PDA

View Full Version : seriously infected. help. Taskmanager disabled, Smitfraud-C., Smitfraud-C.gp, zango



egrogan1
2008-04-28, 22:00
Deckard's System Scanner v20071014.68
Run by Eoin on 2008-04-28 19:05:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-04-28 17:02:16 UTC - RP607 - Windows Update
3: 2008-04-25 21:51:08 UTC - RP606 - Windows Defender Checkpoint
2: 2008-04-25 15:46:00 UTC - RP604 - Removed AVG 7.5
1: 2008-04-25 15:33:12 UTC - RP602 - Installed Ad-Aware 2007


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 10.56 GiB (less than 15%) free.


-- HijackThis (run as Eoin.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:04, on 28/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wmsdkns.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Eoin\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Eoin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - C:\Windows\system32\khfCtsRk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\Windows\system32\hgGvtSkl.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGvtSkl.dll,#1
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [BM3a2b1158] Rundll32.exe "C:\Windows\system32\yvfsnrdr.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA4200] command /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3996] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5079] command /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8460] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA673] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC444] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1039] command /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2090] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1763] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC315] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2293] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3280] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3147] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7958] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3930] command /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1626] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6712] command /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4767] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9078] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1397] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8426] command /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5643] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5406] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6113] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB698] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9873] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3282] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD524] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: GpsGate.lnk.disabled
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16199 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071010-171806-718 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 AFS - c:\windows\system32\drivers\afs.sys <Not Verified; Oak Technology Inc.; AFS>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>

S0 MFX - c:\windows\system32\drivers\mfx.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 ColdFusion MX Application Server - "c:\cfusionmx\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
R2 ColdFusion MX ODBC Agent - c:\cfusionmx\db\slserver52\bin\swagent.exe "coldfusion mx odbc agent"
R2 ColdFusion MX ODBC Server - c:\cfusionmx\db\slserver52\bin\swstrtr.exe "coldfusion mx odbc server"
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 RelevantKnowledge - c:\windows\system32\rlservice.exe /service <Not Verified; RelevantKnowledge; RelevantKnowledge>

S2 MySQL - "c:\program files\mysql\mysql server 6.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 6.0\my.ini" mysql (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 stllssvr -
S4 iSafer (iSafer - Personal Firewall) -
S4 NMIndexingService -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: Slimtype DVD A DS8AZH ATA Device
PNP Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
Service: cdrom

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Dm12
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Dm12
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 15:21:43 406 --a------ C:\Windows\Tasks\Norton Security Scan.job
2007-11-14 09:38:12 370 --a------ C:\Windows\Tasks\RegCure.job
2007-11-14 09:38:12 436 --a------ C:\Windows\Tasks\RegCure Program Check.job
2007-11-14 01:25:00 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job


