PDA

View Full Version : "complete" folder w 26044 infected files & 3 viruses found!


heavyjavadrinker
2007-12-13, 05:22
hi

i did a thorough scan with Avast! antivirus on my DELL laptop and found a folder at C:/Documents and Settings/(user)/Complete ... and it's loaded with over 20000 infected zip files! :devilpoin: i tried quarantining them and deleting them from the Avast! chest, but it was more the quarantine chest could hold, so i'd have to keep rescanning the documents and setting folder and stopping it after a brief time. i deleted all the zip files A-L (probably thousands of them) before i decided to do a Kaspersky scan. i can't fit the results in their entirity here... i tried finding the "/Complete" folder (with view hidden folders option) and i still don't see it.

Does someone know how to delete this folder in its entirity? i also believe i may have a Virtumonde virus, or whatever is, spybot and adware don't seem to completey destroying it.

here is a brief section of the Kaspersky report:


KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 12, 2007 9:29:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/12/2007
Kaspersky Anti-Virus database records: 481147


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 110038
Number of viruses found 3
Number of infected objects 26044
Number of suspicious objects 0
Duration of the scan process 02:35:36

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20071212 134009.aawqff/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20071212 134009.aawqff ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentazk1.zip/svchosts.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentazk1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip/Yazzle1122OinAdmin.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\cert8.db Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\history.dat Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\key3.db Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\parent.lock Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Complete\Letterman Spam Control Pro 3.5 build 281.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\Letterman Spam Control Pro 3.5 build 281.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\LetterMerger for MS Access 1.2.63.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\LetterMerger for MS Access 1.2.63.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\Letters File Management 2006.2.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\Letters File Management 2006.2.1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\Letters From America 1.08.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\Letters From America 1.08.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\LettersFall 100% 1.1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\LettersFall 100% 1.1.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\LetturaNotePro 2.7.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\LetturaNotePro 2.7.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\LetUknow 2.0.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\LetUknow 2.0.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\Level Shmup 1.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

and so on all the way to the end: :buried:

C:\Documents and Settings\Christopher Schmidt\Complete\[ureshii]Ghost Hunt 01[A0E10EF7] avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[ureshii]Ghost Hunt 01[A0E10EF7] avi.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[WZF]Gunbuster OVA 03-04 v2.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[WZF]Gunbuster OVA 03-04 v2.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[Xanatos] Naruto Manga chapters 234-337.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[Xanatos] Naruto Manga chapters 234-337.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[YaF-SSI] Saint Seiya Meiou Hades Meikai-hen-21.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[YaF-SSI] Saint Seiya Meiou Hades Meikai-hen-21.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[YGO] Yu-Gi-Oh! Duel Monsters - Episodes 001-014.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[YGO] Yu-Gi-Oh! Duel Monsters - Episodes 001-014.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[Yoroshiku] Kekkaishi - 05 [003402E7] avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[Yoroshiku] Kekkaishi - 05 [003402E7] avi.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[Yoroshiku] Shounen Onmyouji - 09 [ACE35D3D] avi.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\Christopher Schmidt\Complete\[Yoroshiku] Shounen Onmyouji - 09 [ACE35D3D] avi.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Christopher Schmidt\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Application Data\Mozilla\Firefox\Profiles\tbzag8pg.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Christopher Schmidt\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\outlook\p.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Program Files\outlook\p.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP540\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

the HJT log won't fit here
heavyjavadrinker
2007-12-13, 05:24
and here is the HJT log:

and here is the HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:53 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Christopher Schmidt\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Christopher Schmidt\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190691454984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE287382-EF6A-4AA8-BB1B-F4512ACB3684}: NameServer = 68.87.64.146,68.87.75.194
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8684 bytes

thanks for any help you can give me!:cleaning: