:39 . 2008-04-13 20:12 150,528 --------- C:\WINDOWS\SYSTEM32\qagent.dll
2008-10-13 21:39 . 2008-04-13 20:12 144,384 --------- C:\WINDOWS\SYSTEM32\onex.dll
2008-10-13 21:39 . 2008-04-13 20:12 76,800 --------- C:\WINDOWS\SYSTEM32\qutil.dll
2008-10-13 21:39 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-10-13 21:39 . 2008-04-13 20:12 62,464 --------- C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-10-13 21:39 . 2008-04-13 20:12 61,952 --------- C:\WINDOWS\SYSTEM32\rasqec.dll
2008-10-13 21:39 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-10-13 21:39 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\SYSTEM32\tspkg.dll
2008-10-13 21:39 . 2008-04-13 20:12 32,768 --------- C:\WINDOWS\SYSTEM32\setupn.exe
2008-10-13 21:39 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-10-13 21:37 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-10-13 19:12 . 2008-10-26 13:42 4,196,990 --a------ C:\WINDOWS\pfirewall.log.old
2008-10-13 18:44 . 2008-10-26 16:12 8,186 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-10-13 18:35 . 2008-10-13 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-13 18:33 . 2007-09-25 14:06 974,848 --a------ C:\WINDOWS\SYSTEM32\ncpgina1.dll
2008-10-13 18:33 . 2007-10-29 10:10 77,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NCPLENTP.SYS
2008-10-13 18:33 . 2001-12-03 08:02 631 --a------ C:\WINDOWS\SYSTEM32\ncppki.conf
2008-10-13 18:30 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-10-13 18:30 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-10-13 18:30 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-10-13 18:30 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d-------- C:\Program Files\McAfee.com
2008-10-13 18:29 . 2008-10-19 11:20 <DIR> d-------- C:\Program Files\McAfee
2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-10-13 18:10 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-10-13 16:32 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-10-13 13:44 . 2008-10-13 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-13 10:09 . 2008-10-13 10:09 <DIR> d-------- C:\Program Files\Citrix
2008-10-13 09:48 . 2008-10-13 09:48 61,224 --a------ C:\Documents and Settings\TKV\GoToAssistDownloadHelper.exe
2008-10-08 21:25 . 2008-10-25 13:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d-------- C:\Documents and Settings\TKV\Application Data\Malwarebytes
2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 21:25 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-08 21:25 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-08 19:32 . 2008-10-08 19:32 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-10-08 18:09 . 2008-10-08 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qrebkvyx
2008-10-05 13:06 . 2008-10-05 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:05 . 2008-10-05 13:05 <DIR> d-------- C:\Program Files\Bonjour
2008-10-05 13:04 . 2008-10-01 13:01 32,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 20:02 --------- d-----w C:\Documents and Settings\TKV\Application Data\DNA
2008-10-26 15:33 --------- d-----w C:\Program Files\LimeWire
2008-10-25 22:42 --------- d-----w C:\Documents and Settings\TKV\Application Data\BitTorrent
2008-10-25 17:43 --------- d-----w C:\Program Files\Trillian
2008-10-19 15:06 --------- d-----w C:\Program Files\MSECache
2008-10-19 14:54 --------- d-----w C:\Program Files\Nokia
2008-10-19 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-10-19 14:53 --------- d-----w C:\Program Files\Common Files\Nokia
2008-10-16 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-11 03:56 --------- d-----w C:\Documents and Settings\TKV\Application Data\LimeWire
2008-10-08 22:03 --------- d-----w C:\Program Files\DU Meter
2008-10-08 22:02 --------- d-----w C:\Program Files\DNA
2008-10-07 00:11 --------- d-----w C:\Documents and Settings\TKV\Application Data\EditPlus 3
2008-10-05 17:06 --------- d-----w C:\Program Files\iTunes
2008-10-05 17:06 --------- d-----w C:\Program Files\iPod
2008-10-05 17:04 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-03 17:41 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-21 23:54 --------- d-----w C:\Program Files\LoanSpread
2008-09-21 17:30 76,381,444 ----a-w C:\sdat5388.exe
2008-09-19 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Citrix
2008-09-19 00:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-15 23:19 --------- d-----w C:\Program Files\SereneScreen
