Options
AntiXPSpyware2008
I got hammered by this messy program.
Ran Malwarebyte's program....but I still do not have a wireless network.
McAfee won't come back on line since (and McAfee can't help).
Ran the LSFixx program and it says it's fine.
Ran Hijackthis and here is the output:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:14, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PictureShare\PSClient.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;*.local
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NcpBudget] "C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" autorun
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe" /RunKey
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PictureShare.net Startup.lnk = C:\Program Files\PictureShare\PSClient.exe
O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167533093671
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F42E266-8B81-4F3D-98EF-40A356C65D51}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ncpclcfg - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 16174 bytes
If anyone can help, I would GREATLY appreciate it.
TK Vanacoro
wpcphd@verizon.net
Ran Malwarebyte's program....but I still do not have a wireless network.
McAfee won't come back on line since (and McAfee can't help).
Ran the LSFixx program and it says it's fine.
Ran Hijackthis and here is the output:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:14, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PictureShare\PSClient.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;*.local
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NcpBudget] "C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" autorun
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe" /RunKey
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PictureShare.net Startup.lnk = C:\Program Files\PictureShare\PSClient.exe
O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167533093671
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F42E266-8B81-4F3D-98EF-40A356C65D51}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (mcsysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ncpclcfg - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 16174 bytes
If anyone can help, I would GREATLY appreciate it.
TK Vanacoro
wpcphd@verizon.net
0
Comments
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
Download and Run RSIT
Run by TKV at 2008-10-25 18:59:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (11%) free of 149 GB
Total RAM: 3070 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:03, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PictureShare\PSClient.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TKV\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TKV.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;*.local
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NcpBudget] "C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe"
O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" autorun
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe" /RunKey
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IECHECK.EXE] C:\WINDOWS\iecheck.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PictureShare.net Startup.lnk = C:\Program Files\PictureShare\PSClient.exe
O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167533093671
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F42E266-8B81-4F3D-98EF-40A356C65D51}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (mcnasvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (mcods) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (mcshield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (mpfservice) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (msk80service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ncpclcfg - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 16334 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Disk Defragmentor.job
C:\WINDOWS\tasks\McAfee SecurityCenter.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2008-07-09 246088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 135168]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"P17Helper"=Rundll32 P17.dll []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"HDInspector.exe"=C:\Program Files\Hard Drive Inspector\HDInspector.exe [2007-05-16 992784]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248]
"Iomega Automatic Backup 1.0.1"=C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe [2002-10-15 3014656]
"Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"NcpBudget"=C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe [2006-12-01 228352]
"NcpPopup"=C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe [2007-11-07 535040]
"NcpMonitor"=C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe [2007-11-13 3451904]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2008-07-10 5129504]
"McAfeeUpdate"=C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe /RunKey []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"IECHECK.EXE"=C:\WINDOWS\iecheck.exe [2004-04-09 91136]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1 []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Iomega Automatic Backup"=C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe [2002-10-15 3014656]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-10 67128]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-09-15 3061248]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2008-06-09 2645528]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-10-08 289088]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe
Trillian.lnk - C:\Program Files\Trillian\trillian.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"=C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 69632]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mpfservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL Fanfare\abia.exe"="C:\Program Files\AOL Fanfare\abia.exe:*:Enabled:abia"
"C:\Program Files\AOL Fanfare\ACSConfig.exe"="C:\Program Files\AOL Fanfare\ACSConfig.exe:*:Enabled:ACSConfig"
"C:\Program Files\AOL Fanfare\ac_abook.exe"="C:\Program Files\AOL Fanfare\ac_abook.exe:*:Enabled:ac_abook"
"C:\Program Files\AOL Fanfare\ac_abookd.exe"="C:\Program Files\AOL Fanfare\ac_abookd.exe:*:Enabled:ac_abookd"
"C:\Program Files\AOL Fanfare\ac_authd.exe"="C:\Program Files\AOL Fanfare\ac_authd.exe:*:Enabled:ac_authd"
"C:\Program Files\AOL Fanfare\ac_calendar.exe"="C:\Program Files\AOL Fanfare\ac_calendar.exe:*:Enabled:ac_calendar"
"C:\Program Files\AOL Fanfare\ac_help.exe"="C:\Program Files\AOL Fanfare\ac_help.exe:*:Enabled:ac_help"
"C:\Program Files\AOL Fanfare\ac_idmgr.exe"="C:\Program Files\AOL Fanfare\ac_idmgr.exe:*:Enabled:ac_idmgr"
"C:\Program Files\AOL Fanfare\ac_im.exe"="C:\Program Files\AOL Fanfare\ac_im.exe:*:Enabled:ac_im"
"C:\Program Files\AOL Fanfare\ac_launch.exe"="C:\Program Files\AOL Fanfare\ac_launch.exe:*:Enabled:ac_launch"
"C:\Program Files\AOL Fanfare\ac_mail.exe"="C:\Program Files\AOL Fanfare\ac_mail.exe:*:Enabled:ac_mail"
"C:\Program Files\AOL Fanfare\ac_secdbm.exe"="C:\Program Files\AOL Fanfare\ac_secdbm.exe:*:Enabled:ac_secdbm"
"C:\Program Files\AOL Fanfare\strunner.exe"="C:\Program Files\AOL Fanfare\strunner.exe:*:Enabled:strunner"
"C:\Program Files\AOL Fanfare\Sidebar\contentbrowser.exe"="C:\Program Files\AOL Fanfare\Sidebar\contentbrowser.exe:*:Enabled:contentbrowser"
"C:\Program Files\AOL Fanfare\Sidebar\sidebar.exe"="C:\Program Files\AOL Fanfare\Sidebar\sidebar.exe:*:Enabled:sidebar"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\Program Files\Palm\Hotsync.exe"="C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\WS_FTP Pro\wsftpgui.exe"="C:\Program Files\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe:*:Disabled:AOL Services"
"C:\Program Files\AOL Fanfare\Sidebar\aoldiag.exe"="C:\Program Files\AOL Fanfare\Sidebar\aoldiag.exe:*:Disabled:AOLDiag"
"C:\Program Files\AOL Fanfare\AOLDiag.exe"="C:\Program Files\AOL Fanfare\AOLDiag.exe:*:Disabled:AOLDiag"
"C:\Program Files\Common Files\AOL\EE\AOLHostManager.exe"="C:\Program Files\Common Files\AOL\EE\AOLHostManager.exe:*:Disabled:AOLHostManager"
"C:\Program Files\AOL Fanfare\ActiveX\AOLMediaPlaybackControl.exe"="C:\Program Files\AOL Fanfare\ActiveX\AOLMediaPlaybackControl.exe:*:Disabled:AOLMediaPlaybackControl"
"C:\Program Files\Common Files\AOL\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\EE\AOLServiceHost.exe:*:Disabled:AOLServiceHost"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\CentraOne\bin\launcher.exe"="C:\Program Files\CentraOne\bin\launcher.exe:*:Disabled:CentraOne Launcher"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\setup\hppniprint01.exe"="D:\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"D:\setup\HPPNIPRINT64.EXE"="D:\setup\HPPNIPRINT64.EXE:*:Enabled:hppniprint64.exe"
"D:\setup\HPPNICIFS01.EXE"="D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
"D:\setup\HPNTWKEXE.EXE"="D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe"="C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke"
"C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe"="C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe"="C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe"="C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\WatchGuard\Mobile VPN\NCPMON.exe"="C:\Program Files\WatchGuard\Mobile VPN\NCPMON.exe:*:Enabled:ncpmon.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124402137\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe"="C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke"
"C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe"="C:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe"="C:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe"="C:\Program Files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
shell\AutoRun\command - F:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2008-10-25 18:48:12 ----D---- C:\rsit
2008-10-25 14:57:20 ----A---- C:\ccsetup212.exe
2008-10-25 14:43:43 ----A---- C:\fixccs.exe
2008-10-25 14:41:59 ----A---- C:\WindowsXP-KB953979-x86-ENU.exe
2008-10-25 14:36:17 ----D---- C:\Program Files\Trend Micro
2008-10-24 18:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 21:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 21:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 21:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 21:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 21:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 22:42:17 ----D---- C:\WINDOWS\Prefetch
2008-10-13 22:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-13 22:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-13 22:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-13 22:29:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-13 22:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-13 22:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-13 22:28:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-13 22:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-13 22:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-13 22:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-13 22:21:43 ----A---- C:\WINDOWS\setuplog.txt
2008-10-13 22:08:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-13 21:39:55 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-13 21:39:41 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-13 21:39:41 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-13 21:39:23 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-13 21:39:17 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-13 21:39:14 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-13 21:39:13 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-13 21:39:12 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-13 21:39:06 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-13 21:38:53 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-13 21:38:51 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-10-13 21:38:48 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-13 21:38:48 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-13 21:38:27 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-13 21:38:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-13 21:38:12 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-13 21:38:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-13 21:38:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-13 21:38:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-13 21:38:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-13 21:37:59 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-10-13 21:37:58 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-10-13 21:37:39 ----A---- C:\WINDOWS\003827_.tmp
