AntiXPSpyware2008

I got hammered by this messy program.

Ran Malwarebyte's program....but I still do not have a wireless network.
McAfee won't come back on line since (and McAfee can't help).
Ran the LSFixx program and it says it's fine.

Ran Hijackthis and here is the output:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:14, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PictureShare\PSClient.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;*.local
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NcpBudget] "C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" autorun
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe" /RunKey
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PictureShare.net Startup.lnk = C:\Program Files\PictureShare\PSClient.exe
O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167533093671
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F42E266-8B81-4F3D-98EF-40A356C65D51}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ncpclcfg - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 16174 bytes

If anyone can help, I would GREATLY appreciate it.

TK Vanacoro
wpcphd@verizon.net :cool:
«1

Comments

  • edited October 2008
    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.

    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly :D

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe




    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
  • edited October 2008
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by TKV at 2008-10-25 18:59:02
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 17 GB (11%) free of 149 GB
    Total RAM: 3070 MB (70% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:59:03, on 10/25/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\DU Meter\DUMeterSvc.exe
    C:\WINDOWS\system32\HDDSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
    C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
    C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Hard Drive Inspector\HDInspector.exe
    C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    C:\Program Files\Logitech\SetPoint\LBTWiz.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe
    C:\PROGRA~1\McAfee\MHN\McENUI.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\PictureShare\PSClient.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\TKV\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\TKV.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;*.local
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
    O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [NcpBudget] "C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe"
    O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
    O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" autorun
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
    O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe" /RunKey
    O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: PictureShare.net Startup.lnk = C:\Program Files\PictureShare\PSClient.exe
    O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167533093671
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F42E266-8B81-4F3D-98EF-40A356C65D51}: NameServer = 192.168.1.1
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
    O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: ncpclcfg - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
    O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
    O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
    O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

    --
    End of file - 16334 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Disk Cleanup.job
    C:\WINDOWS\tasks\Disk Defragmentor.job
    C:\WINDOWS\tasks\McAfee SecurityCenter.job
    C:\WINDOWS\tasks\McDefragTask.job
    C:\WINDOWS\tasks\McQcTask.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
    McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2008-07-09 246088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
    McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 135168]
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
    "CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
    "P17Helper"=Rundll32 P17.dll []
    "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
    "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
    ""= []
    "HDInspector.exe"=C:\Program Files\Hard Drive Inspector\HDInspector.exe [2007-05-16 992784]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
    "Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248]
    "Iomega Automatic Backup 1.0.1"=C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe [2002-10-15 3014656]
    "Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
    "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
    "NcpBudget"=C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe [2006-12-01 228352]
    "NcpPopup"=C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe [2007-11-07 535040]
    "NcpMonitor"=C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe [2007-11-13 3451904]
    "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
    "McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2008-07-10 5129504]
    "McAfeeUpdate"=C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe /RunKey []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "IECHECK.EXE"=C:\WINDOWS\iecheck.exe [2004-04-09 91136]
    "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1 []
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
    "Iomega Automatic Backup"=C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe [2002-10-15 3014656]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-10 67128]
    "RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
    "DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-09-15 3061248]
    "DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2008-06-09 2645528]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-10-08 289088]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe
    Trillian.lnk - C:\Program Files\Trillian\trillian.exe
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="karna.dat"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"=C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 69632]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=
    scecli
    scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mpfservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "ForceClassicControlPanel"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AOL Fanfare\abia.exe"="C:\Program Files\AOL Fanfare\abia.exe:*:Enabled:abia"
    "C:\Program Files\AOL Fanfare\ACSConfig.exe"="C:\Program Files\AOL Fanfare\ACSConfig.exe:*:Enabled:ACSConfig"
    "C:\Program Files\AOL Fanfare\ac_abook.exe"="C:\Program Files\AOL Fanfare\ac_abook.exe:*:Enabled:ac_abook"
    "C:\Program Files\AOL Fanfare\ac_abookd.exe"="C:\Program Files\AOL Fanfare\ac_abookd.exe:*:Enabled:ac_abookd"
    "C:\Program Files\AOL Fanfare\ac_authd.exe"="C:\Program Files\AOL Fanfare\ac_authd.exe:*:Enabled:ac_authd"
    "C:\Program Files\AOL Fanfare\ac_calendar.exe"="C:\Program Files\AOL Fanfare\ac_calendar.exe:*:Enabled:ac_calendar"
    "C:\Program Files\AOL Fanfare\ac_help.exe"="C:\Program Files\AOL Fanfare\ac_help.exe:*:Enabled:ac_help"
    "C:\Program Files\AOL Fanfare\ac_idmgr.exe"="C:\Program Files\AOL Fanfare\ac_idmgr.exe:*:Enabled:ac_idmgr"
    "C:\Program Files\AOL Fanfare\ac_im.exe"="C:\Program Files\AOL Fanfare\ac_im.exe:*:Enabled:ac_im"
    "C:\Program Files\AOL Fanfare\ac_launch.exe"="C:\Program Files\AOL Fanfare\ac_launch.exe:*:Enabled:ac_launch"
    "C:\Program Files\AOL Fanfare\ac_mail.exe"="C:\Program Files\AOL Fanfare\ac_mail.exe:*:Enabled:ac_mail"
    "C:\Program Files\AOL Fanfare\ac_secdbm.exe"="C:\Program Files\AOL Fanfare\ac_secdbm.exe:*:Enabled:ac_secdbm"
    "C:\Program Files\AOL Fanfare\strunner.exe"="C:\Program Files\AOL Fanfare\strunner.exe:*:Enabled:strunner"
    "C:\Program Files\AOL Fanfare\Sidebar\contentbrowser.exe"="C:\Program Files\AOL Fanfare\Sidebar\contentbrowser.exe:*:Enabled:contentbrowser"
    "C:\Program Files\AOL Fanfare\Sidebar\sidebar.exe"="C:\Program Files\AOL Fanfare\Sidebar\sidebar.exe:*:Enabled:sidebar"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"
    "C:\Program Files\Palm\Hotsync.exe"="C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\Program Files\WS_FTP Pro\wsftpgui.exe"="C:\Program Files\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
    "C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe:*:Disabled:AOL Services"
    "C:\Program Files\AOL Fanfare\Sidebar\aoldiag.exe"="C:\Program Files\AOL Fanfare\Sidebar\aoldiag.exe:*:Disabled:AOLDiag"
    "C:\Program Files\AOL Fanfare\AOLDiag.exe"="C:\Program Files\AOL Fanfare\AOLDiag.exe:*:Disabled:AOLDiag"
    "C:\Program Files\Common Files\AOL\EE\AOLHostManager.exe"="C:\Program Files\Common Files\AOL\EE\AOLHostManager.exe:*:Disabled:AOLHostManager"
    "C:\Program Files\AOL Fanfare\ActiveX\AOLMediaPlaybackControl.exe"="C:\Program Files\AOL Fanfare\ActiveX\AOLMediaPlaybackControl.exe:*:Disabled:AOLMediaPlaybackControl"
    "C:\Program Files\Common Files\AOL\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\EE\AOLServiceHost.exe:*:Disabled:AOLServiceHost"
    "C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare"
    "C:\Program Files\CentraOne\bin\launcher.exe"="C:\Program Files\CentraOne\bin\launcher.exe:*:Disabled:CentraOne Launcher"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
    "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
    "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
    "D:\setup\hppniprint01.exe"="D:\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
    "D:\setup\HPPNIPRINT64.EXE"="D:\setup\HPPNIPRINT64.EXE:*:Enabled:hppniprint64.exe"
    "D:\setup\HPPNICIFS01.EXE"="D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
    "D:\setup\HPNTWKEXE.EXE"="D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe"="C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke"
    "C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe"="C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
    "C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe"="C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
    "C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe"="C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\Program Files\WatchGuard\Mobile VPN\NCPMON.exe"="C:\Program Files\WatchGuard\Mobile VPN\NCPMON.exe:*:Enabled:ncpmon.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe"="C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke"
    "C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe"="C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
    "C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe"="C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
    "C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe"="C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
    shell\AutoRun\command - F:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2008-10-25 18:48:12 ----D---- C:\rsit
    2008-10-25 14:57:20 ----A---- C:\ccsetup212.exe
    2008-10-25 14:43:43 ----A---- C:\fixccs.exe
    2008-10-25 14:41:59 ----A---- C:\WindowsXP-KB953979-x86-ENU.exe
    2008-10-25 14:36:17 ----D---- C:\Program Files\Trend Micro
    2008-10-24 18:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-15 21:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-15 21:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-15 21:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-15 21:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-15 21:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-13 22:42:17 ----D---- C:\WINDOWS\Prefetch
    2008-10-13 22:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-10-13 22:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-10-13 22:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-10-13 22:29:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-10-13 22:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-10-13 22:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2008-10-13 22:28:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-10-13 22:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-10-13 22:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-10-13 22:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-10-13 22:21:43 ----A---- C:\WINDOWS\setuplog.txt
    2008-10-13 22:08:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2008-10-13 21:39:55 ----N---- C:\WINDOWS\system32\wlanapi.dll
    2008-10-13 21:39:41 ----N---- C:\WINDOWS\system32\tspkg.dll
    2008-10-13 21:39:41 ----N---- C:\WINDOWS\system32\tsgqec.dll
    2008-10-13 21:39:23 ----N---- C:\WINDOWS\system32\setupn.exe
    2008-10-13 21:39:17 ----N---- C:\WINDOWS\system32\rhttpaa.dll
    2008-10-13 21:39:14 ----N---- C:\WINDOWS\system32\rasqec.dll
    2008-10-13 21:39:13 ----N---- C:\WINDOWS\system32\qutil.dll
    2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qcliprov.dll
    2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qagentrt.dll
    2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qagent.dll
    2008-10-13 21:39:06 ----N---- C:\WINDOWS\system32\onex.dll
    2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napstat.exe
    2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napmontr.dll
    2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napipsec.dll
    2008-10-13 21:38:51 ----A---- C:\WINDOWS\system32\msxml6r.dll
    2008-10-13 21:38:48 ----N---- C:\WINDOWS\system32\msshavmsg.dll
    2008-10-13 21:38:48 ----N---- C:\WINDOWS\system32\mssha.dll
    2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcperf.exe
    2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
    2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcex.dll
    2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
    2008-10-13 21:38:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
    2008-10-13 21:38:12 ----N---- C:\WINDOWS\system32\kmsvc.dll
    2008-10-13 21:38:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
    2008-10-13 21:38:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
    2008-10-13 21:38:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
    2008-10-13 21:38:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
    2008-10-13 21:37:59 ----N---- C:\WINDOWS\system32\smtpapi.dll
    2008-10-13 21:37:58 ----N---- C:\WINDOWS\system32\rwnh.dll
    2008-10-13 21:37:39 ----A---- C:\WINDOWS\003827_.tmp
    2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapsvc.dll
    2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapqec.dll
    2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eappprxy.dll
    2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapphost.dll
    2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eappgnui.dll
    2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eappcfg.dll
    2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eapp3hst.dll
    2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eapolqec.dll
    2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3ui.dll
    2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3svc.dll
    2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3msm.dll
    2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
    2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3dlg.dll
    2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3cfg.dll
    2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3api.dll
    2008-10-13 21:37:29 ----N---- C:\WINDOWS\system32\dimsroam.dll
    2008-10-13 21:37:29 ----N---- C:\WINDOWS\system32\dimsntfy.dll
    2008-10-13 21:37:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll
    2008-10-13 21:37:24 ----N---- C:\WINDOWS\system32\credssp.dll
    2008-10-13 21:37:16 ----N---- C:\WINDOWS\system32\bitsprx4.dll
    2008-10-13 21:37:16 ----N---- C:\WINDOWS\system32\azroles.dll
    2008-10-13 21:37:04 ----N---- C:\WINDOWS\system32\aaclient.dll
    2008-10-13 18:35:01 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-10-13 18:33:15 ----A---- C:\WINDOWS\system32\ncpgina1.dll
    2008-10-13 18:29:54 ----D---- C:\Program Files\Common Files\McAfee
    2008-10-13 18:29:53 ----D---- C:\Program Files\McAfee.com
    2008-10-13 18:29:42 ----D---- C:\Program Files\McAfee
    2008-10-13 13:44:58 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
    2008-10-13 10:26:02 ----A---- C:\FCM1E11.tmp
    2008-10-13 10:26:02 ----A---- C:\FCM1E10.tmp
    2008-10-13 10:26:02 ----A---- C:\FCM1E0F.tmp
    2008-10-13 10:26:02 ----A---- C:\FCM1E0E.tmp
    2008-10-13 10:26:01 ----A---- C:\FCM1E0D.tmp
    2008-10-13 10:09:28 ----D---- C:\Program Files\Citrix
    2008-10-12 09:27:45 ----A---- C:\FCM1600.tmp
    2008-10-12 09:27:45 ----A---- C:\FCM15FF.tmp
    2008-10-12 09:27:45 ----A---- C:\FCM15FE.tmp
    2008-10-12 09:27:45 ----A---- C:\FCM15FD.tmp
    2008-10-11 01:12:28 ----A---- C:\FCM9B0.tmp
    2008-10-11 01:12:26 ----A---- C:\FCM9AE.tmp
    2008-10-08 21:25:55 ----D---- C:\Documents and Settings\TKV\Application Data\Malwarebytes
    2008-10-08 21:25:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-08 21:25:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-08 19:32:57 ----D---- C:\Program Files\Common Files\Download Manager
    2008-10-08 18:31:39 ----A---- C:\WINDOWS\yhyxoci.dll
    2008-10-08 18:31:39 ----A---- C:\Documents and Settings\All Users\Application Data\otyr.com
    2008-10-08 18:31:38 ----A---- C:\Program Files\Common Files\koze.bat
    2008-10-08 18:31:38 ----A---- C:\Program Files\Common Files\ipyg.vbs
    2008-10-08 18:21:10 ----A---- C:\p2hhr.bat
    2008-10-08 18:09:32 ----D---- C:\Documents and Settings\All Users\Application Data\qrebkvyx
    2008-10-05 13:06:22 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-05 13:05:18 ----D---- C:\Program Files\Bonjour

    ======List of files/folders modified in the last 1 months======

    2008-10-25 18:50:05 ----D---- C:\WINDOWS\Temp
    2008-10-25 18:49:26 ----D---- C:\Documents and Settings\TKV\Application Data\DNA
    2008-10-25 18:42:27 ----D---- C:\Documents and Settings\TKV\Application Data\BitTorrent
    2008-10-25 18:24:09 ----D---- C:\WINDOWS
    2008-10-25 17:35:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-25 15:52:49 ----D---- C:\Program Files\Mozilla Firefox
    2008-10-25 15:33:39 ----SHD---- C:\WINDOWS\Installer
    2008-10-25 15:05:47 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-10-25 14:36:17 ----AD---- C:\Program Files
    2008-10-25 13:54:40 ----D---- C:\WINDOWS\system32\DRIVERS
    2008-10-25 13:49:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-25 13:47:39 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
    2008-10-25 13:47:38 ----A---- C:\WINDOWS\ModemLog_Nokia N95 Bluetooth Modem.txt
    2008-10-25 13:47:34 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
    2008-10-25 13:43:58 ----D---- C:\Program Files\Trillian
    2008-10-24 22:35:09 ----HD---- C:\WINDOWS\INF
    2008-10-24 22:10:44 ----D---- C:\WINDOWS\SYSTEM32
    2008-10-24 18:37:43 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
    2008-10-24 18:37:42 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-24 18:34:57 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-22 21:00:22 ----SHD---- C:\Config.Msi
    2008-10-19 11:06:55 ----D---- C:\Program Files\MSECache
    2008-10-19 10:54:39 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
    2008-10-19 10:54:35 ----D---- C:\WINDOWS\WinSxS
    2008-10-19 10:54:02 ----D---- C:\Program Files\Nokia
    2008-10-19 10:53:51 ----D---- C:\Program Files\Common Files\Nokia
    2008-10-15 21:05:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-15 21:04:45 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-15 21:04:12 ----D---- C:\Program Files\Internet Explorer
    2008-10-15 21:04:04 ----D---- C:\WINDOWS\ie7updates
    2008-10-15 21:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-13 22:54:56 ----D---- C:\Program Files\Messenger
    2008-10-13 22:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-10-13 22:47:46 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-13 22:41:25 ----D---- C:\WINDOWS\system32\Setup
    2008-10-13 22:41:25 ----D---- C:\WINDOWS\IME
    2008-10-13 22:41:25 ----D---- C:\WINDOWS\AppPatch
    2008-10-13 22:41:24 ----D---- C:\WINDOWS\system32\WBEM
    2008-10-13 22:41:24 ----D---- C:\Program Files\Outlook Express
    2008-10-13 22:41:24 ----D---- C:\Program Files\Common Files\System
    2008-10-13 22:41:23 ----RSD---- C:\WINDOWS\Fonts
    2008-10-13 22:27:22 ----D---- C:\WINDOWS\SECURITY
    2008-10-13 22:20:09 ----D---- C:\WINDOWS\system32\INETSRV
    2008-10-13 22:20:08 ----D---- C:\WINDOWS\network diagnostic
    2008-10-13 22:20:08 ----D---- C:\WINDOWS\Help
    2008-10-13 22:19:57 ----D---- C:\WINDOWS\system32\USMT
    2008-10-13 22:19:57 ----D---- C:\WINDOWS\system32\en-US
    2008-10-13 22:19:56 ----D---- C:\WINDOWS\system32\scripting
    2008-10-13 22:19:54 ----D---- C:\WINDOWS\system32\en
    2008-10-13 22:19:54 ----D---- C:\WINDOWS\l2schemas
    2008-10-13 22:19:53 ----D---- C:\WINDOWS\system32\bits
    2008-10-13 22:19:53 ----D---- C:\WINDOWS\peernet
    2008-10-13 22:19:52 ----D---- C:\Program Files\Movie Maker
    2008-10-13 22:16:35 ----D---- C:\WINDOWS\system32\Restore
    2008-10-13 22:16:35 ----D---- C:\WINDOWS\system32\NPP
    2008-10-13 22:16:35 ----D---- C:\WINDOWS\MUI
    2008-10-13 22:16:34 ----D---- C:\WINDOWS\MSAGENT
    2008-10-13 22:16:32 ----D---- C:\WINDOWS\SRCHASST
    2008-10-13 22:16:32 ----D---- C:\Program Files\NetMeeting
    2008-10-13 22:16:30 ----D---- C:\WINDOWS\system32\Com
    2008-10-13 22:16:28 ----D---- C:\Program Files\Windows Media Player
    2008-10-13 22:16:27 ----D---- C:\Program Files\Windows NT
    2008-10-13 22:16:11 ----D---- C:\WINDOWS\system32\OOBE
    2008-10-13 22:16:09 ----D---- C:\WINDOWS\SYSTEM
    2008-10-13 22:12:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2008-10-13 22:08:12 ----D---- C:\WINDOWS\EHome
    2008-10-13 18:56:31 ----D---- C:\Program Files\Registry Mechanic
    2008-10-13 18:33:56 ----A---- C:\WINDOWS\WIN.INI
    2008-10-13 18:30:06 ----SD---- C:\WINDOWS\Tasks
    2008-10-13 18:29:54 ----D---- C:\Program Files\Common Files
    2008-10-13 16:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2008-10-13 16:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-10-13 16:37:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2008-10-13 16:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2008-10-13 16:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2008-10-13 16:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
    2008-10-13 13:26:32 ----D---- C:\WINDOWS\ServicePackFiles
    2008-10-12 19:42:55 ----D---- C:\Garmin
    2008-10-12 16:56:21 ----D---- C:\WINDOWS\Registration
    2008-10-12 16:54:39 ----RSD---- C:\WINDOWS\assembly
    2008-10-12 16:54:01 ----D---- C:\WINDOWS\system32\URTTemp
    2008-10-11 16:00:52 ----AC---- C:\WINDOWS\wbocx.ini
    2008-10-10 23:56:45 ----D---- C:\Documents and Settings\TKV\Application Data\LimeWire
    2008-10-08 18:03:27 ----D---- C:\Program Files\DU Meter
    2008-10-08 18:02:35 ----D---- C:\Program Files\DNA
    2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-06 20:11:25 ----D---- C:\Documents and Settings\TKV\Application Data\EditPlus 3
    2008-10-05 18:58:45 ----D---- C:\Program Files\WinRAR
    2008-10-05 13:06:45 ----D---- C:\Program Files\iTunes
    2008-10-05 13:06:24 ----D---- C:\Program Files\iPod
    2008-10-05 13:04:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-10-05 13:04:42 ----D---- C:\Program Files\Common Files\Apple
    2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
  • edited October 2008
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-29 266295]
    R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
    R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
    R2 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-05-13 189968]
    R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 73852]
    R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [2008-05-02 121360]
    R2 Logitech Easy Synchronization;Logitech Easy Synchronization; C:\Program Files\Logitech\Easy Synchronization\servicestub.exe [2005-10-05 65536]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
    R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]
    R2 mcnasvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
    R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
    R2 mcshield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 mpfservice;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
    R2 msk80service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-07-09 25416]
    R2 ncpclcfg;ncpclcfg; C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
    R2 ncprwsnt;ncprwsnt; C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
    R2 NcpSec;NcpSec; C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
    R2 rwsrsu;RwsRsu; C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
    R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2006-12-14 654848]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
    R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 InterBaseServer;InterBase Server; C:\Program Files\Borland\Interbase\bin\ibserver.exe []
    S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2008-07-10 66848]
    S3 mcods;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S4 InterBaseGuardian;InterBase Guardian; C:\Program Files\Borland\Interbase\bin\ibguard.exe []
    S4 Iomega Activity Disk2;Iomega Activity Disk2; []
    S4 IomegaAccess;IomegaAccess; C:\WINDOWS\System32\iomegaaccess.exe /S []
    S4 mcsysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    EOF
  • edited October 2008
    Info File..