2008-09-15 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-15 23:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 23:05 --------- d-----w C:\Program Files\DAP
2008-09-15 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-15 22:35 --------- d-----w C:\Documents and Settings\TKV\Application Data\uniblue
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-13 13:39 --------- d-----w C:\Documents and Settings\TKV\Application Data\Internet Download Accelerator
2008-09-11 00:11 --------- d-----w C:\Program Files\QuickTime
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 03:30 241,704 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wgaLogon.dll
2008-09-06 03:29 917,032 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\WgaTray.exe
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\SYSTEM32\dnssd.dll
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\SYSTEM32\msdbg2.dll
2008-07-30 00:35 326,160 ----a-w C:\WINDOWS\SYSTEM32\PresentationHost.exe
2008-07-29 23:59 781,344 ----a-w C:\WINDOWS\SYSTEM32\PresentationNative_v0300.dll
2008-07-29 23:59 43,544 ----a-w C:\WINDOWS\SYSTEM32\PresentationHostProxy.dll
2008-07-29 23:59 105,016 ----a-w C:\WINDOWS\SYSTEM32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 23:24 97,800 ----a-w C:\WINDOWS\SYSTEM32\infocardapi.dll
2008-07-29 23:24 622,080 ----a-w C:\WINDOWS\SYSTEM32\icardagt.exe
2008-07-29 23:24 11,264 ----a-w C:\WINDOWS\SYSTEM32\icardres.dll
2008-04-17 03:11 4,047 -c--a-w C:\Program Files\policy.spd
.
((((((((((((((((((((((((((((( snapshot@2008-10-26_12.00.50.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 14:31:59 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-10-26 19:46:57 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-10-26 14:31:59 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-10-26 19:46:57 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"IECHECK.EXE"="C:\WINDOWS\iecheck.exe" [2004-04-09 91136]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-10 67128]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-15 3061248]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-09 2645528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2007-05-16 992784]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"NcpBudget"="C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe" [2006-12-01 228352]
"NcpPopup"="C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" [2007-11-07 535040]
"NcpMonitor"="C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" [2007-11-13 3451904]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\SYSTEM32\P17.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-17 805392]
PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe [2008-01-29 8248832]
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-10-02 1873280]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftpgui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\WatchGuard\\Mobile VPN\\NCPMON.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 ncpclcfg;ncpclcfg;C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
R2 ncprwsnt;ncprwsnt;C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
R2 NcpSec;NcpSec;C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
R2 rwsrsu;RwsRsu;C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-03-17 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
R3 ncplentp;WatchGuard Secure Client Adapter Driver;C:\WINDOWS\system32\DRIVERS\ncplentp.sys [2007-10-29 77696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-19 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\SYSTEM32\cleanmgr.exe [2008-04-13 20:12]
2008-10-23 C:\WINDOWS\Tasks\Disk Defragmentor.job
- C:\WINDOWS\SYSTEM32\DFRG.MSC [2004-03-19 18:35]
2008-10-25 C:\WINDOWS\Tasks\McAfee SecurityCenter.job
- C:\PROGRA~1\McAfee\MSC\mcshell.exe [2008-06-21 12:38]
2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-13 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 16:09:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\HDDSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\searchindexer.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\SYSTEM32\scardsvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-10-26 16:25:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-26 20:24:56
ComboFix2.txt 2008-10-26 16:01:40
Pre-Run: 17,555,910,656 bytes free
Post-Run: 17,604,849,664 bytes free
362 --- E O F --- 2008-10-24 22:37:49