2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-13 21:37:37 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-13 21:37:36 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-13 21:37:32 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-13 21:37:29 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-13 21:37:29 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-13 21:37:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-13 21:37:24 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-13 21:37:16 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-13 21:37:16 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-13 21:37:04 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-13 18:35:01 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-13 18:33:15 ----A---- C:\WINDOWS\system32\ncpgina1.dll
2008-10-13 18:29:54 ----D---- C:\Program Files\Common Files\McAfee
2008-10-13 18:29:53 ----D---- C:\Program Files\McAfee.com
2008-10-13 18:29:42 ----D---- C:\Program Files\McAfee
2008-10-13 13:44:58 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-13 10:26:02 ----A---- C:\FCM1E11.tmp
2008-10-13 10:26:02 ----A---- C:\FCM1E10.tmp
2008-10-13 10:26:02 ----A---- C:\FCM1E0F.tmp
2008-10-13 10:26:02 ----A---- C:\FCM1E0E.tmp
2008-10-13 10:26:01 ----A---- C:\FCM1E0D.tmp
2008-10-13 10:09:28 ----D---- C:\Program Files\Citrix
2008-10-12 09:27:45 ----A---- C:\FCM1600.tmp
2008-10-12 09:27:45 ----A---- C:\FCM15FF.tmp
2008-10-12 09:27:45 ----A---- C:\FCM15FE.tmp
2008-10-12 09:27:45 ----A---- C:\FCM15FD.tmp
2008-10-11 01:12:28 ----A---- C:\FCM9B0.tmp
2008-10-11 01:12:26 ----A---- C:\FCM9AE.tmp
2008-10-08 21:25:55 ----D---- C:\Documents and Settings\TKV\Application Data\Malwarebytes
2008-10-08 21:25:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 21:25:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 19:32:57 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-08 18:31:39 ----A---- C:\WINDOWS\yhyxoci.dll
2008-10-08 18:31:39 ----A---- C:\Documents and Settings\All Users\Application Data\otyr.com
2008-10-08 18:31:38 ----A---- C:\Program Files\Common Files\koze.bat
2008-10-08 18:31:38 ----A---- C:\Program Files\Common Files\ipyg.vbs
2008-10-08 18:21:10 ----A---- C:\p2hhr.bat
2008-10-08 18:09:32 ----D---- C:\Documents and Settings\All Users\Application Data\qrebkvyx
2008-10-05 13:06:22 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:05:18 ----D---- C:\Program Files\Bonjour
======List of files/folders modified in the last 1 months======
2008-10-25 18:50:05 ----D---- C:\WINDOWS\Temp
2008-10-25 18:49:26 ----D---- C:\Documents and Settings\TKV\Application Data\DNA
2008-10-25 18:42:27 ----D---- C:\Documents and Settings\TKV\Application Data\BitTorrent
2008-10-25 18:24:09 ----D---- C:\WINDOWS
2008-10-25 17:35:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-25 15:52:49 ----D---- C:\Program Files\Mozilla Firefox
2008-10-25 15:33:39 ----SHD---- C:\WINDOWS\Installer
2008-10-25 15:05:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-25 14:36:17 ----AD---- C:\Program Files
2008-10-25 13:54:40 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-25 13:49:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 13:47:39 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2008-10-25 13:47:38 ----A---- C:\WINDOWS\ModemLog_Nokia N95 Bluetooth Modem.txt
2008-10-25 13:47:34 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2008-10-25 13:43:58 ----D---- C:\Program Files\Trillian
2008-10-24 22:35:09 ----HD---- C:\WINDOWS\INF
2008-10-24 22:10:44 ----D---- C:\WINDOWS\SYSTEM32
2008-10-24 18:37:43 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-24 18:37:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 18:34:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 21:00:22 ----SHD---- C:\Config.Msi
2008-10-19 11:06:55 ----D---- C:\Program Files\MSECache
2008-10-19 10:54:39 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2008-10-19 10:54:35 ----D---- C:\WINDOWS\WinSxS
2008-10-19 10:54:02 ----D---- C:\Program Files\Nokia
2008-10-19 10:53:51 ----D---- C:\Program Files\Common Files\Nokia
2008-10-15 21:05:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 21:04:45 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 21:04:12 ----D---- C:\Program Files\Internet Explorer
2008-10-15 21:04:04 ----D---- C:\WINDOWS\ie7updates
2008-10-15 21:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 22:54:56 ----D---- C:\Program Files\Messenger
2008-10-13 22:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-13 22:47:46 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-13 22:41:25 ----D---- C:\WINDOWS\system32\Setup
2008-10-13 22:41:25 ----D---- C:\WINDOWS\IME
2008-10-13 22:41:25 ----D---- C:\WINDOWS\AppPatch
2008-10-13 22:41:24 ----D---- C:\WINDOWS\system32\WBEM
2008-10-13 22:41:24 ----D---- C:\Program Files\Outlook Express
2008-10-13 22:41:24 ----D---- C:\Program Files\Common Files\System
2008-10-13 22:41:23 ----RSD---- C:\WINDOWS\Fonts
2008-10-13 22:27:22 ----D---- C:\WINDOWS\SECURITY
2008-10-13 22:20:09 ----D---- C:\WINDOWS\system32\INETSRV
2008-10-13 22:20:08 ----D---- C:\WINDOWS\network diagnostic
2008-10-13 22:20:08 ----D---- C:\WINDOWS\Help
2008-10-13 22:19:57 ----D---- C:\WINDOWS\system32\USMT
2008-10-13 22:19:57 ----D---- C:\WINDOWS\system32\en-US
2008-10-13 22:19:56 ----D---- C:\WINDOWS\system32\scripting
2008-10-13 22:19:54 ----D---- C:\WINDOWS\system32\en
2008-10-13 22:19:54 ----D---- C:\WINDOWS\l2schemas
2008-10-13 22:19:53 ----D---- C:\WINDOWS\system32\bits
2008-10-13 22:19:53 ----D---- C:\WINDOWS\peernet
2008-10-13 22:19:52 ----D---- C:\Program Files\Movie Maker
2008-10-13 22:16:35 ----D---- C:\WINDOWS\system32\Restore
2008-10-13 22:16:35 ----D---- C:\WINDOWS\system32\NPP
2008-10-13 22:16:35 ----D---- C:\WINDOWS\MUI
2008-10-13 22:16:34 ----D---- C:\WINDOWS\MSAGENT
2008-10-13 22:16:32 ----D---- C:\WINDOWS\SRCHASST
2008-10-13 22:16:32 ----D---- C:\Program Files\NetMeeting
2008-10-13 22:16:30 ----D---- C:\WINDOWS\system32\Com
2008-10-13 22:16:28 ----D---- C:\Program Files\Windows Media Player
2008-10-13 22:16:27 ----D---- C:\Program Files\Windows NT
2008-10-13 22:16:11 ----D---- C:\WINDOWS\system32\OOBE
2008-10-13 22:16:09 ----D---- C:\WINDOWS\SYSTEM
2008-10-13 22:12:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-13 22:08:12 ----D---- C:\WINDOWS\EHome
2008-10-13 18:56:31 ----D---- C:\Program Files\Registry Mechanic
2008-10-13 18:33:56 ----A---- C:\WINDOWS\WIN.INI
2008-10-13 18:30:06 ----SD---- C:\WINDOWS\Tasks
2008-10-13 18:29:54 ----D---- C:\Program Files\Common Files
2008-10-13 16:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-13 16:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-13 16:37:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-13 16:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-13 16:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-13 16:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-13 13:26:32 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-12 19:42:55 ----D---- C:\Garmin
2008-10-12 16:56:21 ----D---- C:\WINDOWS\Registration
2008-10-12 16:54:39 ----RSD---- C:\WINDOWS\assembly
2008-10-12 16:54:01 ----D---- C:\WINDOWS\system32\URTTemp
2008-10-11 16:00:52 ----AC---- C:\WINDOWS\wbocx.ini
2008-10-10 23:56:45 ----D---- C:\Documents and Settings\TKV\Application Data\LimeWire
2008-10-08 18:03:27 ----D---- C:\Program Files\DU Meter
2008-10-08 18:02:35 ----D---- C:\Program Files\DNA
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 20:11:25 ----D---- C:\Documents and Settings\TKV\Application Data\EditPlus 3
2008-10-05 18:58:45 ----D---- C:\Program Files\WinRAR
2008-10-05 13:06:45 ----D---- C:\Program Files\iTunes
2008-10-05 13:06:24 ----D---- C:\Program Files\iPod
2008-10-05 13:04:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-05 13:04:42 ----D---- C:\Program Files\Common Files\Apple
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-29 266295]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
R2 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-05-13 189968]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 73852]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [2008-05-02 121360]
R2 Logitech Easy Synchronization;Logitech Easy Synchronization; C:\Program Files\Logitech\Easy Synchronization\servicestub.exe [2005-10-05 65536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]
R2 mcnasvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 mcshield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mpfservice;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 msk80service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-07-09 25416]
R2 ncpclcfg;ncpclcfg; C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
R2 ncprwsnt;ncprwsnt; C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
R2 NcpSec;NcpSec; C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
R2 rwsrsu;RwsRsu; C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2006-12-14 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 InterBaseServer;InterBase Server; C:\Program Files\Borland\Interbase\bin\ibserver.exe []
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2008-07-10 66848]
S3 mcods;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 InterBaseGuardian;InterBase Guardian; C:\Program Files\Borland\Interbase\bin\ibguard.exe []
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 IomegaAccess;IomegaAccess; C:\WINDOWS\System32\iomegaaccess.exe /S []
S4 mcsysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
EOF
[FONT="]info.txt logfile of random's system information tool 1.04 2008-10-25 18:48:17[/FONT]
[FONT="] [/FONT]
[FONT="]======Uninstall list======[/FONT]
[FONT="] [/FONT]
[FONT="]-->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S [/FONT]
[FONT="]-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0[/FONT]
[FONT="]-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER[/FONT]
[FONT="]-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03DA-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 [/FONT]
[FONT="]-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove[/FONT]
[FONT="]-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}[/FONT]
[FONT="]2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}[/FONT]
[FONT="]5 Clicks-->MsiExec.exe /I{63FEE65A-366B-47BC-A696-925A12ABF525}[/FONT]
[FONT="]Adobe Acrobat 8.1.2 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}[/FONT]
[FONT="]Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}[/FONT]
[FONT="]Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe[/FONT]
[FONT="]Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe[/FONT]
[FONT="]Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log[/FONT]
[FONT="]Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}[/FONT]
[FONT="]Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}[/FONT]
[FONT="]ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" [/FONT]
[FONT="]ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean[/FONT]
[FONT="]BalanceLog-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A95EA5A4-8A64-40F9-A192-EAFD2C2C1203}\setup.exe" -l0x9 [/FONT]
[FONT="]Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}[/FONT]
[FONT="]Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033 [/FONT]
[FONT="]Calculator Pro-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Calculator Pro\gb40Unst.LOG" [/FONT]
[FONT="]CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}[/FONT]
[FONT="]Color Schemer Studio-->"C:\Program Files\Color Schemer Studio\unins000.exe"[/FONT]
[FONT="]Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Complete Control Suite-->MsiExec.exe /I{92F08885-8871-4630-B7A0-2C0A6AC45F29}[/FONT]