    [FONT=&quot]info.txt logfile of random's system information tool 1.04 2008-10-25 18:48:17[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]======Uninstall list======[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]-->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S [/FONT]
    [FONT=&quot]-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0[/FONT]
    [FONT=&quot]-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER[/FONT]
    [FONT=&quot]-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03DA-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove[/FONT]
    [FONT=&quot]-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
    [FONT=&quot]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}[/FONT]
    [FONT=&quot]5 Clicks-->MsiExec.exe /I{63FEE65A-366B-47BC-A696-925A12ABF525}[/FONT]
    [FONT=&quot]Adobe Acrobat 8.1.2 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}[/FONT]
    [FONT=&quot]Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}[/FONT]
    [FONT=&quot]Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe[/FONT]
    [FONT=&quot]Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe[/FONT]
    [FONT=&quot]Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log[/FONT]
    [FONT=&quot]Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}[/FONT]
    [FONT=&quot]Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}[/FONT]
    [FONT=&quot]ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" [/FONT]
    [FONT=&quot]ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean[/FONT]
    [FONT=&quot]BalanceLog-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A95EA5A4-8A64-40F9-A192-EAFD2C2C1203}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}[/FONT]
    [FONT=&quot]Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033 [/FONT]
    [FONT=&quot]Calculator Pro-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Calculator Pro\gb40Unst.LOG" [/FONT]
    [FONT=&quot]CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}[/FONT]
    [FONT=&quot]Color Schemer Studio-->"C:\Program Files\Color Schemer Studio\unins000.exe"[/FONT]
    [FONT=&quot]Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Complete Control Suite-->MsiExec.exe /I{92F08885-8871-4630-B7A0-2C0A6AC45F29}[/FONT]
    [FONT=&quot]Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove/remove[/FONT]
    [FONT=&quot]DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC[/FONT]
    [FONT=&quot]DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER[/FONT]
    [FONT=&quot]Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE[/FONT]
    [FONT=&quot]dpeg Cicada-->C:\WINDOWS\iun507.exe C:\Program Files\SomeWare\dpeg v6\\irunin.ini[/FONT]
    [FONT=&quot]DU Meter-->"C:\Program Files\DU Meter\unins001.exe"[/FONT]
    [FONT=&quot]Easy Video Joiner 5.21-->"C:\Program Files\Easy Video Joiner\unins000.exe"[/FONT]
    [FONT=&quot]EditPlus 3-->C:\Program Files\EditPlus 3\remove.exe[/FONT]
    [FONT=&quot]FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"[/FONT]
    [FONT=&quot]Garmin Communicator Plugin-->MsiExec.exe /X{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}[/FONT]
    [FONT=&quot]Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}[/FONT]
    [FONT=&quot]Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}[/FONT]
    [FONT=&quot]Hard Drive Inspector Pro edition 2.33 build # 385-->C:\Program Files\Hard Drive Inspector\Uninst.exe[/FONT]
    [FONT=&quot]HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall[/FONT]
    [FONT=&quot]Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""[/FONT]
    [FONT=&quot]Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST[/FONT]
    [FONT=&quot]Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"[/FONT]
    [FONT=&quot]Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}[/FONT]
    [FONT=&quot]Iomega Automatic Backup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA} [/FONT]
    [FONT=&quot]Ipswitch WS_FTP Professional 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly[/FONT]
    [FONT=&quot]iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}[/FONT]
    [FONT=&quot]Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}[/FONT]
    [FONT=&quot]Karen's LAN Monitor-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\LanMon\ST6UNST.LOG" [/FONT]
    [FONT=&quot]KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}[/FONT]
    [FONT=&quot]LimeWire PRO 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"[/FONT]
    [FONT=&quot]LoanAmortizerPro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ConsultCommerce\LoanAmortizerPro\DeIsL1.isu" -c"C:\Program Files\ConsultCommerce\LoanAmortizerPro\_ISREG32.DLL"[/FONT]
    [FONT=&quot]Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL[/FONT]
    [FONT=&quot]Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly[/FONT]
    [FONT=&quot]Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"[/FONT]
    [FONT=&quot]McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe[/FONT]
    [FONT=&quot]Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"[/FONT]
    [FONT=&quot]Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}[/FONT]
    [FONT=&quot]Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}[/FONT]
    [FONT=&quot]Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}[/FONT]
    [FONT=&quot]Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}[/FONT]
    [FONT=&quot]Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe[/FONT]
    [FONT=&quot]Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}[/FONT]
    [FONT=&quot]Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Microsoft Digital Image Suite 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE VERSION=11[/FONT]
    [FONT=&quot]Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120[/FONT]
    [FONT=&quot]Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}[/FONT]
    [FONT=&quot]Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Live Meeting 2007-->MsiExec.exe /I{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}[/FONT]
    [FONT=&quot]Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL[/FONT]
    [FONT=&quot]Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Project Professional 2003-->MsiExec.exe /I{913B0409-6000-11D3-8CFE-0150048383C9}[/FONT]
    [FONT=&quot]Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}[/FONT]
    [FONT=&quot]Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}[/FONT]
    [FONT=&quot]Microsoft Outlook Personal Folders Backup-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}[/FONT]
    [FONT=&quot]Microsoft Outlook Web Access S/MIME-->MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}[/FONT]
    [FONT=&quot]Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}[/FONT]
    [FONT=&quot]Mobile Phone Suite Easy Synchronization-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe[/FONT]
    [FONT=&quot]MP3 Repair Tool v1.5.2-->"C:\Program Files\Aspect one\MP3 Repair Tool\unins000.exe"[/FONT]
    [FONT=&quot]Mp3Doctor & Mp3Doctor PRO-->"C:\Program Files\Mp3Doctor\unins001.exe"[/FONT]
    [FONT=&quot]MSC Editor-->MsiExec.exe /I{8D335ACB-C23D-48DD-9493-BF88BF7B9AE0}[/FONT]
    [FONT=&quot]MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}[/FONT]
    [FONT=&quot]MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}[/FONT]
    [FONT=&quot]MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}[/FONT]
    [FONT=&quot]MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}[/FONT]
    [FONT=&quot]MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}[/FONT]
    [FONT=&quot]MX-3000 Editor-->MsiExec.exe /X{0F8267D9-3E3D-4187-83AE-863207A935CC}[/FONT]
    [FONT=&quot]MX-850 Editor-->MsiExec.exe /I{8C9DCE36-A270-4740-8084-A27B48C2F83E}[/FONT]
    [FONT=&quot]MX-900 Editor-->MsiExec.exe /X{30C6798C-2BA6-47AC-AD99-F60F0EBF665D}[/FONT]
    [FONT=&quot]MX-950 Editor-->MsiExec.exe /X{B762B2A5-883B-454B-A586-1DF6C4528262}[/FONT]
    [FONT=&quot]Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe[/FONT]
    [FONT=&quot]Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}[/FONT]
    [FONT=&quot]Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}[/FONT]
    [FONT=&quot]Nokia MTP driver-->MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}[/FONT]
    [FONT=&quot]Nokia Multimedia Factory-->MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}[/FONT]
    [FONT=&quot]Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_eng.exe[/FONT]
    [FONT=&quot]Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}[/FONT]
    [FONT=&quot]Nokia Software Updater-->MsiExec.exe /X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}[/FONT]
    [FONT=&quot]palmOne-->MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}[/FONT]
    [FONT=&quot]Password Corral v4.0-->"C:\Program Files\Password Corral v4.02\unins000.exe"[/FONT]
    [FONT=&quot]PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}[/FONT]
    [FONT=&quot]PictureShare.net-->C:\PROGRA~1\PICTUR~1\UNWISE.EXE C:\PROGRA~1\PICTUR~1\INSTALL.LOG[/FONT]
    [FONT=&quot]QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}[/FONT]
    [FONT=&quot]RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0[/FONT]
    [FONT=&quot]Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log[/FONT]
    [FONT=&quot]R-Undelete 3.5-->C:\Program Files\R-Undelete\Uninstall.exe[/FONT]
    [FONT=&quot]Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}[/FONT]
    [FONT=&quot]Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}[/FONT]
    [FONT=&quot]Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}[/FONT]
    [FONT=&quot]Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}[/FONT]
    [FONT=&quot]Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}[/FONT]
    [FONT=&quot]Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}[/FONT]
    [FONT=&quot]Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}[/FONT]
    [FONT=&quot]Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}[/FONT]
    [FONT=&quot]Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}[/FONT]
    [FONT=&quot]Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]SereneScreen Marine Aquarium 2.6-->"C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"[/FONT]
    [FONT=&quot]SetPointPatch-->MsiExec.exe /I{CE9DB414-A6E8-46D8-83CF-A3F6945D23E5}[/FONT]
    [FONT=&quot]Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9 [/FONT]
    [FONT=&quot]The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log[/FONT]
    [FONT=&quot]TreeSize Professional 5.1.1-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"[/FONT]
    [FONT=&quot]Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall[/FONT]
    [FONT=&quot]TX-1000 Editor-->MsiExec.exe /X{1B471546-EC64-47D0-8FAE-BF8E42BA80E3}[/FONT]
    [FONT=&quot]Update for Microsoft Office Outlook 2007 (KB950219)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {5C68AEA3-4D35-41C9-B4E4-21EAAA5A040A}[/FONT]
    [FONT=&quot]Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}[/FONT]
    [FONT=&quot]Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}[/FONT]
    [FONT=&quot]Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}[/FONT]
    [FONT=&quot]Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]WatchGuard Mobile VPN-->C:\Program Files\WatchGuard\Mobile VPN\uninst.exe[/FONT]
    [FONT=&quot]WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}[/FONT]
    [FONT=&quot]WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}[/FONT]
    [FONT=&quot]Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf[/FONT]
    [FONT=&quot]Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf[/FONT]
    [FONT=&quot]Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}[/FONT]
    [FONT=&quot]Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll[/FONT]
    [FONT=&quot]Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall[/FONT]
    [FONT=&quot]Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}[/FONT]
    [FONT=&quot]Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"[/FONT]
    [FONT=&quot]WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]=====HijackThis Backups=====[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]O23 - Service: IomegaAccess - Unknown owner - C:\WINDOWS\System32\iomegaaccess.exe (file missing)[/FONT]
    [FONT=&quot]O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://www.iilelearning.com/SiteRoots/main/Install/CentraDownloader.cab[/FONT]
    [FONT=&quot]O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)[/FONT]
    [FONT=&quot]O4 - HKLM\..\Run: [Auto EPSON PictureMate on BOBBIE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P32 "Auto EPSON PictureMate on BOBBIE" /O17 "\\BOBBIE\Printer4" /M "PictureMate"[/FONT]
    [FONT=&quot]O4 - HKLM\..\Run: [Auto EPSON PictureMate on DELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P30 "Auto EPSON PictureMate on DELL" /O15 "\\DELL\Printer4" /M "PictureMate"[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]======Security center information======[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]AV: McAfee VirusScan (disabled)[/FONT]
    [FONT=&quot]FW: McAfee Personal Firewall[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]======Environment variables======[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]"ComSpec"=%SystemRoot%\system32\cmd.exe[/FONT]
    [FONT=&quot]"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\[/FONT]
    [FONT=&quot]"windir"=%SystemRoot%[/FONT]
    [FONT=&quot]"OS"=Windows_NT[/FONT]
    [FONT=&quot]"PROCESSOR_ARCHITECTURE"=x86[/FONT]
    [FONT=&quot]"PROCESSOR_LEVEL"=15[/FONT]
    [FONT=&quot]"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel[/FONT]
    [FONT=&quot]"PROCESSOR_REVISION"=0304[/FONT]
    [FONT=&quot]"NUMBER_OF_PROCESSORS"=1[/FONT]
    [FONT=&quot]"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH[/FONT]
    [FONT=&quot]"TEMP"=%SystemRoot%\TEMP[/FONT]
    [FONT=&quot]"TMP"=%SystemRoot%\TEMP[/FONT]
    [FONT=&quot]"FP_NO_HOST_CHECK"=NO[/FONT]
    [FONT=&quot]"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip[/FONT]
    [FONT=&quot]"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip[/FONT]
    [FONT=&quot]"NcpClntInstallPath"=C:\Program Files\WatchGuard\Mobile VPN[/FONT]
    [FONT=&quot] [/FONT]
    [FONT=&quot]
    EOF
    [/FONT]
  • edited October 2008
    Submit a File For Analysis
    We need to have the files below Scanned by Uploading them/it to Virus Total

    Please visit Virustotal
    Copy/paste the the following file path into the window
    C:\WINDOWS\system32\smtpapi.dll
    Click Submit/Send File
    Please post back, to let me know the results.

    Please do the same for the following file
    C:\WINDOWS\system32\rwnh.dll
    C:\WINDOWS\system32\ncpgina1.dll
    C:\WINDOWS\yhyxoci.dll
    C:\WINDOWS\wbocx.ini


    If Virustotal is too busy please try Jotti


    Create A Batch File
    Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
    Save it as "All Files" and name it look.bat Please save it on your desktop.
    @echo off
    If exist C:\kresults.txt del /q C:\kresults.txt
    FOR %%G IN (
    C:\WINDOWS\wbocx.ini
    C:\Program Files\Common Files\koze.bat
    C:\p2hhr.bat
    ) DO (
    Echo %%G >> C:\kresults.txt
    type %%G >> C:\kresults.txt
    Echo. >> C:\kresults.txt
    Echo. >> C:\kresults.txt
    )
    dir /L /A /B /S "C:\Documents and Settings\All Users\Application Data\qrebkvyx" >> C:\kresults.txt
    start notepad C:\kresults.txt
    del /q %0
    exit
    Double click on look.bat
    Please be patient, as this will search the entire disc

    Notepad will open, please copy/paste the results here.
  • edited October 2008
    File has already been analysed: C:\WINDOWS\system32\smtpapi.dll


    MD5: f22ed2cd5e26514c6e8d21b5da4572a3 First received: - Date: 09.24.2008 10:33:43 (CET) [>31D] Results: 0/35 Permalink: analisis/a9a456a64b61e6f2de6962f90a5709a2
  • edited October 2008
    File rwnh.dll received on 10.26.2008 01:31:29 (CET)
    Result: 0/36 (0%)




    Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 9728 bytesMD5...: 5d55defb3ab92bc43c4dfd06935fa0f1SHA1..: 632b9318f8a2d743f7d2c303ad8ebb64b19eff96SHA256: e5ef7d3e3a9e955ec7162b4b43096316faae8c3c68c660ce125bb4aaa0494343SHA512: 83b64ed372c84b3426c3477fa256bce878c9748a3b57b6e57501b68c54c2acb3
    68b8123f5664e478f471f4424e2268eb18ec4ab2b6f044b3e996f23ab4aee442PEiD..: -TrID..: File type identification
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)PEInfo: PE Structure information
  • edited October 2008
    File yhyxoci.dll received on 10.26.2008 01:34:04 (CET)
    Result: 0/36 (0%)
    Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 10350 bytesMD5...: e5d08ae6e89328e5131490066643268cSHA1..: d0abe5154237ccbbde471f8376f3f4b4e03761bfSHA256: 8330bedc8669c4a5d2b57b2834726d0c70548f0c256fbad571b6ca45b478400eSHA512: 6ac30334cb5ca16026c1577ef6ec2988d6f93f0452bf98c405fda22ebaf68a6b
    a0f230b6f39927d096c2c9c4a2f2006b698075f3ad0f4b27f5e74d7b6be36ea7PEiD..: -TrID..: File type identification
    Adobe PhotoShop Brush (100.0%)PEInfo: -
  • edited October 2008
    File wbocx.ini received on 10.26.2008 01:36:25 (CET)
    Result: 0/36 (0%)
    Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 558 bytesMD5...: fa2e3a500e575cd5ddbe71fdb07c342aSHA1..: 24a022680c29338f3c77e4416b4fb863a99560c8SHA256: 7c2a0b57a406dc26acb83a4c385ab6aad5acc2509f87a90b15f4a0d9e3083967SHA512: 9ae29fe5387fb9687a85ea723a4e6909c946328fc1fedca147e434136a8a930f
    aae94cdca984dd245fd7fef7e5e57a51c9902d5cbe33947043df21bea3699f65PEiD..: -TrID..: File type identification
    Generic INI configuration (100.0%)PEInfo: -
  • edited October 2008
    C:\WINDOWS\wbocx.ini
    [aaaa]
    GetSystemMetrics=2
    MonitorFromWindow=2
    MonitorFromRect=2
    MonitorFromPoint=2
    EnumDisplayMonitors=2
    GetMonitorInfoA=2
    MsgWaitForMultipleObjects=2
    PeekMessageW=2
    TranslateMessage=2
    DispatchMessageW=2
    GetProcessWindowStation=2
    CloseWindowStation=2
    GetUserObjectInformationW=2
    PostMessageA=2
    UnregisterDeviceNotification=2
    RegisterDeviceNotificationW=2
    EnumDisplayDevicesA=2
    CharNextW=2
    GetMouseMovePointsEx=2
    IsWindow=2
    GetLastInputInfo=2
    AnimateWindow=2
    GetForegroundWindow=2
    GetCursorInfo=2
    GetQueueStatus=2
    TrackMouseEvent=2


    C:\Program


    Files\Common


    Files\koze.bat


    C:\p2hhr.bat
    :lsth2
    del %1
    if exist %1 goto lsth2
    del %0
  • edited October 2008
    Information


    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitTorrent DNA
    LimeWire PRO 4.18.3


    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Also available here.

    My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
    Please note: you must NOT use this whilst we are cleaning your machine.


    Registry Cleaners

    Re. RegistryMechanic

    I don't personally recommend the use of ANY registry cleaners.
    Here is an excerpt from a discussion on regcleaners
    Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
    The point we are trying to make is that the risk of using one far outweighs any benefit.
    If it does work perfectly you will not see any difference
    If it doesn't work properly you may end up with an expensive doorstop.
    http://forums.whatthetech.com/Regcleaner_t42862.html



    Step 1



    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper




    Step 2




    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)

    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

    Read the Requirements and limitations before you click Accept.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.





    Step 3



    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    • ComboFix Log
    • Kaspersky Log
    • Is this a Work/Office computer ? WatchGuard\Mobile VPN
  • edited October 2008
    ComboFix 08-10-25.01 - TKV 2008-10-26 11:39:44.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2241 [GMT -4:00]
    Running from: C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\TKV\Cookies\cywypyja.scr
    C:\Documents and Settings\TKV\Cookies\ugizanel.lib
    C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\avuxakoh.bat
    C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\rexyfabevo.inf
    C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\zisamy.dl
    C:\WINDOWS\IE4 Error Log.txt
    C:\WINDOWS\msxfcg32.dll
    K:\Autorun.inf
    .
    ((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
    .
    2008-10-26 02:13 . 2008-10-26 02:13 1,755,758 --a
    C:\2_2.avi
    2008-10-26 02:13 . 2008-10-26 02:13 1,562,840 --a
    C:\1.avi
    2008-10-26 02:11 . 2007-06-25 01:00 110,072,286 --a
    C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
    2008-10-26 02:10 . 2008-10-26 02:10 1,755,758 --a
    C:\2_1.avi
    2008-10-26 02:09 . 2008-10-26 02:09 747,736 --a
    C:\2.avi
    2008-10-26 00:04 . 2008-10-26 00:04 17,684 --a
    C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
    2008-10-25 23:54 . 2008-10-25 23:54 17,633 --a
    C:\reeloldtimers6_16.asf.dap
    2008-10-25 23:43 . 2008-10-25 23:43 17,630 --a
    C:\mty-17-CDOR05_all.wmv.dap
    2008-10-25 18:48 . 2008-10-25 19:09 <DIR> d
    C:\rsit
    2008-10-25 17:16 . 2008-09-11 15:24 759,256 --a
    C:\09112008047.jpg
    2008-10-25 17:16 . 2008-09-11 15:25 743,462 --a
    C:\09112008048.jpg
    2008-10-25 14:57 . 2008-10-25 14:57 2,934,168 --a
    C:\ccsetup212.exe
    2008-10-25 14:53 . 2008-10-25 14:53 201,030 --a
    C:\lspfix.zip.dap
    2008-10-25 14:43 . 2008-06-03 07:31 8,704 --a
    C:\fixccs.exe
    2008-10-25 14:41 . 2008-10-25 14:41 65,064 --a
    C:\WindowsXP-KB953979-x86-ENU.exe
    2008-10-25 14:36 . 2008-10-25 14:36 <DIR> d
    C:\Program Files\Trend Micro
    2008-10-24 03:58 . 2008-10-15 12:34 337,408
    C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
    2008-10-19 12:19 . 2008-10-19 12:19 <DIR> d
    C:\Documents and Settings\NetworkService\Application Data\SACore
    2008-10-14 18:25 . 2008-09-08 06:41 333,824
    C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
    2008-10-14 18:24 . 2008-09-15 08:12 1,846,400
    C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
    2008-10-14 18:23 . 2008-08-14 06:11 2,189,184
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
    2008-10-14 18:23 . 2008-08-14 06:09 2,145,280
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
    2008-10-14 18:23 . 2008-08-14 05:33 2,066,048
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
    2008-10-14 18:23 . 2008-08-14 05:33 2,023,936
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
    2008-10-13 21:39 . 2008-04-13 20:12 291,328
    C:\WINDOWS\SYSTEM32\qagentrt.dll
    2008-10-13 21:39 . 2008-04-13 20:12 290,304
    C:\WINDOWS\SYSTEM32\rhttpaa.dll
    2008-10-13 21:39 . 2008-04-13 20:12 150,528
    C:\WINDOWS\SYSTEM32\qagent.dll
    2008-10-13 21:39 . 2008-04-13 20:12 144,384
    C:\WINDOWS\SYSTEM32\onex.dll
    2008-10-13 21:39 . 2008-04-13 20:12 76,800
    C:\WINDOWS\SYSTEM32\qutil.dll
    2008-10-13 21:39 . 2008-04-13 20:12 69,120
    C:\WINDOWS\SYSTEM32\wlanapi.dll
    2008-10-13 21:39 . 2008-04-13 20:12 62,464
    C:\WINDOWS\SYSTEM32\qcliprov.dll
    2008-10-13 21:39 . 2008-04-13 20:12 61,952
    C:\WINDOWS\SYSTEM32\rasqec.dll
    2008-10-13 21:39 . 2008-04-13 20:12 53,248
    C:\WINDOWS\SYSTEM32\tsgqec.dll
    2008-10-13 21:39 . 2008-04-13 20:12 50,688
    C:\WINDOWS\SYSTEM32\tspkg.dll
    2008-10-13 21:39 . 2008-04-13 20:12 32,768
    C:\WINDOWS\SYSTEM32\setupn.exe
    2008-10-13 21:39 . 2008-04-13 14:40 10,240
    C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
    2008-10-13 21:37 . 2008-04-13 20:11 650,752
    C:\WINDOWS\SYSTEM32\dot3ui.dll
    2008-10-13 19:12 . 2008-10-26 09:30 4,195,819 --a
    C:\WINDOWS\pfirewall.log.old
    2008-10-13 18:44 . 2008-10-26 11:50 8,186 --a
    C:\WINDOWS\SYSTEM32\Config.MPF
    2008-10-13 18:35 . 2008-10-13 18:35 <DIR> d
    C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-10-13 18:33 . 2007-09-25 14:06 974,848 --a
    C:\WINDOWS\SYSTEM32\ncpgina1.dll
    2008-10-13 18:33 . 2007-10-29 10:10 77,696 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\NCPLENTP.SYS
    2008-10-13 18:33 . 2001-12-03 08:02 631 --a
    C:\WINDOWS\SYSTEM32\ncppki.conf
    2008-10-13 18:30 . 2008-06-02 14:55 120,136 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
    2008-10-13 18:30 . 2008-06-27 06:08 79,240 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
    2008-10-13 18:30 . 2008-06-27 06:08 40,488 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
    2008-10-13 18:30 . 2008-06-27 06:08 35,240 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
    2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d
    C:\Program Files\McAfee.com
    2008-10-13 18:29 . 2008-10-19 11:20 <DIR> d
    C:\Program Files\McAfee
    2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d
    C:\Program Files\Common Files\McAfee
    2008-10-13 18:10 . 2008-06-20 05:41 34,152 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
    2008-10-13 16:32 . 2008-04-11 15:04 691,712
    C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
    2008-10-13 13:44 . 2008-10-13 18:35 <DIR> d
    C:\Documents and Settings\All Users\Application Data\McAfee
    2008-10-13 10:26 . 2008-10-13 10:26 0 --a
    C:\FCM1E11.tmp
    2008-10-13 10:26 . 2008-10-13 10:26 0 --a
    C:\FCM1E10.tmp
    2008-10-13 10:26 . 2008-10-13 10:26 0 --a
    C:\FCM1E0F.tmp
    2008-10-13 10:26 . 2008-10-13 10:26 0 --a
    C:\FCM1E0E.tmp
    2008-10-13 10:26 . 2008-10-13 10:26 0 --a
    C:\FCM1E0D.tmp
    2008-10-13 10:09 . 2008-10-13 10:09 <DIR> d
    C:\Program Files\Citrix
    2008-10-13 09:48 . 2008-10-13 09:48 61,224 --a
    C:\Documents and Settings\TKV\GoToAssistDownloadHelper.exe
    2008-10-12 09:27 . 2008-10-12 09:27 0 --a
    C:\FCM1600.tmp
    2008-10-12 09:27 . 2008-10-12 09:27 0 --a
    C:\FCM15FF.tmp
    2008-10-12 09:27 . 2008-10-12 09:27 0 --a
    C:\FCM15FE.tmp
    2008-10-12 09:27 . 2008-10-12 09:27 0 --a
    C:\FCM15FD.tmp
    2008-10-11 01:12 . 2008-10-11 01:12 0 --a
    C:\FCM9B0.tmp
    2008-10-11 01:12 . 2008-10-11 01:12 0 --a
    C:\FCM9AE.tmp
    2008-10-08 21:25 . 2008-10-25 13:54 <DIR> d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d
    C:\Documents and Settings\TKV\Application Data\Malwarebytes
    2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-08 21:25 . 2008-10-22 16:10 38,496 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-10-08 21:25 . 2008-10-22 16:10 15,504 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-10-08 19:32 . 2008-10-08 19:32 <DIR> d
    C:\Program Files\Common Files\Download Manager
    2008-10-08 18:31 . 2008-10-08 18:31 19,021 --a
    C:\WINDOWS\hypiv.dl
    2008-10-08 18:31 . 2008-10-08 18:31 18,893 --a
    C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
    2008-10-08 18:31 . 2008-10-08 18:31 17,271 --a
    C:\Documents and Settings\All Users\Application Data\ovodojy.reg
    2008-10-08 18:31 . 2008-10-08 18:31 16,796 --a
    C:\Documents and Settings\All Users\Application Data\otyr.com
    2008-10-08 18:31 . 2008-10-08 18:31 16,369 --a
    C:\WINDOWS\hasykylu.bin
    2008-10-08 18:31 . 2008-10-08 18:31 15,606 --a
    C:\Program Files\Common Files\koze.bat
    2008-10-08 18:31 . 2008-10-08 18:31 15,201 --a
    C:\WINDOWS\banigukace.pif
    2008-10-08 18:31 . 2008-10-08 18:31 14,249 --a
    C:\WINDOWS\mydily.reg
    2008-10-08 18:31 . 2008-10-08 18:31 14,220 --a
    C:\Program Files\Common Files\ipyg.vbs
    2008-10-08 18:31 . 2008-10-08 18:31 14,151 --a
    C:\WINDOWS\comok._dl
    2008-10-08 18:31 . 2008-10-08 18:31 10,392 --a
    C:\Documents and Settings\TKV\Application Data\ehisu.bin
    2008-10-08 18:31 . 2008-10-08 18:31 10,350 --a
    C:\WINDOWS\yhyxoci.dll
    2008-10-08 18:21 . 2008-10-08 18:21 46 --a
    C:\p2hhr.bat
    2008-10-08 18:09 . 2008-10-08 18:09 <DIR> d
    C:\Documents and Settings\All Users\Application Data\qrebkvyx
    2008-10-05 13:06 . 2008-10-05 13:06 <DIR> d
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-05 13:05 . 2008-10-05 13:05 <DIR> d
    C:\Program Files\Bonjour
    2008-10-05 13:04 . 2008-10-01 13:01 32,000 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-26 15:51
    d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-26 15:42
    d
    w C:\Documents and Settings\TKV\Application Data\DNA
    2008-10-26 15:33
    d
    w C:\Program Files\LimeWire
    2008-10-25 22:42
    d
    w C:\Documents and Settings\TKV\Application Data\BitTorrent
    2008-10-25 17:43
    d
    w C:\Program Files\Trillian
    2008-10-19 15:06
    d
    w C:\Program Files\MSECache
    2008-10-19 14:54
    d
    w C:\Program Files\Nokia
    2008-10-19 14:54
    d
    w C:\Documents and Settings\All Users\Application Data\Installations
    2008-10-19 14:53
    d
    w C:\Program Files\Common Files\Nokia
    2008-10-16 01:05
    d
    w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-11 03:56
    d
    w C:\Documents and Settings\TKV\Application Data\LimeWire
    2008-10-08 22:03
    d
    w C:\Program Files\DU Meter
    2008-10-08 22:02
    d
    w C:\Program Files\DNA
    2008-10-07 00:11
    d
    w C:\Documents and Settings\TKV\Application Data\EditPlus 3
    2008-10-05 17:06
    d
    w C:\Program Files\iTunes
    2008-10-05 17:06
    d
    w C:\Program Files\iPod
    2008-10-05 17:04
    d
    w C:\Program Files\Common Files\Apple
    2008-10-03 17:41 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    2008-09-21 23:54
    d
    w C:\Program Files\LoanSpread
    2008-09-21 17:30 76,381,444 ----a-w C:\sdat5388.exe
    2008-09-19 00:43
    d
    w C:\Documents and Settings\All Users\Application Data\Citrix
    2008-09-19 00:23
    d
    w C:\Documents and Settings\LocalService\Application Data\SACore
    2008-09-15 23:19
    d
    w C:\Program Files\SereneScreen
    2008-09-15 23:14
    d
    w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-09-15 23:12
    d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-15 23:05
    d
    w C:\Program Files\DAP
    2008-09-15 23:02
    d
    w C:\Documents and Settings\All Users\Application Data\SpeedBit
    2008-09-15 22:35
    d
    w C:\Documents and Settings\TKV\Application Data\uniblue
    2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
    2008-09-13 13:39
    d
    w C:\Documents and Settings\TKV\Application Data\Internet Download Accelerator
    2008-09-11 00:11
    d
    w C:\Program Files\QuickTime
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-06 03:30 241,704
    w C:\WINDOWS\SYSTEM32\DLLCACHE\wgaLogon.dll
    2008-09-06 03:29 917,032
    w C:\WINDOWS\SYSTEM32\DLLCACHE\WgaTray.exe
    2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\SYSTEM32\dns-sd.exe
    2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\SYSTEM32\dnssd.dll
    2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2008-08-25 08:38 13,824
    w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
    2008-08-14 10:04 138,496
    w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
    2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
    2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\SYSTEM32\msdbg2.dll
    2008-07-30 00:35 326,160 ----a-w C:\WINDOWS\SYSTEM32\PresentationHost.exe
    2008-07-29 23:59 781,344 ----a-w C:\WINDOWS\SYSTEM32\PresentationNative_v0300.dll
    2008-07-29 23:59 43,544 ----a-w C:\WINDOWS\SYSTEM32\PresentationHostProxy.dll
    2008-07-29 23:59 105,016 ----a-w C:\WINDOWS\SYSTEM32\PresentationCFFRasterizerNative_v0300.dll
    2008-07-29 23:24 97,800 ----a-w C:\WINDOWS\SYSTEM32\infocardapi.dll
    2008-07-29 23:24 622,080 ----a-w C:\WINDOWS\SYSTEM32\icardagt.exe
    2008-07-29 23:24 11,264 ----a-w C:\WINDOWS\SYSTEM32\icardres.dll
    2008-04-17 03:11 4,047 -c--a-w C:\Program Files\policy.spd
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "IECHECK.EXE"="C:\WINDOWS\iecheck.exe" [2004-04-09 91136]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-10 67128]
    "RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-15 3061248]
    "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-09 2645528]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-08 289088]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
    "CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
    "HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2007-05-16 992784]
    "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
    "Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "NcpBudget"="C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe" [2006-12-01 228352]
    "NcpPopup"="C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" [2007-11-07 535040]
    "NcpMonitor"="C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" [2007-11-13 3451904]
    "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
    "P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\SYSTEM32\P17.dll]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-17 805392]
    PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe [2008-01-29 8248832]
    Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-10-02 1873280]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.g723"= g723.acm
    "vidc.I263"= I263_32.drv
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=&quot;"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\WS_FTP Pro\\wsftpgui.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\WatchGuard\\Mobile VPN\\NCPMON.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
    R2 ncpclcfg;ncpclcfg;C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
    R2 ncprwsnt;ncprwsnt;C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
    R2 NcpSec;NcpSec;C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
    R2 rwsrsu;RwsRsu;C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
    R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-03-17 35584]
    R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
    R3 ncplentp;WatchGuard Secure Client Adapter Driver;C:\WINDOWS\system32\DRIVERS\ncplentp.sys [2007-10-29 77696]
    S1 84bd0fb9;84bd0fb9;C:\WINDOWS\system32\drivers\84bd0fb9.sys [ ]
    S2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [ ]
    S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS [ ]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder
    2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    2008-10-19 C:\WINDOWS\Tasks\Disk Cleanup.job
    - C:\WINDOWS\SYSTEM32\cleanmgr.exe [2008-04-13 20:12]
    2008-10-23 C:\WINDOWS\Tasks\Disk Defragmentor.job
    - C:\WINDOWS\SYSTEM32\DFRG.MSC [2004-03-19 18:35]
    2008-10-25 C:\WINDOWS\Tasks\McAfee SecurityCenter.job
    - C:\PROGRA~1\McAfee\MSC\mcshell.exe [2008-06-21 12:38]
    2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
    2008-10-13 C:\WINDOWS\Tasks\McQcTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
    2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
    HKLM-Run-McAfeeUpdate - C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe
    HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE
    HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