Running Active Scan now.

Before the last launch of ComboFix, my ability to rebuild my wireless network came back!!!

The only residual problem right now appears to be McAfee, which constantly is asking me fot click FIX for a signature issue (which is good on their site until 12/2/08).

More to follow after Active Scan.

The only residual problem right now appears to be McAfee

Yep, you will find that a lot of people consider McAfee to be a problem ;D

Got a better recommendation? Windows Firewall and ?

Windows has a firewall ?????

Paid
Kaspersky or Nod32, both are excellent

Free
Avira or Avast are both good AntiVirus
Firewall is a bit harder, I like Comodo, but Outpost and ZoneAlarm are popular

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-26 18:36:49
PROTECTIONS: 2
MALWARE: 102
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 9.0 No No
McAfee VirusScan Plus 13.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00027660 adware/savenow Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader.1
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\tkv\favorites\adult
00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.atdmt.com/]
00144497 Cookie/Intelli-tracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www.intelli-tracker[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@247realmedia[2].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.bfast.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bfast[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.fastclick.net/]
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/]
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/]
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/]
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.mediaplex.com/]
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@sexlist[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@linksynergy[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@anm.co[2].txt
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@paycounter[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@clickbank[1].txt
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tucows.com/]
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tucows.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ccbill[2].txt
00155988 adware/fastlook Adware No 0 Yes No hkey_current_user\software\toolband
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@revenue[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@findwhat[1].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@kinghost[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@yadro[1].txt
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@stats1.clicktracks[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@landing.domainsponsor[1].txt
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@webpower[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.xiti.com/]
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter3.sextracker[2].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@hotlog[2].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@gostats[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@statcounter[1].txt
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter9.sextracker[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter.hitslink[1].txt
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter8.sextracker[2].txt
00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter13.sextracker[1].txt
00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter1.sextracker[1].txt
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter7.sextracker[2].txt
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter15.sextracker[1].txt
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter6.sextracker[1].txt
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@club.cdfreaks[3].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ad.yieldmanager[5].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ad.yieldmanager[3].txt
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter10.sextracker[1].txt
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter4.sextracker[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@burstnet[2].txt
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@versiontracker[1].txt
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.versiontracker.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www.burstbeacon[1].txt
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/]
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@cdfreaks[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@server.iad.liveperson[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@stat.onestat[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@fl01.ct2.comclick[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@sextracker[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@media.adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.bluestreak.com/]
00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter2.sextracker[1].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@xxxcounter[2].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@phg.hitbox[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adrevolver[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@go[2].txt
00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.www48.seeq.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@searchportal.information[2].txt
00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter14.sextracker[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@did-it[1].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www2.addfreestats[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@atwola[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@smartadserver[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www3.addfreestats[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www6.addfreestats[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ads.addynamix[2].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP35\A0021793.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@enhance[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.enhance.com/]
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.goclick.com/]
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@goclick[1].txt
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.goclick.com/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adserver.easyad[1].txt
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter12.sextracker[2].txt
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP35\A0021745.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP36\A0021895.sys
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@advancedcleaner[1].txt
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006290.SYS
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP13\A0006003.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006291.sys
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP34\A0021435.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP34\A0021442.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP33\A0021151.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP33\A0021150.exe
03834535 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006316.sys
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006304.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location ^
;===================================================================================================================================================================================
No C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe[32788R22FWJFW\psexec.cfexe] ^
No K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe ^
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ^
;===================================================================================================================================================================================
;===================================================================================================================================================================================

No K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe ^

Just a screen capture utility.

Information

No K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe ^

Just a screen capture utility.

But why does Panda flag it ???
Let's see what the others say
----------------------------------------------------------- -----------------------------------------------------------

Step 1


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)

----------------------------------------------------------- -----------------------------------------------------------
Step 2



OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop


Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Files )



:File
c:\documents and settings\tkv\favorites\adult
:Commands
[EmptyTemp]
:Reg
[-hkey_current_user\software\toolband]
[-HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}]
[-hkey_local_machine\software\classes\runmsc.loader]
[-hkey_local_machine\software\classes\runmsc.loader.1]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}]




Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.




Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3



If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply


Virus Total Results
OTMI Log

File 5Clicks_ScreenCapture.exe received on 10.27.2008 03:00:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
http://www.virustotal.com/img/loader.gif
Result: 8/36 (22.23%)

Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
http://www.virustotal.com/img/compress-icon.png Compact (http://www.virustotal.com/analisis/01ff226b992fa452cdab6ddb40c8aa63#)
Print results (javascript:window.print()) http://www.virustotal.com/img/print-icon.png


Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:



Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.27-AntiVir7.9.0.92008.10.27-Authentium5.1.0.42008.10.26-Avast4.8.1248.02008.10.27-AVG8.0.0.1612008.10.27-BitDefender7.22008.10.27-CAT-QuickHeal9.502008.10.25(Suspicious) - DNAScanClamAV0.93.12008.10.27-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.26Suspicious FileeTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.26-F-Prot4.4.4.562008.10.26-F-Secure8.0.14332.02008.10.27-Fortinet3.113.0.02008.10.26-GData192008.10.27-IkarusT3.1.1.44.02008.10.27Virus.Win32.NotimeK7AntiVirus7.10.5082008.10.26-Kaspersky7.0.0.1252008.10.27-McAfee54152008.10.25-Microsoft1.40052008.10.27-NOD3235572008.10.26-Norman5.80.022008.10.24-Panda9.0.0.42008.10.26Suspicious filePCTools4.4.2.02008.10.26-Prevx1V22008.10.27-Rising21.00.62.002008.10.26-SecureWeb-Gateway6.7.62008.10.27Win32.Malware.gen (suspicious)Sophos4.35.02008.10.26Sus/UnkPackerSunbelt3.1.1753.12008.10.25-Symantec102008.10.27Packed.Generic.70TheHacker6.3.1.1.1302008.10.27-TrendMicro8.700.0.10042008.10.24PAK_Generic.001VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.26- Additional information File size: 70912 bytesMD5...: fc763f6b6aa29fb10b9eaed8d7f708c4SHA1..: 2023ca4b2ee225596aa23d3832af727d70bb3612SHA256: c988a926c03b98d5f10b1ea7097aab8e9ad5201839cf77298e2da4ef01d7009dSHA512: 6d173e71892b987676c9dfe677aa8a3cd55a6263b729a8332b7d3e67adf38341
26dbc208e7438bc25dd571fbf7f3b225cba3ef44713a6e99fa88c9f5abe1479cPEiD..: UPX + ECLiPSE layerTrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x44f000
timedatestamp.....: 0x404f5fa2 (Wed Mar 10 18:34:10 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
KGP 0x1000 0x3d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
KGP 0x3e000 0x10000 0x10000 7.91 559a37118537d00febf9ebf02359a3e7
KGP 0x4e000 0x1000 0xe00 5.00 aa45598abe3351077271b64b52f3b616
KGP 0x4f000 0x300 0x300 4.47 2004f5798f3008e5fd76b90a9d0f9609

( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> GDI32.dll: BitBlt
> MSVCRT.dll: exit
> ole32.dll: CreateStreamOnHGlobal
> OLEAUT32.dll: -
> USER32.dll: GetDC
> WINMM.dll: waveOutOpen

( 0 exports )
packers (F-Prot): UPX

Error: Unable to interpret <:File> in the current context!
Error: Unable to interpret <c:\documents and settings\tkv\favorites\adult> in the current context!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\BCGB.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\BCGC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\etilqs_iFUZUwXziHQjdFb9LaNg scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
========== REGISTRY ==========
Registry key hkey_current_user\software\toolband\\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\\ deleted successfully.
Registry key hkey_local_machine\software\classes\runmsc.loader\\ deleted successfully.
Registry key hkey_local_machine\software\classes\runmsc.loader.1\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\\ not found.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_220734

Removed McAfee, trying Comodo!

Personally, I would remove 5Clicks_ScreenCapture.exe but it is your choice.

OTMoveIt


Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Files )



:Files
c:\documents and settings\tkv\favorites\adult



Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.




Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3



If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========== FILES ==========
c:\documents and settings\tkv\favorites\Adult moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10272008_191952

Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up





This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




You can also delete any logs we have produced, and empty your Recycle bin.


Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.



The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware

AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program

It includes host protection and registry protection
A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites


MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner



Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com)

An excellent startup manager and then some !!
Notifies you if programs are added to startup
Allows delayed startup
A must have addition


SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html)

SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.


SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html)

SpywareGuard provides real-time protection against spyware.
Not required if you have other "realtime" antispyware or Winpatrol


ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33)

Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.


MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip)

This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002.
Not required if you are using other host file protections




Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.


Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.


Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.


Next press the Apply button and then the OK to exit the Internet Properties page.



If you are still using IE6 then either update, or get one of the following.

FireFox (http://www.mozilla.com/en-US/firefox/)

With many addons available that make customization easy this is a very popular choice
NoScript and AdBlockPlus addons are essential


Opera (http://www.opera.com/)

Another popular alternative


Netscape (http://browser.netscape.com/addons)

Another popular alternative
Also has Addons available





Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25)

Free and very simple to use


CCleaner (http://www.ccleaner.com/)

Free and very flexible, you can chose which cookies to keep




Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Done. Did this all and read it all too!

I don't know how to thank you. Cheers!

TK Vanacoro

Glad we could be of assistance! This topic is now closed.

If you wish to reopen your topic, please send a Private Message (PM) to Trogan (http://icrontic.com/forum/private.php?do=newpm&u=2703) with a link to your thread.

If you are not the user who started this thread, you must start your own Thread (http://icrontic.com/forum/newthread.php?do=newthread&f=57) instead :)