[FONT="]Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove/remove[/FONT]
[FONT="]DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC[/FONT]
[FONT="]DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER[/FONT]
[FONT="]Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE[/FONT]
[FONT="]dpeg Cicada-->C:\WINDOWS\iun507.exe C:\Program Files\SomeWare\dpeg v6\\irunin.ini[/FONT]
[FONT="]DU Meter-->"C:\Program Files\DU Meter\unins001.exe"[/FONT]
[FONT="]Easy Video Joiner 5.21-->"C:\Program Files\Easy Video Joiner\unins000.exe"[/FONT]
[FONT="]EditPlus 3-->C:\Program Files\EditPlus 3\remove.exe[/FONT]
[FONT="]FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"[/FONT]
[FONT="]Garmin Communicator Plugin-->MsiExec.exe /X{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}[/FONT]
[FONT="]Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}[/FONT]
[FONT="]Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}[/FONT]
[FONT="]Hard Drive Inspector Pro edition 2.33 build # 385-->C:\Program Files\Hard Drive Inspector\Uninst.exe[/FONT]
[FONT="]HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall[/FONT]
[FONT="]Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""[/FONT]
[FONT="]Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"[/FONT]
[FONT="]Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"[/FONT]
[FONT="]Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"[/FONT]
[FONT="]Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"[/FONT]
[FONT="]Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST[/FONT]
[FONT="]Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"[/FONT]
[FONT="]Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}[/FONT]
[FONT="]Iomega Automatic Backup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA} [/FONT]
[FONT="]Ipswitch WS_FTP Professional 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly[/FONT]
[FONT="]iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}[/FONT]
[FONT="]Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}[/FONT]
[FONT="]Karen's LAN Monitor-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\LanMon\ST6UNST.LOG" [/FONT]
[FONT="]KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}[/FONT]
[FONT="]LimeWire PRO 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"[/FONT]
[FONT="]LoanAmortizerPro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ConsultCommerce\LoanAmortizerPro\DeIsL1.isu" -c"C:\Program Files\ConsultCommerce\LoanAmortizerPro\_ISREG32.DLL"[/FONT]
[FONT="]Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL[/FONT]
[FONT="]Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly[/FONT]
[FONT="]Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"[/FONT]
[FONT="]McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe[/FONT]
[FONT="]Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"[/FONT]
[FONT="]Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}[/FONT]
[FONT="]Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}[/FONT]
[FONT="]Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}[/FONT]
[FONT="]Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}[/FONT]
[FONT="]Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe[/FONT]
[FONT="]Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}[/FONT]
[FONT="]Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"[/FONT]
[FONT="]Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"[/FONT]
[FONT="]Microsoft Digital Image Suite 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE VERSION=11[/FONT]
[FONT="]Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"[/FONT]
[FONT="]Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120[/FONT]
[FONT="]Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}[/FONT]
[FONT="]Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Live Meeting 2007-->MsiExec.exe /I{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}[/FONT]
[FONT="]Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL[/FONT]
[FONT="]Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Project Professional 2003-->MsiExec.exe /I{913B0409-6000-11D3-8CFE-0150048383C9}[/FONT]
[FONT="]Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}[/FONT]
[FONT="]Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}[/FONT]
[FONT="]Microsoft Outlook Personal Folders Backup-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}[/FONT]
[FONT="]Microsoft Outlook Web Access S/MIME-->MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}[/FONT]
[FONT="]Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"[/FONT]
[FONT="]Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}[/FONT]
[FONT="]Mobile Phone Suite Easy Synchronization-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x9 [/FONT]
[FONT="]Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe[/FONT]
[FONT="]MP3 Repair Tool v1.5.2-->"C:\Program Files\Aspect one\MP3 Repair Tool\unins000.exe"[/FONT]
[FONT="]Mp3Doctor & Mp3Doctor PRO-->"C:\Program Files\Mp3Doctor\unins001.exe"[/FONT]
[FONT="]MSC Editor-->MsiExec.exe /I{8D335ACB-C23D-48DD-9493-BF88BF7B9AE0}[/FONT]
[FONT="]MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}[/FONT]
[FONT="]MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}[/FONT]
[FONT="]MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}[/FONT]
[FONT="]MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}[/FONT]
[FONT="]MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}[/FONT]
[FONT="]MX-3000 Editor-->MsiExec.exe /X{0F8267D9-3E3D-4187-83AE-863207A935CC}[/FONT]
[FONT="]MX-850 Editor-->MsiExec.exe /I{8C9DCE36-A270-4740-8084-A27B48C2F83E}[/FONT]
[FONT="]MX-900 Editor-->MsiExec.exe /X{30C6798C-2BA6-47AC-AD99-F60F0EBF665D}[/FONT]
[FONT="]MX-950 Editor-->MsiExec.exe /X{B762B2A5-883B-454B-A586-1DF6C4528262}[/FONT]
[FONT="]Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe[/FONT]
[FONT="]Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}[/FONT]
[FONT="]Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}[/FONT]
[FONT="]Nokia MTP driver-->MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}[/FONT]
[FONT="]Nokia Multimedia Factory-->MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}[/FONT]
[FONT="]Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_eng.exe[/FONT]
[FONT="]Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}[/FONT]
[FONT="]Nokia Software Updater-->MsiExec.exe /X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}[/FONT]
[FONT="]palmOne-->MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}[/FONT]
[FONT="]Password Corral v4.0-->"C:\Program Files\Password Corral v4.02\unins000.exe"[/FONT]
[FONT="]PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}[/FONT]
[FONT="]PictureShare.net-->C:\PROGRA~1\PICTUR~1\UNWISE.EXE C:\PROGRA~1\PICTUR~1\INSTALL.LOG[/FONT]
[FONT="]QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}[/FONT]
[FONT="]RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0[/FONT]
[FONT="]Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log[/FONT]
[FONT="]R-Undelete 3.5-->C:\Program Files\R-Undelete\Uninstall.exe[/FONT]
[FONT="]Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}[/FONT]
[FONT="]Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}[/FONT]
[FONT="]Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}[/FONT]
[FONT="]Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}[/FONT]
[FONT="]Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}[/FONT]
[FONT="]Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}[/FONT]
[FONT="]Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}[/FONT]
[FONT="]Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}[/FONT]
[FONT="]Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}[/FONT]
[FONT="]Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"[/FONT]
[FONT="]Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"[/FONT]
[FONT="]SereneScreen Marine Aquarium 2.6-->"C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"[/FONT]
[FONT="]SetPointPatch-->MsiExec.exe /I{CE9DB414-A6E8-46D8-83CF-A3F6945D23E5}[/FONT]
[FONT="]Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9 [/FONT]
[FONT="]The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log[/FONT]
[FONT="]TreeSize Professional 5.1.1-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"[/FONT]
[FONT="]Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall[/FONT]
[FONT="]TX-1000 Editor-->MsiExec.exe /X{1B471546-EC64-47D0-8FAE-BF8E42BA80E3}[/FONT]
[FONT="]Update for Microsoft Office Outlook 2007 (KB950219)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {5C68AEA3-4D35-41C9-B4E4-21EAAA5A040A}[/FONT]
[FONT="]Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}[/FONT]
[FONT="]Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}[/FONT]
[FONT="]Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}[/FONT]
[FONT="]Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"[/FONT]
[FONT="]Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"[/FONT]
[FONT="]WatchGuard Mobile VPN-->C:\Program Files\WatchGuard\Mobile VPN\uninst.exe[/FONT]
[FONT="]WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}[/FONT]
[FONT="]WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}[/FONT]
[FONT="]Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"[/FONT]
[FONT="]Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf[/FONT]
[FONT="]Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf[/FONT]
[FONT="]Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}[/FONT]
[FONT="]Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"[/FONT]
[FONT="]Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"[/FONT]
[FONT="]Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll[/FONT]
[FONT="]Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"[/FONT]
[FONT="]Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall[/FONT]
[FONT="]Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"[/FONT]
[FONT="]Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}[/FONT]
[FONT="]Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"[/FONT]
[FONT="]WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe[/FONT]
[FONT="] [/FONT]
[FONT="]=====HijackThis Backups=====[/FONT]
[FONT="] [/FONT]
[FONT="]O23 - Service: IomegaAccess - Unknown owner - C:\WINDOWS\System32\iomegaaccess.exe (file missing)[/FONT]
[FONT="]O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - http://www.iilelearning.com/SiteRoots/main/Install/CentraDownloader.cab[/FONT]
[FONT="]O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\Interbase\bin\ibserver.exe (file missing)[/FONT]
[FONT="]O4 - HKLM\..\Run: [Auto EPSON PictureMate on BOBBIE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P32 "Auto EPSON PictureMate on BOBBIE" /O17 "\\BOBBIE\Printer4" /M "PictureMate"[/FONT]
[FONT="]O4 - HKLM\..\Run: [Auto EPSON PictureMate on DELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P30 "Auto EPSON PictureMate on DELL" /O15 "\\DELL\Printer4" /M "PictureMate"[/FONT]
[FONT="] [/FONT]
[FONT="]======Security center information======[/FONT]
[FONT="] [/FONT]
[FONT="]AV: McAfee VirusScan (disabled)[/FONT]
[FONT="]FW: McAfee Personal Firewall[/FONT]
[FONT="] [/FONT]
[FONT="]======Environment variables======[/FONT]
[FONT="] [/FONT]
[FONT="]"ComSpec"=%SystemRoot%\system32\cmd.exe[/FONT]
[FONT="]"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\[/FONT]
[FONT="]"windir"=%SystemRoot%[/FONT]
[FONT="]"OS"=Windows_NT[/FONT]
[FONT="]"PROCESSOR_ARCHITECTURE"=x86[/FONT]
[FONT="]"PROCESSOR_LEVEL"=15[/FONT]
[FONT="]"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel[/FONT]
[FONT="]"PROCESSOR_REVISION"=0304[/FONT]
[FONT="]"NUMBER_OF_PROCESSORS"=1[/FONT]
[FONT="]"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH[/FONT]
[FONT="]"TEMP"=%SystemRoot%\TEMP[/FONT]
[FONT="]"TMP"=%SystemRoot%\TEMP[/FONT]
[FONT="]"FP_NO_HOST_CHECK"=NO[/FONT]
[FONT="]"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip[/FONT]
[FONT="]"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip[/FONT]
[FONT="]"NcpClntInstallPath"=C:\Program Files\WatchGuard\Mobile VPN[/FONT]
[FONT="] [/FONT]
[FONT="]
EOF
[/FONT]
We need to have the files below Scanned by Uploading them/it to Virus Total
Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\system32\smtpapi.dll
Click Submit/Send File
Please post back, to let me know the results.