    .
    Supplementary Scan
    .
    FireFox -: Profile - C:\Documents and Settings\TKV\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com
    FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
    FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
    FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    .
    **************************************************************************
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-26 11:46:15
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
    "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    DLLs Loaded Under Running Processes
    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
    .
    Other Running Processes
    .
    C:\WINDOWS\SYSTEM32\ati2evxx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
    C:\WINDOWS\SYSTEM32\HDDSvc.exe
    C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\MSK\msksrver.exe
    C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    C:\WINDOWS\SYSTEM32\searchindexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe
    C:\WINDOWS\SYSTEM32\scardsvr.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Logitech\SetPoint\LBTWiz.exe
    C:\WINDOWS\SYSTEM32\searchprotocolhost.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\WINDOWS\SYSTEM32\searchfilterhost.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-26 12:01:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-26 16:01:26
    Pre-Run: 16,828,436,480 bytes free
    Post-Run: 17,677,344,768 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    358 --- E O F --- 2008-10-24 22:37:49
  • edited October 2008
    Is this a Work/Office computer ? WatchGuard\Mobile VPN

    No, it's my personal computer, but I do logon to my workplace LAN at times to retrieve files.

    I removed LimeWire.

    Thank you again for this tremendous help (Kapersky is running).
  • edited October 2008


    KASPERSKY ONLINE SCANNER 7 REPORT
    Sunday, October 26, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Sunday, October 26, 2008 15:30:40
    Records in database: 1348246



    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    I:\
    K:\

    Scan statistics:
    Files scanned: 156629
    Threat name: 4
    Infected objects: 6
    Suspicious objects: 0
    Duration of the scan: 02:47:25


    File name / Threat name / Threats count
    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP13\A0006003.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006061.dll Infected: Trojan.Win32.Obfuscated.gx 1
    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006290.SYS Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006291.sys Infected: Backdoor.Win32.UltimateDefender.a 1
    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006316.sys Infected: Rootkit.Win32.Agent.egp 1
    K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar Infected: Trojan-Banker.Win32.Banker.fzf 1

    The selected area was scanned.
  • edited October 2008
    Information

    A couple of things ....
    K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar
    Would this be a cracked version that you downloaded via Limewire or Bittorrent ?

    Do you know what these are ?
    C:\09112008047.jpg
    C:\09112008048.jpg




    Step 1


    Custom CFScript
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      http://icrontic.com/forum/showthread.php?p=648797#post648797
      
      
      Suspect::[4]
      C:\WINDOWS\hypiv.dl
      C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
      C:\Documents and Settings\All Users\Application Data\ovodojy.reg
      C:\Documents and Settings\All Users\Application Data\otyr.com
      C:\WINDOWS\hasykylu.bin
      C:\Program Files\Common Files\koze.bat
      C:\WINDOWS\banigukace.pif
      C:\WINDOWS\mydily.reg
      C:\Program Files\Common Files\ipyg.vbs
      C:\WINDOWS\comok._dl
      C:\Documents and Settings\TKV\Application Data\ehisu.bin
      C:\WINDOWS\yhyxoci.dll
      C:\p2hhr.bat
      
      File::
      K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar
      C:\FCM1E11.tmp
      C:\FCM1E10.tmp
      C:\FCM1E0F.tmp
      C:\FCM1E0E.tmp
      C:\FCM1E0D.tmp
      C:\FCM1600.tmp
      C:\FCM15FF.tmp
      C:\FCM15FE.tmp
      C:\FCM15FD.tmp
      C:\FCM9B0.tmp
      C:\FCM9AE.tmp
      C:\2_2.avi
      C:\1.avi
      C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
      C:\2_1.avi
      C:\2.avi
      C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
      C:\reeloldtimers6_16.asf.dap
      C:\mty-17-CDOR05_all.wmv.dap
      C:\WINDOWS\hypiv.dl
      C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
      C:\Documents and Settings\All Users\Application Data\ovodojy.reg
      C:\Documents and Settings\All Users\Application Data\otyr.com
      C:\WINDOWS\hasykylu.bin
      C:\Program Files\Common Files\koze.bat
      C:\WINDOWS\banigukace.pif
      C:\WINDOWS\mydily.reg
      C:\Program Files\Common Files\ipyg.vbs
      C:\WINDOWS\comok._dl
      C:\Documents and Settings\TKV\Application Data\ehisu.bin
      C:\WINDOWS\yhyxoci.dll
      C:\p2hhr.bat
      Driver::
      84bd0fb9
      IPSECDRV
      TPP200
      Registry::
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RegistryMechanic"=-
      "BitTorrent DNA"=-
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "UpdReg"=-
      "Acrobat Assistant 8.0"=-
      "SunJavaUpdateSched"=-
      ADS::
      
    • Save this as CFScript.txt and place it on your desktop.


      CFScriptb.gif


    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
    • A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
    • Click OK and follow the instructions to submit the file.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



    Step 2



    Active Scan
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Please go to this site Link >> ActiveScan << LINK
    • Click the Scan Now button
    • Follow the prompts to install the Active X if necessary
    • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
    • When the scan is finished, a report will be generated
    • Next to Scan Details click the small Save button and save the report to your desktop.
    • Please post the report in your reply.