-- Files created between 2008-03-28 and 2008-04-28 -----------------------------

2008-04-28 19:05:21 14080 --a------ C:\Windows\stcloader.exe
2008-04-28 19:05:19 10752 --a------ C:\Windows\2020search2.dll
2008-04-28 19:05:19 8192 --a------ C:\Windows\2020search.dll
2008-04-28 18:06:17 37888 --a------ C:\Windows\system32\hgGvtSkl.dll
2008-04-27 20:59:39 370945 --ahs---- C:\Windows\system32\RuBJlUvw.ini2
2008-04-26 20:11:44 11776 --a------ C:\Windows\bokja.exe
2008-04-26 02:06:07 32512 --a------ C:\Windows\saiemod.dll
2008-04-26 01:05:26 25088 --a------ C:\Windows\swin32.dll
2008-04-25 16:10:32 28672 --a------ C:\Windows\voiceip.dll
2008-04-25 16:10:32 9728 --a------ C:\Windows\cdsm32.dll
2008-04-25 16:10:31 13312 --a------ C:\Windows\mssvr.exe
2008-04-25 16:10:31 20992 --a------ C:\Windows\mspphe.dll
2008-04-25 16:10:31 14848 --a------ C:\Windows\bjam.dll
2008-04-25 16:10:26 15360 --a------ C:\Windows\msapasrc.dll
2008-04-25 16:10:26 22016 --a------ C:\Windows\msa64chk.dll
2008-04-25 16:10:25 21504 --a------ C:\Windows\shdocpl.dll
2008-04-25 16:10:25 14592 --a------ C:\Windows\shdocpe.dll
2008-04-25 16:10:25 21504 --a------ C:\Windows\ntnut.exe
2008-04-25 16:10:24 24320 --a------ C:\Windows\winsb.dll
2008-04-25 16:10:24 22272 --a------ C:\Windows\browserad.dll
2008-04-25 16:10:24 19968 --a------ C:\Windows\aviwrap32.dll
2008-04-25 16:10:24 24320 --a------ C:\Windows\avisynthex32.dll
2008-04-25 16:10:24 32000 --a------ C:\Windows\avifile32.dll
2008-04-25 16:10:23 23552 --a------ C:\Windows\autodisc32.dll
2008-04-25 16:10:23 28160 --a------ C:\Windows\audiosrv32.dll
2008-04-25 16:10:23 19200 --a------ C:\Windows\ati2dvag32.dll
2008-04-25 16:10:23 23296 --a------ C:\Windows\ati2dvaa32.dll
2008-04-25 16:10:23 21504 --a------ C:\Windows\athprxy32.dll
2008-04-25 16:10:22 29952 --a------ C:\Windows\changeurl_30.dll
2008-04-25 16:10:22 32512 --a------ C:\Windows\asycfilt32.dll
2008-04-25 16:10:22 8704 --a------ C:\Windows\asferror32.dll
2008-04-25 16:10:22 15872 --a------ C:\Windows\apphelp32.dll
2008-04-25 15:46:02 0 d-------- C:\Program Files\Bat
2008-04-25 15:44:51 4 --a------ C:\Windows\system32\winfrun32.bin
2008-04-25 15:44:36 88491 --a------ C:\Windows\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-25 15:44:36 88491 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-25 15:43:58 0 d-------- C:\Program Files\Thinstall.VS
2008-04-25 15:42:26 38400 --a------ C:\Windows\system32\iifCVPfG.dll
2008-04-25 14:52:34 691545 --a------ C:\Windows\unins000.exe
2008-04-25 14:52:34 2535 --a------ C:\Windows\unins000.dat
2008-04-24 21:59:16 39936 --a------ C:\Windows\system32\jkkIXqpn.dll
2008-04-24 21:59:15 39936 --a------ C:\Windows\system32\geBspoNf.dll
2008-04-24 21:52:31 0 d-------- C:\Program Files\ClamWin
2008-04-24 21:42:18 372459 --ahs---- C:\Windows\system32\kRstCfhk.ini2
2008-04-24 21:42:13 272384 -----n--- C:\Windows\system32\khfCtsRk.dll
2008-04-24 19:08:00 0 d-------- C:\Program Files\Spyware Doctor
2008-04-24 18:58:43 0 d-------- C:\Program Files\Norton Security Scan
2008-04-08 23:09:36 0 d-------- C:\Program Files\NFR
2008-04-08 23:05:08 0 d-------- C:\PCPRO
2008-04-08 23:03:57 0 d-------- C:\Program Files\MOBv2
2008-04-08 21:47:00 8 --a------ C:\Windows\system32\Urncb.dll
2008-04-02 21:03:33 0 d-------- C:\Program Files\Freeware PDF Unlocker
2008-04-01 15:32:37 0 d-------- C:\Program Files\Packet Tracer 4.11