Please do the same for the following file
C:\WINDOWS\system32\rwnh.dll
C:\WINDOWS\system32\ncpgina1.dll
C:\WINDOWS\yhyxoci.dll
C:\WINDOWS\wbocx.ini
If Virustotal is too busy please try Jotti
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.
Double click on look.bat
Please be patient, as this will search the entire disc
Notepad will open, please copy/paste the results here.
MD5: f22ed2cd5e26514c6e8d21b5da4572a3 First received: - Date: 09.24.2008 10:33:43 (CET) [>31D] Results: 0/35 Permalink: analisis/a9a456a64b61e6f2de6962f90a5709a2
Result: 0/36 (0%)
Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 9728 bytesMD5...: 5d55defb3ab92bc43c4dfd06935fa0f1SHA1..: 632b9318f8a2d743f7d2c303ad8ebb64b19eff96SHA256: e5ef7d3e3a9e955ec7162b4b43096316faae8c3c68c660ce125bb4aaa0494343SHA512: 83b64ed372c84b3426c3477fa256bce878c9748a3b57b6e57501b68c54c2acb3
68b8123f5664e478f471f4424e2268eb18ec4ab2b6f044b3e996f23ab4aee442PEiD..: -TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)PEInfo: PE Structure information
Result: 0/36 (0%)
Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 10350 bytesMD5...: e5d08ae6e89328e5131490066643268cSHA1..: d0abe5154237ccbbde471f8376f3f4b4e03761bfSHA256: 8330bedc8669c4a5d2b57b2834726d0c70548f0c256fbad571b6ca45b478400eSHA512: 6ac30334cb5ca16026c1577ef6ec2988d6f93f0452bf98c405fda22ebaf68a6b
a0f230b6f39927d096c2c9c4a2f2006b698075f3ad0f4b27f5e74d7b6be36ea7PEiD..: -TrID..: File type identification
Adobe PhotoShop Brush (100.0%)PEInfo: -
Result: 0/36 (0%)
Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.25-AntiVir7.9.0.92008.10.25-Authentium5.1.0.42008.10.25-Avast4.8.1248.02008.10.25-AVG8.0.0.1612008.10.25-BitDefender7.22008.10.26-CAT-QuickHeal9.502008.10.25-ClamAV0.93.12008.10.25-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.23-eTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.25-F-Prot4.4.4.562008.10.25-F-Secure8.0.14332.02008.10.26-Fortinet3.113.0.02008.10.25-GData192008.10.26-IkarusT3.1.1.44.02008.10.25-K7AntiVirus7.10.5072008.10.25-Kaspersky7.0.0.1252008.10.26-McAfee54152008.10.25-Microsoft1.40052008.10.26-NOD3235552008.10.25-Norman5.80.022008.10.24-Panda9.0.0.42008.10.25-PCTools4.4.2.02008.10.25-Prevx1V22008.10.26-Rising21.00.52.002008.10.25-SecureWeb-Gateway6.7.62008.10.25-Sophos4.35.02008.10.26-Sunbelt3.1.1753.12008.10.25-Symantec102008.10.26-TheHacker6.3.1.1.1292008.10.25-TrendMicro8.700.0.10042008.10.24-VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.25- Additional information File size: 558 bytesMD5...: fa2e3a500e575cd5ddbe71fdb07c342aSHA1..: 24a022680c29338f3c77e4416b4fb863a99560c8SHA256: 7c2a0b57a406dc26acb83a4c385ab6aad5acc2509f87a90b15f4a0d9e3083967SHA512: 9ae29fe5387fb9687a85ea723a4e6909c946328fc1fedca147e434136a8a930f
aae94cdca984dd245fd7fef7e5e57a51c9902d5cbe33947043df21bea3699f65PEiD..: -TrID..: File type identification
Generic INI configuration (100.0%)PEInfo: -
[aaaa]
GetSystemMetrics=2
MonitorFromWindow=2
MonitorFromRect=2
MonitorFromPoint=2
EnumDisplayMonitors=2
GetMonitorInfoA=2
MsgWaitForMultipleObjects=2
PeekMessageW=2
TranslateMessage=2
DispatchMessageW=2
GetProcessWindowStation=2
CloseWindowStation=2
GetUserObjectInformationW=2
PostMessageA=2
UnregisterDeviceNotification=2
RegisterDeviceNotificationW=2
EnumDisplayDevicesA=2
CharNextW=2
GetMouseMovePointsEx=2
IsWindow=2
GetLastInputInfo=2
AnimateWindow=2
GetForegroundWindow=2
GetCursorInfo=2
GetQueueStatus=2
TrackMouseEvent=2
C:\Program
Files\Common
Files\koze.bat
C:\p2hhr.bat
:lsth2
del %1
if exist %1 goto lsth2
del %0
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitTorrent DNA
LimeWire PRO 4.18.3
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Also available here.
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.
Registry Cleaners
Re. RegistryMechanic
I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners http://forums.whatthetech.com/Regcleaner_t42862.html
Step 1
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Step 2
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review:
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
Step 3
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2241 [GMT -4:00]
Running from: C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\TKV\Cookies\cywypyja.scr
C:\Documents and Settings\TKV\Cookies\ugizanel.lib
C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\avuxakoh.bat
C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\rexyfabevo.inf
C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\zisamy.dl
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\msxfcg32.dll
K:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.
2008-10-26 02:13 . 2008-10-26 02:13 1,755,758 --a
C:\2_2.avi
2008-10-26 02:13 . 2008-10-26 02:13 1,562,840 --a
C:\1.avi
2008-10-26 02:11 . 2007-06-25 01:00 110,072,286 --a
C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
2008-10-26 02:10 . 2008-10-26 02:10 1,755,758 --a
C:\2_1.avi
2008-10-26 02:09 . 2008-10-26 02:09 747,736 --a
C:\2.avi
2008-10-26 00:04 . 2008-10-26 00:04 17,684 --a
C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
2008-10-25 23:54 . 2008-10-25 23:54 17,633 --a
C:\reeloldtimers6_16.asf.dap
2008-10-25 23:43 . 2008-10-25 23:43 17,630 --a
C:\mty-17-CDOR05_all.wmv.dap
2008-10-25 18:48 . 2008-10-25 19:09 <DIR> d
C:\rsit
2008-10-25 17:16 . 2008-09-11 15:24 759,256 --a
C:\09112008047.jpg
2008-10-25 17:16 . 2008-09-11 15:25 743,462 --a
C:\09112008048.jpg
2008-10-25 14:57 . 2008-10-25 14:57 2,934,168 --a
C:\ccsetup212.exe
2008-10-25 14:53 . 2008-10-25 14:53 201,030 --a
C:\lspfix.zip.dap
2008-10-25 14:43 . 2008-06-03 07:31 8,704 --a
C:\fixccs.exe
2008-10-25 14:41 . 2008-10-25 14:41 65,064 --a
C:\WindowsXP-KB953979-x86-ENU.exe
2008-10-25 14:36 . 2008-10-25 14:36 <DIR> d
C:\Program Files\Trend Micro
2008-10-24 03:58 . 2008-10-15 12:34 337,408
C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-19 12:19 . 2008-10-19 12:19 <DIR> d
C:\Documents and Settings\NetworkService\Application Data\SACore
2008-10-14 18:25 . 2008-09-08 06:41 333,824
C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-14 18:24 . 2008-09-15 08:12 1,846,400
C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-14 18:23 . 2008-08-14 06:11 2,189,184
C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-14 18:23 . 2008-08-14 06:09 2,145,280
C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-14 18:23 . 2008-08-14 05:33 2,066,048
C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-14 18:23 . 2008-08-14 05:33 2,023,936
C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-13 21:39 . 2008-04-13 20:12 291,328
C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-10-13 21:39 . 2008-04-13 20:12 290,304
C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-10-13 21:39 . 2008-04-13 20:12 150,528
C:\WINDOWS\SYSTEM32\qagent.dll
2008-10-13 21:39 . 2008-04-13 20:12 144,384
C:\WINDOWS\SYSTEM32\onex.dll
2008-10-13 21:39 . 2008-04-13 20:12 76,800
C:\WINDOWS\SYSTEM32\qutil.dll
2008-10-13 21:39 . 2008-04-13 20:12 69,120
C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-10-13 21:39 . 2008-04-13 20:12 62,464
C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-10-13 21:39 . 2008-04-13 20:12 61,952
C:\WINDOWS\SYSTEM32\rasqec.dll
2008-10-13 21:39 . 2008-04-13 20:12 53,248
C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-10-13 21:39 . 2008-04-13 20:12 50,688
C:\WINDOWS\SYSTEM32\tspkg.dll
2008-10-13 21:39 . 2008-04-13 20:12 32,768
C:\WINDOWS\SYSTEM32\setupn.exe
2008-10-13 21:39 . 2008-04-13 14:40 10,240
C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-10-13 21:37 . 2008-04-13 20:11 650,752
C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-10-13 19:12 . 2008-10-26 09:30 4,195,819 --a
C:\WINDOWS\pfirewall.log.old
2008-10-13 18:44 . 2008-10-26 11:50 8,186 --a
C:\WINDOWS\SYSTEM32\Config.MPF
2008-10-13 18:35 . 2008-10-13 18:35 <DIR> d
C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-13 18:33 . 2007-09-25 14:06 974,848 --a
C:\WINDOWS\SYSTEM32\ncpgina1.dll
2008-10-13 18:33 . 2007-10-29 10:10 77,696 --a
C:\WINDOWS\SYSTEM32\DRIVERS\NCPLENTP.SYS
2008-10-13 18:33 . 2001-12-03 08:02 631 --a
C:\WINDOWS\SYSTEM32\ncppki.conf
2008-10-13 18:30 . 2008-06-02 14:55 120,136 --a
C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-10-13 18:30 . 2008-06-27 06:08 79,240 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-10-13 18:30 . 2008-06-27 06:08 40,488 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-10-13 18:30 . 2008-06-27 06:08 35,240 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d
C:\Program Files\McAfee.com
2008-10-13 18:29 . 2008-10-19 11:20 <DIR> d
C:\Program Files\McAfee
2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d
C:\Program Files\Common Files\McAfee
2008-10-13 18:10 . 2008-06-20 05:41 34,152 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-10-13 16:32 . 2008-04-11 15:04 691,712
C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-10-13 13:44 . 2008-10-13 18:35 <DIR> d
C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-13 10:26 . 2008-10-13 10:26 0 --a
C:\FCM1E11.tmp
2008-10-13 10:26 . 2008-10-13 10:26 0 --a
C:\FCM1E10.tmp
2008-10-13 10:26 . 2008-10-13 10:26 0 --a
C:\FCM1E0F.tmp
2008-10-13 10:26 . 2008-10-13 10:26 0 --a
C:\FCM1E0E.tmp
2008-10-13 10:26 . 2008-10-13 10:26 0 --a
C:\FCM1E0D.tmp
2008-10-13 10:09 . 2008-10-13 10:09 <DIR> d
C:\Program Files\Citrix
2008-10-13 09:48 . 2008-10-13 09:48 61,224 --a
C:\Documents and Settings\TKV\GoToAssistDownloadHelper.exe
2008-10-12 09:27 . 2008-10-12 09:27 0 --a
C:\FCM1600.tmp
2008-10-12 09:27 . 2008-10-12 09:27 0 --a
C:\FCM15FF.tmp