    Step 3


    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    • ComboFix Log
    • Active Scan Log
    • How are things running now ?
  • edited October 2008
    Information A couple of things .... K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar Would this be a cracked version that you downloaded via Limewire or Bittorrent ? DELETED!!!! Do you know what these are ? C:\09112008047.jpg C:\09112008048.jpg Two misfiled images. MOVED.
  • edited October 2008
    omboFix 08-10-25.01 - TKV 2008-10-26 15:55:30.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2035 [GMT -4:00]
    Running from: C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe
    Command switches used :: C:\Documents and Settings\TKV\Desktop\CFScript.txt
    * Created a new restore point
    * Resident AV is active

    FILE ::
    C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
    C:\1.avi
    C:\2.avi
    C:\2_1.avi
    C:\2_2.avi
    C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
    C:\Documents and Settings\All Users\Application Data\otyr.com
    C:\Documents and Settings\All Users\Application Data\ovodojy.reg
    C:\Documents and Settings\TKV\Application Data\ehisu.bin
    C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
    C:\FCM15FD.tmp
    C:\FCM15FE.tmp
    C:\FCM15FF.tmp
    C:\FCM1600.tmp
    C:\FCM1E0D.tmp
    C:\FCM1E0E.tmp
    C:\FCM1E0F.tmp
    C:\FCM1E10.tmp
    C:\FCM1E11.tmp
    C:\FCM9AE.tmp
    C:\FCM9B0.tmp
    C:\mty-17-CDOR05_all.wmv.dap
    C:\p2hhr.bat
    C:\Program Files\Common Files\ipyg.vbs
    C:\Program Files\Common Files\koze.bat
    C:\reeloldtimers6_16.asf.dap
    C:\WINDOWS\banigukace.pif
    C:\WINDOWS\comok._dl
    C:\WINDOWS\hasykylu.bin
    C:\WINDOWS\hypiv.dl
    C:\WINDOWS\mydily.reg
    C:\WINDOWS\yhyxoci.dll
    K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
    C:\1.avi
    C:\2.avi
    C:\2_1.avi
    C:\2_2.avi
    C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
    C:\Documents and Settings\All Users\Application Data\otyr.com
    C:\Documents and Settings\All Users\Application Data\ovodojy.reg
    C:\Documents and Settings\TKV\Application Data\ehisu.bin
    C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
    C:\FCM15FD.tmp
    C:\FCM15FE.tmp
    C:\FCM15FF.tmp
    C:\FCM1600.tmp
    C:\FCM1E0D.tmp
    C:\FCM1E0E.tmp
    C:\FCM1E0F.tmp
    C:\FCM1E10.tmp
    C:\FCM1E11.tmp
    C:\FCM9AE.tmp
    C:\FCM9B0.tmp
    C:\mty-17-CDOR05_all.wmv.dap
    C:\p2hhr.bat
    C:\Program Files\Common Files\ipyg.vbs
    C:\Program Files\Common Files\koze.bat
    C:\reeloldtimers6_16.asf.dap
    C:\WINDOWS\banigukace.pif
    C:\WINDOWS\comok._dl
    C:\WINDOWS\hasykylu.bin
    C:\WINDOWS\hypiv.dl
    C:\WINDOWS\mydily.reg
    C:\WINDOWS\yhyxoci.dll
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_IPSECDRV
    \Service_84bd0fb9
    \Service_IPSECDRV
    \Service_TPP200

    ((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
    .
    2008-10-25 18:48 . 2008-10-25 19:09 <DIR> d
    C:\rsit
    2008-10-25 14:57 . 2008-10-25 14:57 2,934,168 --a
    C:\ccsetup212.exe
    2008-10-25 14:53 . 2008-10-25 14:53 201,030 --a
    C:\lspfix.zip.dap
    2008-10-25 14:43 . 2008-06-03 07:31 8,704 --a
    C:\fixccs.exe
    2008-10-25 14:41 . 2008-10-25 14:41 65,064 --a
    C:\WindowsXP-KB953979-x86-ENU.exe
    2008-10-25 14:36 . 2008-10-25 14:36 <DIR> d
    C:\Program Files\Trend Micro
    2008-10-24 03:58 . 2008-10-15 12:34 337,408
    C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
    2008-10-19 12:19 . 2008-10-19 12:19 <DIR> d
    C:\Documents and Settings\NetworkService\Application Data\SACore
    2008-10-14 18:25 . 2008-09-08 06:41 333,824
    C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
    2008-10-14 18:24 . 2008-09-15 08:12 1,846,400
    C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
    2008-10-14 18:23 . 2008-08-14 06:11 2,189,184
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
    2008-10-14 18:23 . 2008-08-14 06:09 2,145,280
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
    2008-10-14 18:23 . 2008-08-14 05:33 2,066,048
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
    2008-10-14 18:23 . 2008-08-14 05:33 2,023,936
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
    2008-10-13 21:39 . 2008-04-13 20:12 291,328
    C:\WINDOWS\SYSTEM32\qagentrt.dll
    2008-10-13 21:39 . 2008-04-13 20:12 290,304
    C:\WINDOWS\SYSTEM32\rhttpaa.dll
    2008-10-13 21:39 . 2008-04-13 20:12 150,528
    C:\WINDOWS\SYSTEM32\qagent.dll
    2008-10-13 21:39 . 2008-04-13 20:12 144,384
    C:\WINDOWS\SYSTEM32\onex.dll
    2008-10-13 21:39 . 2008-04-13 20:12 76,800
    C:\WINDOWS\SYSTEM32\qutil.dll
    2008-10-13 21:39 . 2008-04-13 20:12 69,120
    C:\WINDOWS\SYSTEM32\wlanapi.dll
    2008-10-13 21:39 . 2008-04-13 20:12 62,464
    C:\WINDOWS\SYSTEM32\qcliprov.dll
    2008-10-13 21:39 . 2008-04-13 20:12 61,952
    C:\WINDOWS\SYSTEM32\rasqec.dll
    2008-10-13 21:39 . 2008-04-13 20:12 53,248
    C:\WINDOWS\SYSTEM32\tsgqec.dll
    2008-10-13 21:39 . 2008-04-13 20:12 50,688
    C:\WINDOWS\SYSTEM32\tspkg.dll
    2008-10-13 21:39 . 2008-04-13 20:12 32,768
    C:\WINDOWS\SYSTEM32\setupn.exe
    2008-10-13 21:39 . 2008-04-13 14:40 10,240
    C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
    2008-10-13 21:37 . 2008-04-13 20:11 650,752
    C:\WINDOWS\SYSTEM32\dot3ui.dll
    2008-10-13 19:12 . 2008-10-26 13:42 4,196,990 --a
    C:\WINDOWS\pfirewall.log.old
    2008-10-13 18:44 . 2008-10-26 16:12 8,186 --a
    C:\WINDOWS\SYSTEM32\Config.MPF
    2008-10-13 18:35 . 2008-10-13 18:35 <DIR> d
    C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-10-13 18:33 . 2007-09-25 14:06 974,848 --a
    C:\WINDOWS\SYSTEM32\ncpgina1.dll
    2008-10-13 18:33 . 2007-10-29 10:10 77,696 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\NCPLENTP.SYS
    2008-10-13 18:33 . 2001-12-03 08:02 631 --a
    C:\WINDOWS\SYSTEM32\ncppki.conf
    2008-10-13 18:30 . 2008-06-02 14:55 120,136 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
    2008-10-13 18:30 . 2008-06-27 06:08 79,240 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
    2008-10-13 18:30 . 2008-06-27 06:08 40,488 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
    2008-10-13 18:30 . 2008-06-27 06:08 35,240 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
    2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d
    C:\Program Files\McAfee.com
    2008-10-13 18:29 . 2008-10-19 11:20 <DIR> d
    C:\Program Files\McAfee
    2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d
    C:\Program Files\Common Files\McAfee
    2008-10-13 18:10 . 2008-06-20 05:41 34,152 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
    2008-10-13 16:32 . 2008-04-11 15:04 691,712
    C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
    2008-10-13 13:44 . 2008-10-13 18:35 <DIR> d
    C:\Documents and Settings\All Users\Application Data\McAfee
    2008-10-13 10:09 . 2008-10-13 10:09 <DIR> d
    C:\Program Files\Citrix
    2008-10-13 09:48 . 2008-10-13 09:48 61,224 --a
    C:\Documents and Settings\TKV\GoToAssistDownloadHelper.exe
    2008-10-08 21:25 . 2008-10-25 13:54 <DIR> d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d
    C:\Documents and Settings\TKV\Application Data\Malwarebytes
    2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-08 21:25 . 2008-10-22 16:10 38,496 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-10-08 21:25 . 2008-10-22 16:10 15,504 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-10-08 19:32 . 2008-10-08 19:32 <DIR> d
    C:\Program Files\Common Files\Download Manager
    2008-10-08 18:09 . 2008-10-08 18:09 <DIR> d
    C:\Documents and Settings\All Users\Application Data\qrebkvyx
    2008-10-05 13:06 . 2008-10-05 13:06 <DIR> d
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-05 13:05 . 2008-10-05 13:05 <DIR> d
    C:\Program Files\Bonjour
    2008-10-05 13:04 . 2008-10-01 13:01 32,000 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-26 20:14
    d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-26 20:02
    d
    w C:\Documents and Settings\TKV\Application Data\DNA
    2008-10-26 15:33
    d
    w C:\Program Files\LimeWire
    2008-10-25 22:42
    d
    w C:\Documents and Settings\TKV\Application Data\BitTorrent
    2008-10-25 17:43
    d
    w C:\Program Files\Trillian
    2008-10-19 15:06
    d
    w C:\Program Files\MSECache
    2008-10-19 14:54
    d
    w C:\Program Files\Nokia
    2008-10-19 14:54
    d
    w C:\Documents and Settings\All Users\Application Data\Installations
    2008-10-19 14:53
    d
    w C:\Program Files\Common Files\Nokia
    2008-10-16 01:05
    d
    w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-11 03:56
    d
    w C:\Documents and Settings\TKV\Application Data\LimeWire
    2008-10-08 22:03
    d
    w C:\Program Files\DU Meter
    2008-10-08 22:02
    d
    w C:\Program Files\DNA
    2008-10-07 00:11
    d
    w C:\Documents and Settings\TKV\Application Data\EditPlus 3
    2008-10-05 17:06
    d
    w C:\Program Files\iTunes
    2008-10-05 17:06
    d
    w C:\Program Files\iPod
    2008-10-05 17:04
    d
    w C:\Program Files\Common Files\Apple
    2008-10-03 17:41 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    2008-09-21 23:54
    d
    w C:\Program Files\LoanSpread
    2008-09-21 17:30 76,381,444 ----a-w C:\sdat5388.exe
    2008-09-19 00:43
    d
    w C:\Documents and Settings\All Users\Application Data\Citrix
    2008-09-19 00:23
    d
    w C:\Documents and Settings\LocalService\Application Data\SACore
    2008-09-15 23:19
    d
    w C:\Program Files\SereneScreen
    2008-09-15 23:14
    d
    w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-09-15 23:12
    d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-15 23:05
    d
    w C:\Program Files\DAP
    2008-09-15 23:02
    d
    w C:\Documents and Settings\All Users\Application Data\SpeedBit
    2008-09-15 22:35
    d
    w C:\Documents and Settings\TKV\Application Data\uniblue
    2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
    2008-09-13 13:39
    d
    w C:\Documents and Settings\TKV\Application Data\Internet Download Accelerator
    2008-09-11 00:11
    d
    w C:\Program Files\QuickTime
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-06 03:30 241,704
    w C:\WINDOWS\SYSTEM32\DLLCACHE\wgaLogon.dll
    2008-09-06 03:29 917,032
    w C:\WINDOWS\SYSTEM32\DLLCACHE\WgaTray.exe
    2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\SYSTEM32\dns-sd.exe
    2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\SYSTEM32\dnssd.dll
    2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2008-08-25 08:38 13,824
    w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
    2008-08-14 10:04 138,496
    w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
    2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
    2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\SYSTEM32\msdbg2.dll
    2008-07-30 00:35 326,160 ----a-w C:\WINDOWS\SYSTEM32\PresentationHost.exe
    2008-07-29 23:59 781,344 ----a-w C:\WINDOWS\SYSTEM32\PresentationNative_v0300.dll
    2008-07-29 23:59 43,544 ----a-w C:\WINDOWS\SYSTEM32\PresentationHostProxy.dll
    2008-07-29 23:59 105,016 ----a-w C:\WINDOWS\SYSTEM32\PresentationCFFRasterizerNative_v0300.dll
    2008-07-29 23:24 97,800 ----a-w C:\WINDOWS\SYSTEM32\infocardapi.dll
    2008-07-29 23:24 622,080 ----a-w C:\WINDOWS\SYSTEM32\icardagt.exe
    2008-07-29 23:24 11,264 ----a-w C:\WINDOWS\SYSTEM32\icardres.dll
    2008-04-17 03:11 4,047 -c--a-w C:\Program Files\policy.spd
    .
    ((((((((((((((((((((((((((((( [EMAIL="snapshot@2008-10-26_12.00.50.43"]snapshot@2008-10-26_12.00.50.43[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-10-26 14:31:59 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
    + 2008-10-26 19:46:57 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
    - 2008-10-26 14:31:59 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
    + 2008-10-26 19:46:57 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "IECHECK.EXE"="C:\WINDOWS\iecheck.exe" [2004-04-09 91136]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-10 67128]
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-15 3061248]
    "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-09 2645528]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
    "CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2007-05-16 992784]
    "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
    "Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "NcpBudget"="C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe" [2006-12-01 228352]
    "NcpPopup"="C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" [2007-11-07 535040]
    "NcpMonitor"="C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" [2007-11-13 3451904]
    "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
    "P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\SYSTEM32\P17.dll]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-17 805392]
    PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe [2008-01-29 8248832]
    Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-10-02 1873280]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.g723"= g723.acm
    "vidc.I263"= I263_32.drv
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=&quot;"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\WS_FTP Pro\\wsftpgui.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\DNA\\btdna.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\WatchGuard\\Mobile VPN\\NCPMON.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
    R2 ncpclcfg;ncpclcfg;C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
    R2 ncprwsnt;ncprwsnt;C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
    R2 NcpSec;NcpSec;C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
    R2 rwsrsu;RwsRsu;C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
    R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-03-17 35584]
    R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
    R3 ncplentp;WatchGuard Secure Client Adapter Driver;C:\WINDOWS\system32\DRIVERS\ncplentp.sys [2007-10-29 77696]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder
    2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    2008-10-19 C:\WINDOWS\Tasks\Disk Cleanup.job
    - C:\WINDOWS\SYSTEM32\cleanmgr.exe [2008-04-13 20:12]
    2008-10-23 C:\WINDOWS\Tasks\Disk Defragmentor.job
    - C:\WINDOWS\SYSTEM32\DFRG.MSC [2004-03-19 18:35]
    2008-10-25 C:\WINDOWS\Tasks\McAfee SecurityCenter.job
    - C:\PROGRA~1\McAfee\MSC\mcshell.exe [2008-06-21 12:38]
    2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
    2008-10-13 C:\WINDOWS\Tasks\McQcTask.job
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
    2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
    .
    **************************************************************************
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-26 16:09:05
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
    "ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    DLLs Loaded Under Running Processes
    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
    .
    Other Running Processes
    .
    C:\WINDOWS\SYSTEM32\ati2evxx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
    C:\WINDOWS\SYSTEM32\HDDSvc.exe
    C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\Program Files\McAfee\MSK\msksrver.exe
    C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    C:\WINDOWS\SYSTEM32\searchindexer.exe
    C:\WINDOWS\SYSTEM32\fxssvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\SYSTEM32\scardsvr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-26 16:25:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-26 20:24:56
    ComboFix2.txt 2008-10-26 16:01:40
    Pre-Run: 17,555,910,656 bytes free
    Post-Run: 17,604,849,664 bytes free
    362 --- E O F --- 2008-10-24 22:37:49
  • edited October 2008
    Running Active Scan now.

