PDA

View Full Version : Smitfraud, zlob & virtumonde removal


noogie60
2008-03-23, 10:20
I have benn given the task of trying to fix my parents' computer (they are elderly and unfortunately have very little idea about security).
It seems to be infected with Smitfraud, zlob & virtumonde.
I have tried the smithfraud removal tool in safe mode as well, removing the enrties in ccleaner, atfcleaner and vundofix to no avail.
Help would be much appreciated.
I have sine run Kapersky online, Spybot in safemode and HJT as instructed in the sticky.

Here is the Kapersky online log (individual email addresses have been snipped to the domain only)
Scan Statistics:
Total number of scanned objects: 82990
Number of viruses found: 8
Number of infected objects: 32
Number of suspicious objects: 0
Duration of the scan process: 02:30:51

Infected Object Name / Virus Name / Last Action
C:\cwRsyncServer\rsyncd-stderr.log Object is locked skipped
C:\cwRsyncServer\rsyncd-stdin.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12042006-113214.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nguyen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nguyen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nguyen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nguyen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nguyen\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Nguyen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nguyen\Local Settings\Temporary Internet Files\Content.IE5\N1J2O2QJ\installer_abr[1].exe Infected: Trojan.Win32.Buzus.brq skipped
C:\Documents and Settings\Nguyen\Local Settings\Temporary Internet Files\Content.IE5\N1J2O2QJ\installer_abr[2].exe Infected: Trojan.Win32.Buzus.brq skipped
C:\Documents and Settings\Nguyen\Local Settings\Temporary Internet Files\Content.IE5\Y8TGBBLV\installer_abr[1].exe Infected: Trojan.Win32.Buzus.brq skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Inbox.dbx/[From "" <@yahoo.com>][Date Wed, 15 Mar 2006 13:17:57 +0700]/UNNAMED/Attachments001.BHX Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Inbox.dbx/[From "" <@yahoo.com>][Date Wed, 15 Mar 2006 13:17:57 +0700]/UNNAMED Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Inbox.dbx/[From "" <@yahoo.com>][Date Wed, 15 Mar 2006 13:17:57 +0700]/UNNAMED/Attachments001.BHX Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Inbox.dbx/[From "" <@yahoo.com>][Date Wed, 15 Mar 2006 13:17:57 +0700]/UNNAMED Infected: Email-Worm.Win32.Nyxem.e skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Wed, 19 Nov 2003 15:55:22 +0700]/UNNAMED/Gia Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Wed, 19 Nov 2003 15:55:22 +0700]/UNNAMED Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Sat, 12 Jul 2003 10:48:25 +0700]/UNNAMED/Gia Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Sat, 12 Jul 2003 10:48:25 +0700]/UNNAMED Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\Dad's Email old\{0A4D9148-967C-4C90-99D7-B9A3D946604C}\Microsoft\Outlook Express\Vietnam.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Wed, 19 Nov 2003 15:55:22 +0700]/UNNAMED/Gia Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Wed, 19 Nov 2003 15:55:22 +0700]/UNNAMED Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Sat, 12 Jul 2003 10:48:25 +0700]/UNNAMED/Gia Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Sat, 12 Jul 2003 10:48:25 +0700]/UNNAMED Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Wed, 19 Nov 2003 15:55:22 +0700]/UNNAMED/Gia Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Wed, 19 Nov 2003 15:55:22 +0700]/UNNAMED Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Sat, 12 Jul 2003 10:48:25 +0700]/UNNAMED/Gia Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx/[From "" <@pmail.vnn.vn>][Date Sat, 12 Jul 2003 10:48:25 +0700]/UNNAMED Infected: Virus.MSExcel.Sic.e skipped
C:\Documents and Settings\Nguyen\My Documents\email\Vietnam.dbx Mail MS Outlook 5: infected - 8 skipped
C:\Documents and Settings\Nguyen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nguyen\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\SvcwRsync.NGUYENHOME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SvcwRsync.NGUYENHOME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SvcwRsync.NGUYENHOME\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\SvcwRsync.NGUYENHOME\NtUser.dat.LOG Object is locked skipped
C:\Downloads\vnc\UltraVNC-102-Setup.exe/file04 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Downloads\vnc\UltraVNC-102-Setup.exe/file05 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Downloads\vnc\UltraVNC-102-Setup.exe/file34 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Downloads\vnc\UltraVNC-102-Setup.exe Inno: infected - 3 skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\W3EGHWDA.NQF Infected: Trojan-Dropper.Win32.Small.big skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Sentinel Web\3\26.pal Object is locked skipped
C:\Sentinel Web\DATABuff.REC Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4B88CF0C-4DA7-485E-BD8F-D9AE2036EF04}\RP835\A0055306.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{4B88CF0C-4DA7-485E-BD8F-D9AE2036EF04}\RP835\A0055306.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{4B88CF0C-4DA7-485E-BD8F-D9AE2036EF04}\RP835\A0055306.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{4B88CF0C-4DA7-485E-BD8F-D9AE2036EF04}\RP835\A0055315.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{4B88CF0C-4DA7-485E-BD8F-D9AE2036EF04}\RP835\change.log Object is locked skipped
C:\WINDOWS\aflqfkw.dll Infected: not-a-virus:AdWare.Win32.Vapsup.cxm skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0CC2E6E1-15E3-4874-AA24-2BAD616EA892}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr25.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
noogie60
2008-03-23, 10:21
here is the HJT log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:01:03 PM, on 23-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Sentinel Web\OPTISAFE_Service.Exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\cwRsyncServer\bin\cygrunsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\cwRsyncServer\bin\rsync.exe
C:\Sentinel Web\UPSInt2.exe
C:\WINDOWS\horahgvy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igdoypva.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Sentinel Web\Sentinel.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Nguyen\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Suite\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [igdoypva] C:\WINDOWS\system32\igdoypva.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [VG0zEql402] C:\WINDOWS\horahgvy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujicolor.com.au/en/Photo/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD51104-B9FE-46DD-BCBA-8CFA1784899A}: NameServer = 192.168.0.1
O21 - SSODL: aflqfkw - {CBD04C25-E8E9-4197-BC9B-D1FC0245CEEC} - C:\WINDOWS\aflqfkw.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Openssh SSHD (OpenSSHServer) - Unknown owner - C:\cwRsyncServer\bin\cygrunsrv.exe
O23 - Service: OPTISAFEService - Unknown owner - C:\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RsyncServer - Unknown owner - C:\cwRsyncServer\bin\cygrunsrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9056 bytes