2008-10-12 09:27 . 2008-10-12 09:27 0 --a
C:\FCM15FE.tmp
2008-10-12 09:27 . 2008-10-12 09:27 0 --a
C:\FCM15FD.tmp
2008-10-11 01:12 . 2008-10-11 01:12 0 --a
C:\FCM9B0.tmp
2008-10-11 01:12 . 2008-10-11 01:12 0 --a
C:\FCM9AE.tmp
2008-10-08 21:25 . 2008-10-25 13:54 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d
C:\Documents and Settings\TKV\Application Data\Malwarebytes
2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 21:25 . 2008-10-22 16:10 38,496 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-08 21:25 . 2008-10-22 16:10 15,504 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-08 19:32 . 2008-10-08 19:32 <DIR> d
C:\Program Files\Common Files\Download Manager
2008-10-08 18:31 . 2008-10-08 18:31 19,021 --a
C:\WINDOWS\hypiv.dl
2008-10-08 18:31 . 2008-10-08 18:31 18,893 --a
C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
2008-10-08 18:31 . 2008-10-08 18:31 17,271 --a
C:\Documents and Settings\All Users\Application Data\ovodojy.reg
2008-10-08 18:31 . 2008-10-08 18:31 16,796 --a
C:\Documents and Settings\All Users\Application Data\otyr.com
2008-10-08 18:31 . 2008-10-08 18:31 16,369 --a
C:\WINDOWS\hasykylu.bin
2008-10-08 18:31 . 2008-10-08 18:31 15,606 --a
C:\Program Files\Common Files\koze.bat
2008-10-08 18:31 . 2008-10-08 18:31 15,201 --a
C:\WINDOWS\banigukace.pif
2008-10-08 18:31 . 2008-10-08 18:31 14,249 --a
C:\WINDOWS\mydily.reg
2008-10-08 18:31 . 2008-10-08 18:31 14,220 --a
C:\Program Files\Common Files\ipyg.vbs
2008-10-08 18:31 . 2008-10-08 18:31 14,151 --a
C:\WINDOWS\comok._dl
2008-10-08 18:31 . 2008-10-08 18:31 10,392 --a
C:\Documents and Settings\TKV\Application Data\ehisu.bin
2008-10-08 18:31 . 2008-10-08 18:31 10,350 --a
C:\WINDOWS\yhyxoci.dll
2008-10-08 18:21 . 2008-10-08 18:21 46 --a
C:\p2hhr.bat
2008-10-08 18:09 . 2008-10-08 18:09 <DIR> d
C:\Documents and Settings\All Users\Application Data\qrebkvyx
2008-10-05 13:06 . 2008-10-05 13:06 <DIR> d
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:05 . 2008-10-05 13:05 <DIR> d
C:\Program Files\Bonjour
2008-10-05 13:04 . 2008-10-01 13:01 32,000 --a
C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 15:51
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 15:42
d
w C:\Documents and Settings\TKV\Application Data\DNA
2008-10-26 15:33
d
w C:\Program Files\LimeWire
2008-10-25 22:42
d
w C:\Documents and Settings\TKV\Application Data\BitTorrent
2008-10-25 17:43
d
w C:\Program Files\Trillian
2008-10-19 15:06
d
w C:\Program Files\MSECache
2008-10-19 14:54
d
w C:\Program Files\Nokia
2008-10-19 14:54
d
w C:\Documents and Settings\All Users\Application Data\Installations
2008-10-19 14:53
d
w C:\Program Files\Common Files\Nokia
2008-10-16 01:05
d
w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-11 03:56
d
w C:\Documents and Settings\TKV\Application Data\LimeWire
2008-10-08 22:03
d
w C:\Program Files\DU Meter
2008-10-08 22:02
d
w C:\Program Files\DNA
2008-10-07 00:11
d
w C:\Documents and Settings\TKV\Application Data\EditPlus 3
2008-10-05 17:06
d
w C:\Program Files\iTunes
2008-10-05 17:06
d
w C:\Program Files\iPod
2008-10-05 17:04
d
w C:\Program Files\Common Files\Apple
2008-10-03 17:41 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-21 23:54
d
w C:\Program Files\LoanSpread
2008-09-21 17:30 76,381,444 ----a-w C:\sdat5388.exe
2008-09-19 00:43
d
w C:\Documents and Settings\All Users\Application Data\Citrix
2008-09-19 00:23
d
w C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-15 23:19
d
w C:\Program Files\SereneScreen
2008-09-15 23:14
d
w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-15 23:12
d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 23:05
d
w C:\Program Files\DAP
2008-09-15 23:02
d
w C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-15 22:35
d
w C:\Documents and Settings\TKV\Application Data\uniblue
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-13 13:39
d
w C:\Documents and Settings\TKV\Application Data\Internet Download Accelerator
2008-09-11 00:11
d
w C:\Program Files\QuickTime
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 03:30 241,704
w C:\WINDOWS\SYSTEM32\DLLCACHE\wgaLogon.dll
2008-09-06 03:29 917,032
w C:\WINDOWS\SYSTEM32\DLLCACHE\WgaTray.exe
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\SYSTEM32\dnssd.dll
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496
w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\SYSTEM32\msdbg2.dll
2008-07-30 00:35 326,160 ----a-w C:\WINDOWS\SYSTEM32\PresentationHost.exe
2008-07-29 23:59 781,344 ----a-w C:\WINDOWS\SYSTEM32\PresentationNative_v0300.dll
2008-07-29 23:59 43,544 ----a-w C:\WINDOWS\SYSTEM32\PresentationHostProxy.dll
2008-07-29 23:59 105,016 ----a-w C:\WINDOWS\SYSTEM32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 23:24 97,800 ----a-w C:\WINDOWS\SYSTEM32\infocardapi.dll
2008-07-29 23:24 622,080 ----a-w C:\WINDOWS\SYSTEM32\icardagt.exe
2008-07-29 23:24 11,264 ----a-w C:\WINDOWS\SYSTEM32\icardres.dll
2008-04-17 03:11 4,047 -c--a-w C:\Program Files\policy.spd
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"IECHECK.EXE"="C:\WINDOWS\iecheck.exe" [2004-04-09 91136]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-10 67128]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-15 3061248]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-09 2645528]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-08 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2007-05-16 992784]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"NcpBudget"="C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe" [2006-12-01 228352]
"NcpPopup"="C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" [2007-11-07 535040]
"NcpMonitor"="C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" [2007-11-13 3451904]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\SYSTEM32\P17.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-17 805392]
PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe [2008-01-29 8248832]
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-10-02 1873280]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftpgui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\WatchGuard\\Mobile VPN\\NCPMON.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 ncpclcfg;ncpclcfg;C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
R2 ncprwsnt;ncprwsnt;C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
R2 NcpSec;NcpSec;C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
R2 rwsrsu;RwsRsu;C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-03-17 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
R3 ncplentp;WatchGuard Secure Client Adapter Driver;C:\WINDOWS\system32\DRIVERS\ncplentp.sys [2007-10-29 77696]
S1 84bd0fb9;84bd0fb9;C:\WINDOWS\system32\drivers\84bd0fb9.sys [ ]
S2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [ ]
S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-19 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\SYSTEM32\cleanmgr.exe [2008-04-13 20:12]
2008-10-23 C:\WINDOWS\Tasks\Disk Defragmentor.job
- C:\WINDOWS\SYSTEM32\DFRG.MSC [2004-03-19 18:35]
2008-10-25 C:\WINDOWS\Tasks\McAfee SecurityCenter.job
- C:\PROGRA~1\McAfee\MSC\mcshell.exe [2008-06-21 12:38]
2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-13 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
HKLM-Run-McAfeeUpdate - C:\Documents and Settings\TKV\Local Settings\Temporary Internet Files\Content.IE5\DLIUHM8Q\McAfeeUpdate[1].exe
HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
Supplementary Scan
.
FireFox -: Profile - C:\Documents and Settings\TKV\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 11:46:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
DLLs Loaded Under Running Processes
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
Other Running Processes
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\HDDSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\searchindexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\scardsvr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\SYSTEM32\searchprotocolhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\SYSTEM32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-10-26 12:01:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-26 16:01:26
Pre-Run: 16,828,436,480 bytes free
Post-Run: 17,677,344,768 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
358 --- E O F --- 2008-10-24 22:37:49
No, it's my personal computer, but I do logon to my workplace LAN at times to retrieve files.
I removed LimeWire.
Thank you again for this tremendous help (Kapersky is running).
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 26, 2008 15:30:40
Records in database: 1348246
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
I:\
K:\
Scan statistics:
Files scanned: 156629
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:47:25
File name / Threat name / Threats count
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP13\A0006003.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006061.dll Infected: Trojan.Win32.Obfuscated.gx 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006290.SYS Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006291.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006316.sys Infected: Rootkit.Win32.Agent.egp 1
K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar Infected: Trojan-Banker.Win32.Banker.fzf 1
The selected area was scanned.
A couple of things ....
K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar
Would this be a cracked version that you downloaded via Limewire or Bittorrent ?
Do you know what these are ?
C:\09112008047.jpg
C:\09112008048.jpg
Step 1
Custom CFScript
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Step 2
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
Step 3
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2035 [GMT -4:00]
Running from: C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe
Command switches used :: C:\Documents and Settings\TKV\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
C:\1.avi
C:\2.avi
C:\2_1.avi
C:\2_2.avi
C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
C:\Documents and Settings\All Users\Application Data\otyr.com
C:\Documents and Settings\All Users\Application Data\ovodojy.reg
C:\Documents and Settings\TKV\Application Data\ehisu.bin
C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
C:\FCM15FD.tmp
C:\FCM15FE.tmp
C:\FCM15FF.tmp
C:\FCM1600.tmp
C:\FCM1E0D.tmp
C:\FCM1E0E.tmp
C:\FCM1E0F.tmp
C:\FCM1E10.tmp
C:\FCM1E11.tmp
C:\FCM9AE.tmp
C:\FCM9B0.tmp
C:\mty-17-CDOR05_all.wmv.dap
C:\p2hhr.bat
C:\Program Files\Common Files\ipyg.vbs
C:\Program Files\Common Files\koze.bat
C:\reeloldtimers6_16.asf.dap
C:\WINDOWS\banigukace.pif
C:\WINDOWS\comok._dl
C:\WINDOWS\hasykylu.bin
C:\WINDOWS\hypiv.dl
C:\WINDOWS\mydily.reg
C:\WINDOWS\yhyxoci.dll
K:\Stored Programs\DAP\Download Accelerator Plus_v 8.5.5.5 Premium.rar
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\[XXX Porn Vintage].The Nun - 1945s(X Rated).mpg
C:\1.avi
C:\2.avi
C:\2_1.avi
C:\2_2.avi
C:\Antique_Hardcore_08_-_Couple_1930_s.mpg.dap
C:\Documents and Settings\All Users\Application Data\otyr.com
C:\Documents and Settings\All Users\Application Data\ovodojy.reg
C:\Documents and Settings\TKV\Application Data\ehisu.bin
C:\Documents and Settings\TKV\Application Data\yfaguvut.pif
C:\FCM15FD.tmp
C:\FCM15FE.tmp
C:\FCM15FF.tmp
C:\FCM1600.tmp
C:\FCM1E0D.tmp
C:\FCM1E0E.tmp
C:\FCM1E0F.tmp
C:\FCM1E10.tmp
C:\FCM1E11.tmp
C:\FCM9AE.tmp
C:\FCM9B0.tmp
C:\mty-17-CDOR05_all.wmv.dap
C:\p2hhr.bat
C:\Program Files\Common Files\ipyg.vbs
C:\Program Files\Common Files\koze.bat
C:\reeloldtimers6_16.asf.dap
C:\WINDOWS\banigukace.pif
C:\WINDOWS\comok._dl
C:\WINDOWS\hasykylu.bin
C:\WINDOWS\hypiv.dl
C:\WINDOWS\mydily.reg
C:\WINDOWS\yhyxoci.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_IPSECDRV
\Service_84bd0fb9
\Service_IPSECDRV
\Service_TPP200
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.
2008-10-25 18:48 . 2008-10-25 19:09 <DIR> d
C:\rsit
2008-10-25 14:57 . 2008-10-25 14:57 2,934,168 --a
C:\ccsetup212.exe
2008-10-25 14:53 . 2008-10-25 14:53 201,030 --a
C:\lspfix.zip.dap
2008-10-25 14:43 . 2008-06-03 07:31 8,704 --a
C:\fixccs.exe
2008-10-25 14:41 . 2008-10-25 14:41 65,064 --a
C:\WindowsXP-KB953979-x86-ENU.exe
2008-10-25 14:36 . 2008-10-25 14:36 <DIR> d
C:\Program Files\Trend Micro
2008-10-24 03:58 . 2008-10-15 12:34 337,408
C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-19 12:19 . 2008-10-19 12:19 <DIR> d
C:\Documents and Settings\NetworkService\Application Data\SACore
2008-10-14 18:25 . 2008-09-08 06:41 333,824
C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-14 18:24 . 2008-09-15 08:12 1,846,400
C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-14 18:23 . 2008-08-14 06:11 2,189,184
C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-14 18:23 . 2008-08-14 06:09 2,145,280
C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-14 18:23 . 2008-08-14 05:33 2,066,048
C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-14 18:23 . 2008-08-14 05:33 2,023,936
C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-13 21:39 . 2008-04-13 20:12 291,328
C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-10-13 21:39 . 2008-04-13 20:12 290,304
C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-10-13 21:39 . 2008-04-13 20:12 150,528
C:\WINDOWS\SYSTEM32\qagent.dll
2008-10-13 21:39 . 2008-04-13 20:12 144,384
C:\WINDOWS\SYSTEM32\onex.dll
2008-10-13 21:39 . 2008-04-13 20:12 76,800
C:\WINDOWS\SYSTEM32\qutil.dll
2008-10-13 21:39 . 2008-04-13 20:12 69,120
C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-10-13 21:39 . 2008-04-13 20:12 62,464
C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-10-13 21:39 . 2008-04-13 20:12 61,952
C:\WINDOWS\SYSTEM32\rasqec.dll
2008-10-13 21:39 . 2008-04-13 20:12 53,248
C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-10-13 21:39 . 2008-04-13 20:12 50,688
C:\WINDOWS\SYSTEM32\tspkg.dll
2008-10-13 21:39 . 2008-04-13 20:12 32,768
C:\WINDOWS\SYSTEM32\setupn.exe
2008-10-13 21:39 . 2008-04-13 14:40 10,240
C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-10-13 21:37 . 2008-04-13 20:11 650,752
C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-10-13 19:12 . 2008-10-26 13:42 4,196,990 --a
C:\WINDOWS\pfirewall.log.old
2008-10-13 18:44 . 2008-10-26 16:12 8,186 --a
C:\WINDOWS\SYSTEM32\Config.MPF
2008-10-13 18:35 . 2008-10-13 18:35 <DIR> d
C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-13 18:33 . 2007-09-25 14:06 974,848 --a
C:\WINDOWS\SYSTEM32\ncpgina1.dll
2008-10-13 18:33 . 2007-10-29 10:10 77,696 --a
C:\WINDOWS\SYSTEM32\DRIVERS\NCPLENTP.SYS
2008-10-13 18:33 . 2001-12-03 08:02 631 --a
C:\WINDOWS\SYSTEM32\ncppki.conf
2008-10-13 18:30 . 2008-06-02 14:55 120,136 --a
C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-10-13 18:30 . 2008-06-27 06:08 79,240 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-10-13 18:30 . 2008-06-27 06:08 40,488 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-10-13 18:30 . 2008-06-27 06:08 35,240 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d
C:\Program Files\McAfee.com
2008-10-13 18:29 . 2008-10-19 11:20 <DIR> d
C:\Program Files\McAfee
2008-10-13 18:29 . 2008-10-13 18:30 <DIR> d
C:\Program Files\Common Files\McAfee
2008-10-13 18:10 . 2008-06-20 05:41 34,152 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-10-13 16:32 . 2008-04-11 15:04 691,712
C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-10-13 13:44 . 2008-10-13 18:35 <DIR> d
C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-13 10:09 . 2008-10-13 10:09 <DIR> d
C:\Program Files\Citrix
2008-10-13 09:48 . 2008-10-13 09:48 61,224 --a
C:\Documents and Settings\TKV\GoToAssistDownloadHelper.exe
2008-10-08 21:25 . 2008-10-25 13:54 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d
C:\Documents and Settings\TKV\Application Data\Malwarebytes
2008-10-08 21:25 . 2008-10-08 21:25 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 21:25 . 2008-10-22 16:10 38,496 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-08 21:25 . 2008-10-22 16:10 15,504 --a
C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-08 19:32 . 2008-10-08 19:32 <DIR> d
C:\Program Files\Common Files\Download Manager
2008-10-08 18:09 . 2008-10-08 18:09 <DIR> d
C:\Documents and Settings\All Users\Application Data\qrebkvyx
2008-10-05 13:06 . 2008-10-05 13:06 <DIR> d
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 13:05 . 2008-10-05 13:05 <DIR> d
C:\Program Files\Bonjour
2008-10-05 13:04 . 2008-10-01 13:01 32,000 --a
C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 20:14
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-26 20:02
d
w C:\Documents and Settings\TKV\Application Data\DNA
2008-10-26 15:33
d
w C:\Program Files\LimeWire
2008-10-25 22:42
d
w C:\Documents and Settings\TKV\Application Data\BitTorrent
2008-10-25 17:43
d
w C:\Program Files\Trillian
2008-10-19 15:06
d
w C:\Program Files\MSECache
2008-10-19 14:54
d
w C:\Program Files\Nokia
2008-10-19 14:54
d
w C:\Documents and Settings\All Users\Application Data\Installations
2008-10-19 14:53
d
w C:\Program Files\Common Files\Nokia
2008-10-16 01:05
d
w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-11 03:56
d
w C:\Documents and Settings\TKV\Application Data\LimeWire
2008-10-08 22:03
d
w C:\Program Files\DU Meter
2008-10-08 22:02
d
w C:\Program Files\DNA
2008-10-07 00:11
d
w C:\Documents and Settings\TKV\Application Data\EditPlus 3
2008-10-05 17:06
d
w C:\Program Files\iTunes
2008-10-05 17:06
d
w C:\Program Files\iPod
2008-10-05 17:04
d
w C:\Program Files\Common Files\Apple
2008-10-03 17:41 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-21 23:54
d
w C:\Program Files\LoanSpread
2008-09-21 17:30 76,381,444 ----a-w C:\sdat5388.exe
2008-09-19 00:43
d
w C:\Documents and Settings\All Users\Application Data\Citrix
2008-09-19 00:23
d
w C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-15 23:19
d
w C:\Program Files\SereneScreen
2008-09-15 23:14
d
w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-15 23:12
d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 23:05
d
w C:\Program Files\DAP
2008-09-15 23:02
d
w C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-15 22:35
d
w C:\Documents and Settings\TKV\Application Data\uniblue
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-13 13:39
d
w C:\Documents and Settings\TKV\Application Data\Internet Download Accelerator
2008-09-11 00:11
d
w C:\Program Files\QuickTime
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 03:30 241,704
w C:\WINDOWS\SYSTEM32\DLLCACHE\wgaLogon.dll
2008-09-06 03:29 917,032
w C:\WINDOWS\SYSTEM32\DLLCACHE\WgaTray.exe
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\SYSTEM32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\SYSTEM32\dnssd.dll
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824
w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496
w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\SYSTEM32\msdbg2.dll
2008-07-30 00:35 326,160 ----a-w C:\WINDOWS\SYSTEM32\PresentationHost.exe
2008-07-29 23:59 781,344 ----a-w C:\WINDOWS\SYSTEM32\PresentationNative_v0300.dll
2008-07-29 23:59 43,544 ----a-w C:\WINDOWS\SYSTEM32\PresentationHostProxy.dll
2008-07-29 23:59 105,016 ----a-w C:\WINDOWS\SYSTEM32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 23:24 97,800 ----a-w C:\WINDOWS\SYSTEM32\infocardapi.dll
2008-07-29 23:24 622,080 ----a-w C:\WINDOWS\SYSTEM32\icardagt.exe
2008-07-29 23:24 11,264 ----a-w C:\WINDOWS\SYSTEM32\icardres.dll
2008-04-17 03:11 4,047 -c--a-w C:\Program Files\policy.spd
.