    Before the last launch of ComboFix, my ability to rebuild my wireless network came back!!!

    The only residual problem right now appears to be McAfee, which constantly is asking me fot click FIX for a signature issue (which is good on their site until 12/2/08).

    More to follow after Active Scan.
  • edited October 2008
    vanacoro wrote:
    The only residual problem right now appears to be McAfee

    Yep, you will find that a lot of people consider McAfee to be a problem ;D
  • edited October 2008
    Got a better recommendation? Windows Firewall and ?
  • edited October 2008
    Windows has a firewall ?????

    Paid
    Kaspersky or Nod32, both are excellent

    Free
    Avira or Avast are both good AntiVirus
    Firewall is a bit harder, I like Comodo, but Outpost and ZoneAlarm are popular
  • edited October 2008
    [FONT=&quot];***********************************************************************************************************************************************************************************[/FONT]
    [FONT=&quot]ANALYSIS: 2008-10-26 18:36:49[/FONT]
    [FONT=&quot]PROTECTIONS: 2[/FONT]
    [FONT=&quot]MALWARE: 102[/FONT]
    [FONT=&quot]SUSPECTS: 2[/FONT]
    [FONT=&quot];***********************************************************************************************************************************************************************************[/FONT]
    [FONT=&quot]PROTECTIONS[/FONT]
    [FONT=&quot]Description Version Active Updated[/FONT]
    [FONT=&quot];===================================================================================================================================================================================[/FONT]
    [FONT=&quot]McAfee Internet Security Suite 2007 9.0 No No[/FONT]
    [FONT=&quot]McAfee VirusScan Plus 13.0 No No[/FONT]
    [FONT=&quot];===================================================================================================================================================================================[/FONT]
    [FONT=&quot]MALWARE[/FONT]
    [FONT=&quot]Id Description Type Active Severity Disinfectable Disinfected Location[/FONT]
    [FONT=&quot];===================================================================================================================================================================================[/FONT]
    [FONT=&quot]00027660 adware/savenow Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}[/FONT]
    [FONT=&quot]00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader[/FONT]
    [FONT=&quot]00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader.1[/FONT]
    [FONT=&quot]00039204 adware/cws Adware No 0 Yes No c:\documents and settings\tkv\favorites\adult[/FONT]
    [FONT=&quot]00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}[/FONT]
    [FONT=&quot]00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@trafficmp[1].txt[/FONT]
    [FONT=&quot]00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@casalemedia[2].txt[/FONT]
    [FONT=&quot]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@doubleclick[1].txt[/FONT]
    [FONT=&quot]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.doubleclick.net/][/FONT]
    [FONT=&quot]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.doubleclick.net/][/FONT]
    [FONT=&quot]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.atdmt.com/][/FONT]
    [FONT=&quot]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@atdmt[2].txt[/FONT]
    [FONT=&quot]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.atdmt.com/][/FONT]
    [FONT=&quot]00144497 Cookie/Intelli-tracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www.intelli-tracker[1].txt[/FONT]
    [FONT=&quot]00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@tradedoubler[1].txt[/FONT]
    [FONT=&quot]00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@247realmedia[2].txt[/FONT]
    [FONT=&quot]00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.bfast.com/][/FONT]
    [FONT=&quot]00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bfast[1].txt[/FONT]
    [FONT=&quot]00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@fastclick[1].txt[/FONT]
    [FONT=&quot]00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.fastclick.net/][/FONT]
    [FONT=&quot]00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/][/FONT]
    [FONT=&quot]00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/][/FONT]
    [FONT=&quot]00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/][/FONT]
    [FONT=&quot]00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/][/FONT]
    [FONT=&quot]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tribalfusion.com/][/FONT]
    [FONT=&quot]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.tribalfusion.com/][/FONT]
    [FONT=&quot]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@tribalfusion[2].txt[/FONT]
    [FONT=&quot]00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@mediaplex[1].txt[/FONT]
    [FONT=&quot]00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.mediaplex.com/][/FONT]
    [FONT=&quot]00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@sexlist[1].txt[/FONT]
    [FONT=&quot]00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@linksynergy[1].txt[/FONT]
    [FONT=&quot]00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@anm.co[2].txt[/FONT]
    [FONT=&quot]00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@paycounter[2].txt[/FONT]
    [FONT=&quot]00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@clickbank[1].txt[/FONT]
    [FONT=&quot]00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tucows.com/][/FONT]
    [FONT=&quot]00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tucows.com/][/FONT]
    [FONT=&quot]00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ccbill[2].txt[/FONT]
    [FONT=&quot]00155988 adware/fastlook Adware No 0 Yes No hkey_current_user\software\toolband[/FONT]
    [FONT=&quot]00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@revenue[2].txt[/FONT]
    [FONT=&quot]00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@findwhat[1].txt[/FONT]
    [FONT=&quot]00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@kinghost[1].txt[/FONT]
    [FONT=&quot]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.com.com/][/FONT]
    [FONT=&quot]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.com.com/][/FONT]
    [FONT=&quot]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@com[1].txt[/FONT]
    [FONT=&quot]00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.yadro.ru/][/FONT]
    [FONT=&quot]00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.yadro.ru/][/FONT]
    [FONT=&quot]00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@yadro[1].txt[/FONT]
    [FONT=&quot]00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@stats1.clicktracks[1].txt[/FONT]
    [FONT=&quot]00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@landing.domainsponsor[1].txt[/FONT]
    [FONT=&quot]00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@webpower[2].txt[/FONT]
    [FONT=&quot]00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@xiti[1].txt[/FONT]
    [FONT=&quot]00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.xiti.com/][/FONT]
    [FONT=&quot]00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter3.sextracker[2].txt[/FONT]
    [FONT=&quot]00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@hotlog[2].txt[/FONT]
    [FONT=&quot]00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@gostats[1].txt[/FONT]
    [FONT=&quot]00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@azjmp[1].txt[/FONT]
    [FONT=&quot]00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@toplist[1].txt[/FONT]
    [FONT=&quot]00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.toplist.cz/][/FONT]
    [FONT=&quot]00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.statcounter.com/][/FONT]
    [FONT=&quot]00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@statcounter[1].txt[/FONT]
    [FONT=&quot]00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter9.sextracker[1].txt[/FONT]
    [FONT=&quot]00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter.hitslink[1].txt[/FONT]
    [FONT=&quot]00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter8.sextracker[2].txt[/FONT]
    [FONT=&quot]00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter13.sextracker[1].txt[/FONT]
    [FONT=&quot]00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter1.sextracker[1].txt[/FONT]
    [FONT=&quot]00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter7.sextracker[2].txt[/FONT]
    [FONT=&quot]00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter15.sextracker[1].txt[/FONT]
    [FONT=&quot]00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter6.sextracker[1].txt[/FONT]
    [FONT=&quot]00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@club.cdfreaks[3].txt[/FONT]
    [FONT=&quot]00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@perf.overture[1].txt[/FONT]
    [FONT=&quot]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ad.yieldmanager[5].txt[/FONT]
    [FONT=&quot]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[ad.yieldmanager.com/][/FONT]
    [FONT=&quot]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ad.yieldmanager[3].txt[/FONT]
    [FONT=&quot]00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter10.sextracker[1].txt[/FONT]
    [FONT=&quot]00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter4.sextracker[1].txt[/FONT]
    [FONT=&quot]00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@apmebf[2].txt[/FONT]
    [FONT=&quot]00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@burstnet[2].txt[/FONT]
    [FONT=&quot]00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@versiontracker[1].txt[/FONT]
    [FONT=&quot]00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.versiontracker.com/][/FONT]
    [FONT=&quot]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/][/FONT]
    [FONT=&quot]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/][/FONT]
    [FONT=&quot]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/][/FONT]
    [FONT=&quot]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/][/FONT]
    [FONT=&quot]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@serving-sys[1].txt[/FONT]
    [FONT=&quot]00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[bs.serving-sys.com/][/FONT]
    [FONT=&quot]00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bs.serving-sys[2].txt[/FONT]
    [FONT=&quot]00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www.burstbeacon[1].txt[/FONT]
    [FONT=&quot]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
    [FONT=&quot]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
    [FONT=&quot]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
    [FONT=&quot]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
    [FONT=&quot]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
    [FONT=&quot]00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@cdfreaks[2].txt[/FONT]
    [FONT=&quot]00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adtech[1].txt[/FONT]
    [FONT=&quot]00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@server.iad.liveperson[2].txt[/FONT]
    [FONT=&quot]00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[stat.onestat.com/][/FONT]
    [FONT=&quot]00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.stat.onestat.com/][/FONT]
    [FONT=&quot]00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[stat.onestat.com/][/FONT]
    [FONT=&quot]00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@stat.onestat[1].txt[/FONT]
    [FONT=&quot]00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@fl01.ct2.comclick[1].txt[/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@advertising[1].txt[/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
    [FONT=&quot]00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@sextracker[2].txt[/FONT]
    [FONT=&quot]00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@media.adrevolver[3].txt[/FONT]
    [FONT=&quot]00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@statse.webtrendslive[2].txt[/FONT]
    [FONT=&quot]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ads.pointroll[1].txt[/FONT]
    [FONT=&quot]00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@overture[2].txt[/FONT]
    [FONT=&quot]00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.realmedia.com/][/FONT]
    [FONT=&quot]00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@realmedia[1].txt[/FONT]
    [FONT=&quot]00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.realmedia.com/][/FONT]
    [FONT=&quot]00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@questionmarket[2].txt[/FONT]
    [FONT=&quot]00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@zedo[2].txt[/FONT]
    [FONT=&quot]00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.zedo.com/][/FONT]
    [FONT=&quot]00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.zedo.com/][/FONT]
    [FONT=&quot]00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bluestreak[1].txt[/FONT]
    [FONT=&quot]00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.bluestreak.com/][/FONT]
    [FONT=&quot]00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter2.sextracker[1].txt[/FONT]
    [FONT=&quot]00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@xxxcounter[2].txt[/FONT]
    [FONT=&quot]00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@phg.hitbox[1].txt[/FONT]
    [FONT=&quot]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.adrevolver.com/][/FONT]
    [FONT=&quot]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.adrevolver.com/][/FONT]
    [FONT=&quot]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adrevolver[2].txt[/FONT]
    [FONT=&quot]00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bravenet[1].txt[/FONT]
    [FONT=&quot]00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adultfriendfinder[1].txt[/FONT]
    [FONT=&quot]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@go[2].txt[/FONT]
    [FONT=&quot]00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.www48.seeq.com/][/FONT]
    [FONT=&quot]00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@searchportal.information[2].txt[/FONT]
    [FONT=&quot]00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter14.sextracker[1].txt[/FONT]
    [FONT=&quot]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@target[1].txt[/FONT]
    [FONT=&quot]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/][/FONT]
    [FONT=&quot]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/][/FONT]
    [FONT=&quot]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.target.com/][/FONT]
    [FONT=&quot]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/][/FONT]
    [FONT=&quot]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.target.com/][/FONT]
    [FONT=&quot]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@did-it[1].txt[/FONT]
    [FONT=&quot]00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www2.addfreestats[1].txt[/FONT]
    [FONT=&quot]00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.atwola.com/][/FONT]
    [FONT=&quot]00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@atwola[1].txt[/FONT]
    [FONT=&quot]00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@smartadserver[1].txt[/FONT]
    [FONT=&quot]00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www3.addfreestats[1].txt[/FONT]
    [FONT=&quot]00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www6.addfreestats[2].txt[/FONT]
    [FONT=&quot]00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ads.addynamix[2].txt[/FONT]
    [FONT=&quot]01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP35\A0021793.EXE[/FONT]
    [FONT=&quot]01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@enhance[2].txt[/FONT]
    [FONT=&quot]01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.enhance.com/][/FONT]
    [FONT=&quot]01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.goclick.com/][/FONT]
    [FONT=&quot]01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@goclick[1].txt[/FONT]
    [FONT=&quot]01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.goclick.com/][/FONT]
    [FONT=&quot]01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adserver.easyad[1].txt[/FONT]
    [FONT=&quot]02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter12.sextracker[2].txt[/FONT]
    [FONT=&quot]02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP35\A0021745.sys[/FONT]
    [FONT=&quot]02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP36\A0021895.sys[/FONT]
    [FONT=&quot]02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@advancedcleaner[1].txt[/FONT]
    [FONT=&quot]02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006290.SYS[/FONT]
    [FONT=&quot]02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP13\A0006003.sys[/FONT]
    [FONT=&quot]02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006291.sys[/FONT]
    [FONT=&quot]03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP34\A0021435.exe[/FONT]
    [FONT=&quot]03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP34\A0021442.exe[/FONT]
    [FONT=&quot]03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP33\A0021151.exe[/FONT]
    [FONT=&quot]03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP33\A0021150.exe[/FONT]
    [FONT=&quot]03834535 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006316.sys[/FONT]
    [FONT=&quot]03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006304.sys[/FONT]
    [FONT=&quot];===================================================================================================================================================================================[/FONT]
    [FONT=&quot]SUSPECTS[/FONT]
    [FONT=&quot]Sent Location ^[/FONT]
    [FONT=&quot];===================================================================================================================================================================================[/FONT]
    [FONT=&quot]No C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe[32788R22FWJFW\psexec.cfexe] ^[/FONT]
    [FONT=&quot]No K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe ^[/FONT]
    [FONT=&quot];===================================================================================================================================================================================[/FONT]
    [FONT=&quot]VULNERABILITIES[/FONT]
    [FONT=&quot]Id Severity Description ^[/FONT]
    [FONT=&quot];===================================================================================================================================================================================[/FONT]
    [FONT=&quot];===================================================================================================================================================================================[/FONT]
  • edited October 2008
    [FONT=&quot]No K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe ^