-- Find3M Report ---------------------------------------------------------------

2008-04-28 19:18:43 0 d-------- C:\Users\Eoin\AppData\Roaming\Azureus
2008-04-28 18:53:40 0 d-------- C:\Users\Eoin\AppData\Roaming\KompoZer
2008-04-28 18:07:32 21 --a------ C:\qpmd8376.bin
2008-04-28 18:03:29 3308 --a------ C:\Windows\bthservsdp.dat
2008-04-28 17:39:51 0 d-------- C:\Program Files\UZC Trial
2008-04-28 17:39:37 0 d-------- C:\Program Files\Sony Ericsson
2008-04-26 21:33:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-26 01:44:37 12978 --a------ C:\Users\Eoin\AppData\Roaming\nvModes.001
2008-04-26 01:17:13 0 d-------- C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
2008-04-25 16:53:30 554 --a------ C:\sccfg.sys
2008-04-25 16:35:33 0 d-------- C:\Program Files\Lavasoft
2008-04-25 16:32:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 15:42:28 0 d-------- C:\Users\Eoin\AppData\Roaming\Downloaded Installations
2008-04-24 21:59:18 0 d-------- C:\Users\Eoin\AppData\Roaming\Thinstall
2008-04-24 21:53:50 0 d-------- C:\Users\Eoin\AppData\Roaming\.clamwin
2008-04-24 21:32:39 0 d-------- C:\Users\Eoin\AppData\Roaming\WinCare2008
2008-04-24 19:08:00 0 d-------- C:\Users\Eoin\AppData\Roaming\PC Tools
2008-04-24 18:59:58 0 --a------ C:\Users\Eoin\AppData\Roaming\.googlewebacchosts
2008-04-24 18:54:18 0 d-------- C:\Program Files\Google
2008-04-18 13:17:11 0 d-------- C:\Users\Eoin\AppData\Roaming\VMware
2008-04-17 16:42:32 0 d-------- C:\Program Files\Azureus
2008-04-15 19:15:12 0 d-------- C:\Program Files\Common Files
2008-04-10 13:18:58 0 d-------- C:\Program Files\Windows Mail
2008-04-09 21:19:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-31 12:46:14 536784 --a------ C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-26 15:43:53 0 d-------- C:\Program Files\Elaborate Bytes
2008-03-23 22:25:11 0 d-------- C:\Program Files\HCScript
2008-03-23 21:13:56 0 d-------- C:\Program Files\Folder Lock
2008-03-21 23:01:22 0 d-------- C:\Program Files\Mindscape
2008-03-20 21:58:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Apple Computer
2008-03-20 21:39:06 0 d-------- C:\Program Files\iTunes
2008-03-20 21:38:35 0 d-------- C:\Program Files\iPod
2008-03-12 23:36:38 0 d-------- C:\Program Files\LaceLevel2GDS
2008-03-12 23:17:54 0 d-------- C:\Users\Eoin\AppData\Roaming\Intel
2008-03-12 23:17:53 0 d-------- C:\Program Files\Intel
2008-03-05 11:16:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 18:11:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-03 18:10:59 0 d-------- C:\Program Files\Common Files\Real
2008-03-01 19:55:33 0 d-------- C:\Users\Eoin\AppData\Roaming\Real
2008-03-01 15:59:59 0 d-------- C:\Users\Eoin\AppData\Roaming\AVG7
2008-02-29 23:55:40 0 d-------- C:\Program Files\Cell Phone Manager
2008-02-29 23:23:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Systweak
2008-02-29 23:23:00 0 d-------- C:\Program Files\Advanced System Optimizer
2008-02-26 19:26:19 73 --a------ C:\Windows\system32\ssprs.dll
2008-02-26 19:26:17 336 --a------ C:\Windows\system32\lsprst7.dll
2008-02-25 23:57:00 75 --a------ C:\Windows\Memory
2008-02-25 23:57:00 74 --a------ C:\Windows\Logic
2008-02-25 23:53:48 76 --a------ C:\Windows\Spatial
2008-02-25 23:50:12 78 --a------ C:\Windows\Numerical
2008-02-25 23:48:50 75 --a------ C:\Windows\Verbal
2008-02-25 23:48:14 73 --a------ C:\Windows\Times New Roman
2008-02-25 23:48:14 454 --a------ C:\Windows\0
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\sysprs7.dll
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth2.dll
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth1.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01D7F8D2-56DB-4327-A992-00ACE6684580}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D6E387-53ED-41B7-9F02-DD9E615DFB2B}]
24/04/2008 21:42 272384 --------- C:\Windows\system32\khfCtsRk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A72E4F7F-F506-4898-B609-FF892745A1F5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]
24/04/2008 21:37 37888 --a------ C:\Windows\system32\hgGvtSkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/04/2007 00:07]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [18/10/2006 18:56]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/03/2008 18:08]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 06:02]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [25/11/2006 00:33]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 19:58]
"MSServer"="C:\Windows\system32\hgGvtSkl.dll" [24/04/2008 21:37]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [18/10/2006 18:32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 08:11]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/06/2007 09:12]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [19/04/2008 16:35]
"BM3a2b1158"="C:\Windows\system32\yvfsnrdr.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 22:30]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB3930"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingD1626"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingB6712"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingD4767"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingB9078"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingD1397"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingB8426"=command /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingD5643"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingB5406"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingD6113"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingB698"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingD9873"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingB3282"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
"SpybotDeletingD524"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA4200"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingC3996"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingA5079"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingC8460"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingA673"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingC444"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingA1039"=command /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingC2090"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingA1763"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingC315"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingA2293"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingC3280"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingA3147"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
"SpybotDeletingC7958"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"

C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [25/04/2008 15:45:58]
GpsGate.lnk.disabled [15/12/2007 15:16:35]
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [30/08/2007 12:40:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\Windows\system32\hgGvtSkl.dll [24/04/2008 21:37 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]
winpto32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\khfCtsRk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTRegRun"=C:\Windows\CTRegRun.EXE
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
"<NO NAME>"=
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"win32"=win32.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"win32"=win32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1367c3-c478-11dc-b0dc-001636e944a6}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36571902-a6af-11dc-ad11-9dcbe14d6b3d}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
- Cn911.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-28 19:21:59 ------------

Shaba
2008-04-29, 16:59
Hi egrogan1

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

egrogan1
2008-04-30, 01:49
hey, thanks very much. that seems to have worked. here's that file


ComboFix 08-04-29.3 - Eoin 2008-04-29 23:19:46.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.907 [GMT 1:00]
Running from: C:\Users\Eoin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Windows\123messenger.per
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\apphelp32.dll
C:\Windows\asferror32.dll
C:\Windows\asycfilt32.dll
C:\Windows\athprxy32.dll
C:\Windows\ati2dvaa32.dll
C:\Windows\ati2dvag32.dll
C:\Windows\audiosrv32.dll
C:\Windows\autodisc32.dll
C:\Windows\avifile32.dll
C:\Windows\avisynthex32.dll
C:\Windows\aviwrap32.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\browserad.dll
C:\Windows\cdsm32.dll
C:\Windows\changeurl_30.dll
C:\Windows\default.htm
C:\Windows\didduid.ini
C:\Windows\lfn.exe
C:\Windows\licencia.txt
C:\Windows\mainms.vpi
C:\Windows\megavid.cdt
C:\Windows\msa64chk.dll
C:\Windows\msapasrc.dll
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\muotr.so
C:\Windows\ntnut.exe
C:\Windows\saiemod.dll
C:\Windows\shdocpe.dll
C:\Windows\shdocpl.dll
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\system32\cictlvvx.dll
C:\Windows\system32\fccbCuvT.dll
C:\Windows\system32\fcccbxvt.dll
C:\Windows\system32\geBspoNf.dll
C:\Windows\system32\gupwngnw.ini
C:\Windows\system32\iifCVPfG.dll
C:\Windows\system32\jkkIXqpn.dll
C:\Windows\system32\khfCtsRk.dll
C:\Windows\System32\kRstCfhk.ini
C:\Windows\System32\kRstCfhk.ini2
C:\Windows\System32\lbgdjdqo.ini
C:\Windows\system32\lsprst7.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nrjjwnmi.dll
C:\Windows\system32\ntlenshe.dll
C:\Windows\system32\onoavnok.dll
C:\Windows\system32\oqdjdgbl.dll
C:\Windows\system32\rqRJYrSK.dll
C:\Windows\System32\RuBJlUvw.ini
C:\Windows\System32\RuBJlUvw.ini2
C:\Windows\system32\ssprs.dll
C:\Windows\system32\uqvnwtuk.dll