((((((((((((((((((((((((((((( [EMAIL="snapshot@2008-10-26_12.00.50.43"]snapshot@2008-10-26_12.00.50.43[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 14:31:59 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-10-26 19:46:57 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-10-26 14:31:59 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-10-26 19:46:57 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"IECHECK.EXE"="C:\WINDOWS\iecheck.exe" [2004-04-09 91136]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-10 67128]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-15 3061248]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2008-06-09 2645528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2007-05-16 992784]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"NcpBudget"="C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe" [2006-12-01 228352]
"NcpPopup"="C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" [2007-11-07 535040]
"NcpMonitor"="C:\Program Files\WatchGuard\Mobile VPN\ncpmon.exe" [2007-11-13 3451904]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\SYSTEM32\P17.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-17 805392]
PictureShare.net Startup.lnk - C:\Program Files\PictureShare\PSClient.exe [2008-01-29 8248832]
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-10-02 1873280]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftpgui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\WatchGuard\\Mobile VPN\\NCPMON.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 ncpclcfg;ncpclcfg;C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe [2007-04-05 77824]
R2 ncprwsnt;ncprwsnt;C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe [2007-11-08 1032192]
R2 NcpSec;NcpSec;C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe [2004-05-24 45056]
R2 rwsrsu;RwsRsu;C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe [2007-10-23 266240]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-03-17 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-17 284280]
R3 ncplentp;WatchGuard Secure Client Adapter Driver;C:\WINDOWS\system32\DRIVERS\ncplentp.sys [2007-10-29 77696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5ad241-2874-11dd-bf6b-020052cc00d4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-19 C:\WINDOWS\Tasks\Disk Cleanup.job
- C:\WINDOWS\SYSTEM32\cleanmgr.exe [2008-04-13 20:12]
2008-10-23 C:\WINDOWS\Tasks\Disk Defragmentor.job
- C:\WINDOWS\SYSTEM32\DFRG.MSC [2004-03-19 18:35]
2008-10-25 C:\WINDOWS\Tasks\McAfee SecurityCenter.job
- C:\PROGRA~1\McAfee\MSC\mcshell.exe [2008-06-21 12:38]
2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-13 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9FF6A9A7-9631-4B80-AF09-DC9E8B62A74E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 16:09:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
DLLs Loaded Under Running Processes
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
Other Running Processes
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\HDDSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\searchindexer.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\SYSTEM32\scardsvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-10-26 16:25:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-26 20:24:56
ComboFix2.txt 2008-10-26 16:01:40
Pre-Run: 17,555,910,656 bytes free
Post-Run: 17,604,849,664 bytes free
362 --- E O F --- 2008-10-24 22:37:49
Before the last launch of ComboFix, my ability to rebuild my wireless network came back!!!
The only residual problem right now appears to be McAfee, which constantly is asking me fot click FIX for a signature issue (which is good on their site until 12/2/08).
More to follow after Active Scan.
Yep, you will find that a lot of people consider McAfee to be a problem
Paid
Kaspersky or Nod32, both are excellent
Free
Avira or Avast are both good AntiVirus
Firewall is a bit harder, I like Comodo, but Outpost and ZoneAlarm are popular
[FONT="]ANALYSIS: 2008-10-26 18:36:49[/FONT]
[FONT="]PROTECTIONS: 2[/FONT]
[FONT="]MALWARE: 102[/FONT]
[FONT="]SUSPECTS: 2[/FONT]
[FONT="];***********************************************************************************************************************************************************************************[/FONT]
[FONT="]PROTECTIONS[/FONT]
[FONT="]Description Version Active Updated[/FONT]
[FONT="];===================================================================================================================================================================================[/FONT]
[FONT="]McAfee Internet Security Suite 2007 9.0 No No[/FONT]
[FONT="]McAfee VirusScan Plus 13.0 No No[/FONT]
[FONT="];===================================================================================================================================================================================[/FONT]
[FONT="]MALWARE[/FONT]
[FONT="]Id Description Type Active Severity Disinfectable Disinfected Location[/FONT]
[FONT="];===================================================================================================================================================================================[/FONT]
[FONT="]00027660 adware/savenow Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}[/FONT]
[FONT="]00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader[/FONT]
[FONT="]00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader.1[/FONT]
[FONT="]00039204 adware/cws Adware No 0 Yes No c:\documents and settings\tkv\favorites\adult[/FONT]
[FONT="]00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}[/FONT]
[FONT="]00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@trafficmp[1].txt[/FONT]
[FONT="]00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@casalemedia[2].txt[/FONT]
[FONT="]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@doubleclick[1].txt[/FONT]
[FONT="]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.doubleclick.net/][/FONT]
[FONT="]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.doubleclick.net/][/FONT]
[FONT="]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.atdmt.com/][/FONT]
[FONT="]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@atdmt[2].txt[/FONT]
[FONT="]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.atdmt.com/][/FONT]
[FONT="]00144497 Cookie/Intelli-tracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www.intelli-tracker[1].txt[/FONT]
[FONT="]00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@tradedoubler[1].txt[/FONT]
[FONT="]00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@247realmedia[2].txt[/FONT]
[FONT="]00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.bfast.com/][/FONT]
[FONT="]00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bfast[1].txt[/FONT]
[FONT="]00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@fastclick[1].txt[/FONT]
[FONT="]00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.fastclick.net/][/FONT]
[FONT="]00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/][/FONT]
[FONT="]00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/][/FONT]
[FONT="]00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/][/FONT]
[FONT="]00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.servedby.advertising.com/][/FONT]
[FONT="]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tribalfusion.com/][/FONT]
[FONT="]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.tribalfusion.com/][/FONT]
[FONT="]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@tribalfusion[2].txt[/FONT]
[FONT="]00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@mediaplex[1].txt[/FONT]
[FONT="]00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.mediaplex.com/][/FONT]
[FONT="]00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@sexlist[1].txt[/FONT]
[FONT="]00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@linksynergy[1].txt[/FONT]
[FONT="]00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@anm.co[2].txt[/FONT]
[FONT="]00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@paycounter[2].txt[/FONT]
[FONT="]00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@clickbank[1].txt[/FONT]
[FONT="]00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tucows.com/][/FONT]
[FONT="]00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.tucows.com/][/FONT]
[FONT="]00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ccbill[2].txt[/FONT]
[FONT="]00155988 adware/fastlook Adware No 0 Yes No hkey_current_user\software\toolband[/FONT]
[FONT="]00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@revenue[2].txt[/FONT]
[FONT="]00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@findwhat[1].txt[/FONT]
[FONT="]00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@kinghost[1].txt[/FONT]
[FONT="]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.com.com/][/FONT]
[FONT="]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.com.com/][/FONT]
[FONT="]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@com[1].txt[/FONT]
[FONT="]00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.yadro.ru/][/FONT]
[FONT="]00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.yadro.ru/][/FONT]
[FONT="]00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@yadro[1].txt[/FONT]
[FONT="]00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@stats1.clicktracks[1].txt[/FONT]
[FONT="]00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@landing.domainsponsor[1].txt[/FONT]
[FONT="]00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@webpower[2].txt[/FONT]
[FONT="]00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@xiti[1].txt[/FONT]
[FONT="]00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.xiti.com/][/FONT]
[FONT="]00167706 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter3.sextracker[2].txt[/FONT]
[FONT="]00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@hotlog[2].txt[/FONT]
[FONT="]00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@gostats[1].txt[/FONT]
[FONT="]00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@azjmp[1].txt[/FONT]
[FONT="]00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@toplist[1].txt[/FONT]
[FONT="]00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.toplist.cz/][/FONT]
[FONT="]00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.statcounter.com/][/FONT]
[FONT="]00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@statcounter[1].txt[/FONT]
[FONT="]00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter9.sextracker[1].txt[/FONT]
[FONT="]00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter.hitslink[1].txt[/FONT]
[FONT="]00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter8.sextracker[2].txt[/FONT]
[FONT="]00167762 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter13.sextracker[1].txt[/FONT]
[FONT="]00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter1.sextracker[1].txt[/FONT]
[FONT="]00167764 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter7.sextracker[2].txt[/FONT]
[FONT="]00167770 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter15.sextracker[1].txt[/FONT]
[FONT="]00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter6.sextracker[1].txt[/FONT]
[FONT="]00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@club.cdfreaks[3].txt[/FONT]
[FONT="]00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@perf.overture[1].txt[/FONT]
[FONT="]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ad.yieldmanager[5].txt[/FONT]
[FONT="]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[ad.yieldmanager.com/][/FONT]
[FONT="]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ad.yieldmanager[3].txt[/FONT]
[FONT="]00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter10.sextracker[1].txt[/FONT]
[FONT="]00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter4.sextracker[1].txt[/FONT]
[FONT="]00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@apmebf[2].txt[/FONT]
[FONT="]00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@burstnet[2].txt[/FONT]
[FONT="]00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@versiontracker[1].txt[/FONT]
[FONT="]00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.versiontracker.com/][/FONT]
[FONT="]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/][/FONT]
[FONT="]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/][/FONT]
[FONT="]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/][/FONT]
[FONT="]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.serving-sys.com/][/FONT]
[FONT="]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@serving-sys[1].txt[/FONT]
[FONT="]00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[bs.serving-sys.com/][/FONT]
[FONT="]00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bs.serving-sys[2].txt[/FONT]
[FONT="]00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www.burstbeacon[1].txt[/FONT]