    Just a screen capture utility.
    [/FONT]
  • edited October 2008
    Information
    No K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe ^

    Just a screen capture utility.

    But why does Panda flag it ???
    Let's see what the others say


    Step 1


    Submit a File For Analysis
    We need to have the files below Scanned by Uploading them/it to Virus Total

    Please visit Virustotal
    Copy/paste the the following file path into the window
    K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe
    Click Submit/Send File
    Please post back, to let me know the results.

    If Virustotal is too busy please try Jotti


    Step 2



    OTMoveIt
    Please download OTMoveIt3 by OldTimer and save it to your desktop
    • Double-click OTMoveIt3.exe to run it.
    • Copy the lines in the codebox below. ( Make sure you include :Files )
    :File
    c:\documents and settings\tkv\favorites\adult
    :Commands
    [EmptyTemp]
    :Reg
    [-hkey_current_user\software\toolband]
    [-HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}]
    [-hkey_local_machine\software\classes\runmsc.loader]
    [-hkey_local_machine\software\classes\runmsc.loader.1]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}]
    
    
    • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTMoveIt3


    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




    Step 3

    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    • Virus Total Results
    • OTMI Log
  • edited October 2008
    File 5Clicks_ScreenCapture.exe received on 10.27.2008 03:00:36 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    loader.gif
    Result: 8/36 (22.23%)

    Loading server information...
    Your file is queued in position: 1.
    Estimated start time is between 40 and 57 seconds.
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    compress-icon.pngCompact
    [URL="javascript:window.print()"]Print results[/URL] print-icon.png

    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:



    Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.27-AntiVir7.9.0.92008.10.27-Authentium5.1.0.42008.10.26-Avast4.8.1248.02008.10.27-AVG8.0.0.1612008.10.27-BitDefender7.22008.10.27-CAT-QuickHeal9.502008.10.25(Suspicious) - DNAScanClamAV0.93.12008.10.27-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.26Suspicious FileeTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.26-F-Prot4.4.4.562008.10.26-F-Secure8.0.14332.02008.10.27-Fortinet3.113.0.02008.10.26-GData192008.10.27-IkarusT3.1.1.44.02008.10.27Virus.Win32.NotimeK7AntiVirus7.10.5082008.10.26-Kaspersky7.0.0.1252008.10.27-McAfee54152008.10.25-Microsoft1.40052008.10.27-NOD3235572008.10.26-Norman5.80.022008.10.24-Panda9.0.0.42008.10.26Suspicious filePCTools4.4.2.02008.10.26-Prevx1V22008.10.27-Rising21.00.62.002008.10.26-SecureWeb-Gateway6.7.62008.10.27Win32.Malware.gen (suspicious)Sophos4.35.02008.10.26Sus/UnkPackerSunbelt3.1.1753.12008.10.25-Symantec102008.10.27Packed.Generic.70TheHacker6.3.1.1.1302008.10.27-TrendMicro8.700.0.10042008.10.24PAK_Generic.001VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.26- Additional information File size: 70912 bytesMD5...: fc763f6b6aa29fb10b9eaed8d7f708c4SHA1..: 2023ca4b2ee225596aa23d3832af727d70bb3612SHA256: c988a926c03b98d5f10b1ea7097aab8e9ad5201839cf77298e2da4ef01d7009dSHA512: 6d173e71892b987676c9dfe677aa8a3cd55a6263b729a8332b7d3e67adf38341
    26dbc208e7438bc25dd571fbf7f3b225cba3ef44713a6e99fa88c9f5abe1479cPEiD..: UPX + ECLiPSE layerTrID..: File type identification
    Generic Win/DOS Executable (49.9%)
    DOS Executable Generic (49.8%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x44f000
    timedatestamp.....: 0x404f5fa2 (Wed Mar 10 18:34:10 2004)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    KGP 0x1000 0x3d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    KGP 0x3e000 0x10000 0x10000 7.91 559a37118537d00febf9ebf02359a3e7
    KGP 0x4e000 0x1000 0xe00 5.00 aa45598abe3351077271b64b52f3b616
    KGP 0x4f000 0x300 0x300 4.47 2004f5798f3008e5fd76b90a9d0f9609

    ( 7 imports )
    > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
    > GDI32.dll: BitBlt
    > MSVCRT.dll: exit
    > ole32.dll: CreateStreamOnHGlobal
    > OLEAUT32.dll: -
    > USER32.dll: GetDC
    > WINMM.dll: waveOutOpen

    ( 0 exports )
    packers (F-Prot): UPX
  • edited October 2008
    Error: Unable to interpret <:File> in the current context!
    Error: Unable to interpret <c:\documents and settings\tkv\favorites\adult> in the current context!
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\BCGB.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\BCGC.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\etilqs_iFUZUwXziHQjdFb9LaNg scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    ========== REGISTRY ==========
    Registry key hkey_current_user\software\toolband\\ not found.
    Registry key HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\\ deleted successfully.
    Registry key hkey_local_machine\software\classes\runmsc.loader\\ deleted successfully.
    Registry key hkey_local_machine\software\classes\runmsc.loader.1\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\\ not found.

    OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_220734
  • edited October 2008
    Removed McAfee, trying Comodo!
  • edited October 2008
    Personally, I would remove 5Clicks_ScreenCapture.exe but it is your choice.

    OTMoveIt
    • Double-click OTMoveIt3.exe to run it.
    • Copy the lines in the codebox below. ( Make sure you include :Files )
    :Files
    c:\documents and settings\tkv\favorites\adult
    
    
    • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTMoveIt3


    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • edited October 2008
    ========== FILES ==========
    c:\documents and settings\tkv\favorites\Adult moved successfully.

    OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10272008_191952
  • edited October 2008
    Congratulations your logs look clean :)

    Let's see if I can help you keep it that way

    First lets tidy up



    • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
      • CF_Cleanup.png

    You can also delete any logs we have produced, and empty your Recycle bin.


    Open OTMoveIt Click Cleanup,
    it will now connect to the internet and get a list of files to delete.
    When a box pops up click YES.



    The following is some info to help you stay safe and clean.
    ( Vista users must ensure that any programs are Vista compatible BEFORE installing )

    You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

    Online Scanners
    I would recommend a scan at one or more of the following sites at least once a month.

    http://www.pandasecurity.com/activescan
    http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

    !!! Make sure that all your programs are updated !!!
    Secunia Software Inspector does all the work for you, .... see HERE for details

    AntiSpyware
      AntiSpyware is
    not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
    [*]Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

    [*] MalwareBytes Anti-malware <<< A New and effective program
    [*]a-squared Free <<< A good "realtime" or "on demand" scanner
    [*]superantispyware <<< A good "realtime" or "on demand" scanner



    Prevention
      These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one
    • Winpatrol
      • An excellent startup manager and then some !!
      • Notifies you if programs are added to startup
      • Allows delayed startup
      • A must have addition
    • SpywareBlaster 4.0
      • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    • SpywareGuard 2.2
      • SpywareGuard provides real-time protection against spyware.
      • Not required if you have other "realtime" antispyware or Winpatrol
    • ZonedOut
      • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
    • MVPS HOSTS
      • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
      • For information on how to download and install, please read this tutorial by WinHelp2002.
      • Not required if you are using other host file protections


    Internet Browsers
      Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.

    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available



    Cleaning Temporary Internet Files and Tracking Cookies
      Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program
    • ATF Cleaner
      • Free and very simple to use
    • CCleaner
      • Free and very flexible, you can chose which cookies to keep


    Also PLEASE read this article.....So How Did I Get Infected In The First Place

    The last and most important thing I can tell you is UPDATE.
    If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

    If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


    If you could post back one more time to let me know everything is OK, then I can have this thread archived.

    Happy surfing K'
Sign In or Register to comment.