[FONT="]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
[FONT="]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
[FONT="]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
[FONT="]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
[FONT="]00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.as-us.falkag.net/][/FONT]
[FONT="]00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@cdfreaks[2].txt[/FONT]
[FONT="]00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adtech[1].txt[/FONT]
[FONT="]00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@server.iad.liveperson[2].txt[/FONT]
[FONT="]00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[stat.onestat.com/][/FONT]
[FONT="]00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.stat.onestat.com/][/FONT]
[FONT="]00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[stat.onestat.com/][/FONT]
[FONT="]00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@stat.onestat[1].txt[/FONT]
[FONT="]00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@fl01.ct2.comclick[1].txt[/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@advertising[1].txt[/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.advertising.com/][/FONT]
[FONT="]00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@sextracker[2].txt[/FONT]
[FONT="]00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@media.adrevolver[3].txt[/FONT]
[FONT="]00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@statse.webtrendslive[2].txt[/FONT]
[FONT="]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ads.pointroll[1].txt[/FONT]
[FONT="]00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@overture[2].txt[/FONT]
[FONT="]00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.realmedia.com/][/FONT]
[FONT="]00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@realmedia[1].txt[/FONT]
[FONT="]00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.realmedia.com/][/FONT]
[FONT="]00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@questionmarket[2].txt[/FONT]
[FONT="]00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@zedo[2].txt[/FONT]
[FONT="]00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.zedo.com/][/FONT]
[FONT="]00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.zedo.com/][/FONT]
[FONT="]00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bluestreak[1].txt[/FONT]
[FONT="]00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.bluestreak.com/][/FONT]
[FONT="]00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter2.sextracker[1].txt[/FONT]
[FONT="]00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@xxxcounter[2].txt[/FONT]
[FONT="]00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@phg.hitbox[1].txt[/FONT]
[FONT="]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.adrevolver.com/][/FONT]
[FONT="]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.adrevolver.com/][/FONT]
[FONT="]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adrevolver[2].txt[/FONT]
[FONT="]00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@bravenet[1].txt[/FONT]
[FONT="]00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adultfriendfinder[1].txt[/FONT]
[FONT="]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@go[2].txt[/FONT]
[FONT="]00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.www48.seeq.com/][/FONT]
[FONT="]00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@searchportal.information[2].txt[/FONT]
[FONT="]00206953 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter14.sextracker[1].txt[/FONT]
[FONT="]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@target[1].txt[/FONT]
[FONT="]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/][/FONT]
[FONT="]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/][/FONT]
[FONT="]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.target.com/][/FONT]
[FONT="]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.target.com/][/FONT]
[FONT="]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.target.com/][/FONT]
[FONT="]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@did-it[1].txt[/FONT]
[FONT="]00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www2.addfreestats[1].txt[/FONT]
[FONT="]00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Mozilla\Profiles\default\c21dcs2t.slt\cookies.txt[.atwola.com/][/FONT]
[FONT="]00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@atwola[1].txt[/FONT]
[FONT="]00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@smartadserver[1].txt[/FONT]
[FONT="]00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www3.addfreestats[1].txt[/FONT]
[FONT="]00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@www6.addfreestats[2].txt[/FONT]
[FONT="]00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@ads.addynamix[2].txt[/FONT]
[FONT="]01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP35\A0021793.EXE[/FONT]
[FONT="]01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@enhance[2].txt[/FONT]
[FONT="]01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.enhance.com/][/FONT]
[FONT="]01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.goclick.com/][/FONT]
[FONT="]01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@goclick[1].txt[/FONT]
[FONT="]01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Application Data\Netscape\Navigator\Profiles\j0myc5pn.default\cookies.txt[.goclick.com/][/FONT]
[FONT="]01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@adserver.easyad[1].txt[/FONT]
[FONT="]02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@counter12.sextracker[2].txt[/FONT]
[FONT="]02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP35\A0021745.sys[/FONT]
[FONT="]02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP36\A0021895.sys[/FONT]
[FONT="]02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\TKV\Cookies\tkv@advancedcleaner[1].txt[/FONT]
[FONT="]02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006290.SYS[/FONT]
[FONT="]02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP13\A0006003.sys[/FONT]
[FONT="]02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006291.sys[/FONT]
[FONT="]03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP34\A0021435.exe[/FONT]
[FONT="]03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP34\A0021442.exe[/FONT]
[FONT="]03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP33\A0021151.exe[/FONT]
[FONT="]03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP33\A0021150.exe[/FONT]
[FONT="]03834535 Generic Backdoor Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006316.sys[/FONT]
[FONT="]03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP14\A0006304.sys[/FONT]
[FONT="];===================================================================================================================================================================================[/FONT]
[FONT="]SUSPECTS[/FONT]
[FONT="]Sent Location ^[/FONT]
[FONT="];===================================================================================================================================================================================[/FONT]
[FONT="]No C:\Documents and Settings\TKV\My Documents\download\ComboFix.exe[32788R22FWJFW\psexec.cfexe] ^[/FONT]
[FONT="]No K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe ^[/FONT]
[FONT="];===================================================================================================================================================================================[/FONT]
[FONT="]VULNERABILITIES[/FONT]
[FONT="]Id Severity Description ^[/FONT]
[FONT="];===================================================================================================================================================================================[/FONT]
[FONT="];===================================================================================================================================================================================[/FONT]
Just a screen capture utility.
[/FONT]
But why does Panda flag it ???
Let's see what the others say
Step 1
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total
Please visit Virustotal
Copy/paste the the following file path into the window
K:\Stored Programs\5 Clicks\5Clicks_ScreenCapture.exe
Click Submit/Send File
Please post back, to let me know the results.
If Virustotal is too busy please try Jotti
Step 2
OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Step 3
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/36 (22.23%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
[URL="javascript:window.print()"]Print results[/URL]
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:
Antivirus Version Last Update Result AhnLab-V32008.10.24.32008.10.27-AntiVir7.9.0.92008.10.27-Authentium5.1.0.42008.10.26-Avast4.8.1248.02008.10.27-AVG8.0.0.1612008.10.27-BitDefender7.22008.10.27-CAT-QuickHeal9.502008.10.25(Suspicious) - DNAScanClamAV0.93.12008.10.27-DrWeb4.44.0.091702008.10.26-eSafe7.0.17.02008.10.26Suspicious FileeTrust-Vet31.6.61682008.10.25-Ewido4.02008.10.26-F-Prot4.4.4.562008.10.26-F-Secure8.0.14332.02008.10.27-Fortinet3.113.0.02008.10.26-GData192008.10.27-IkarusT3.1.1.44.02008.10.27Virus.Win32.NotimeK7AntiVirus7.10.5082008.10.26-Kaspersky7.0.0.1252008.10.27-McAfee54152008.10.25-Microsoft1.40052008.10.27-NOD3235572008.10.26-Norman5.80.022008.10.24-Panda9.0.0.42008.10.26Suspicious filePCTools4.4.2.02008.10.26-Prevx1V22008.10.27-Rising21.00.62.002008.10.26-SecureWeb-Gateway6.7.62008.10.27Win32.Malware.gen (suspicious)Sophos4.35.02008.10.26Sus/UnkPackerSunbelt3.1.1753.12008.10.25-Symantec102008.10.27Packed.Generic.70TheHacker6.3.1.1.1302008.10.27-TrendMicro8.700.0.10042008.10.24PAK_Generic.001VBA323.12.8.82008.10.25-ViRobot2008.10.24.14362008.10.24-VirusBuster4.5.11.02008.10.26- Additional information File size: 70912 bytesMD5...: fc763f6b6aa29fb10b9eaed8d7f708c4SHA1..: 2023ca4b2ee225596aa23d3832af727d70bb3612SHA256: c988a926c03b98d5f10b1ea7097aab8e9ad5201839cf77298e2da4ef01d7009dSHA512: 6d173e71892b987676c9dfe677aa8a3cd55a6263b729a8332b7d3e67adf38341
26dbc208e7438bc25dd571fbf7f3b225cba3ef44713a6e99fa88c9f5abe1479cPEiD..: UPX + ECLiPSE layerTrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x44f000
timedatestamp.....: 0x404f5fa2 (Wed Mar 10 18:34:10 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
KGP 0x1000 0x3d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
KGP 0x3e000 0x10000 0x10000 7.91 559a37118537d00febf9ebf02359a3e7
KGP 0x4e000 0x1000 0xe00 5.00 aa45598abe3351077271b64b52f3b616
KGP 0x4f000 0x300 0x300 4.47 2004f5798f3008e5fd76b90a9d0f9609
( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> GDI32.dll: BitBlt
> MSVCRT.dll: exit
> ole32.dll: CreateStreamOnHGlobal
> OLEAUT32.dll: -
> USER32.dll: GetDC
> WINMM.dll: waveOutOpen
( 0 exports )
packers (F-Prot): UPX
Error: Unable to interpret <c:\documents and settings\tkv\favorites\adult> in the current context!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\BCGB.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\BCGC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\TKV\LOCALS~1\Temp\etilqs_iFUZUwXziHQjdFb9LaNg scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\TKV\Local Settings\Application Data\Mozilla\Firefox\Profiles\x6e6n1hp.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
========== REGISTRY ==========
Registry key hkey_current_user\software\toolband\\ not found.
Registry key HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\\ deleted successfully.
Registry key hkey_local_machine\software\classes\runmsc.loader\\ deleted successfully.
Registry key hkey_local_machine\software\classes\runmsc.loader.1\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\\ not found.
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_220734
OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
c:\documents and settings\tkv\favorites\Adult moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10272008_191952
Let's see if I can help you keep it that way
First lets tidy up
You can also delete any logs we have produced, and empty your Recycle bin.
Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.
The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details
AntiSpyware
AntiSpyware is
not the same thing as Antivirus.Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program
[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one- Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
- SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
- SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
- ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
- MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.
If you are still using IE6 then either update, or get one of the following.
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program- ATF Cleaner
- Free and very simple to use
- CCleaner
- Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'