C:\Windows\system32\Urncb.dll
C:\Windows\system32\urqNGvwV.dll
C:\Windows\system32\vtUlJdAp.dll
C:\Windows\system32\winfrun32.bin
C:\Windows\system32\wmsdkns.exe
C:\Windows\system32\wtssvtr32.exe
C:\Windows\telefonos.txt
C:\Windows\textos.txt
C:\Windows\voiceip.dll
C:\Windows\winsb.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 22:31 21 ----a-w C:\qpmd8376.bin
2008-04-29 22:28 --------- d-----w C:\Users\Eoin\AppData\Roaming\Azureus
2008-04-29 22:05 --------- d-----w C:\ProgramData\Google Updater
2008-04-29 22:02 --------- d-----w C:\Users\Eoin\AppData\Roaming\Malwarebytes
2008-04-29 22:02 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-29 22:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 20:50 --------- d-----w C:\ProgramData\VMware
2008-04-29 18:11 --------- d-----w C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
2008-04-29 07:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-28 19:55 --------- d-----w C:\Program Files\Freeware PDF Unlocker
2008-04-28 19:53 --------- d-----w C:\Program Files\WinPcap
2008-04-28 19:52 --------- d-----w C:\Program Files\ElcomSoft
2008-04-28 17:53 --------- d-----w C:\Users\Eoin\AppData\Roaming\KompoZer
2008-04-28 16:39 --------- d-----w C:\Program Files\UZC Trial
2008-04-28 16:39 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-26 20:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 15:53 554 ----a-w C:\sccfg.sys
2008-04-25 15:53 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-25 15:37 --------- d-----w C:\ProgramData\Lavasoft
2008-04-25 15:35 --------- d-----w C:\Program Files\Lavasoft
2008-04-25 15:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 14:50 --------- d-----w C:\ProgramData\Rabio
2008-04-25 14:48 --------- d-----w C:\Program Files\Bat
2008-04-25 14:47 --------- d-----w C:\Program Files\Thinstall.VS
2008-04-25 14:42 --------- d-----w C:\Users\Eoin\AppData\Roaming\Downloaded Installations
2008-04-25 14:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-25 13:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-25 13:43 691,545 ----a-w C:\Windows\unins000.exe
2008-04-24 20:59 --------- d-----w C:\Users\Eoin\AppData\Roaming\Thinstall
2008-04-24 20:53 --------- d-----w C:\Users\Eoin\AppData\Roaming\.clamwin
2008-04-24 20:52 --------- d-----w C:\ProgramData\.clamwin
2008-04-24 20:52 --------- d-----w C:\Program Files\ClamWin
2008-04-24 20:32 --------- d-----w C:\Users\Eoin\AppData\Roaming\WinCare2008
2008-04-24 18:20 --------- d---a-w C:\ProgramData\TEMP
2008-04-24 18:09 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-24 18:08 --------- d-----w C:\Users\Eoin\AppData\Roaming\PC Tools
2008-04-24 17:54 --------- d-----w C:\Program Files\Google
2008-04-18 12:17 --------- d-----w C:\Users\Eoin\AppData\Roaming\VMware
2008-04-17 15:42 --------- d-----w C:\Program Files\Azureus
2008-04-10 12:18 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 20:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 22:09 --------- d-----w C:\Program Files\NFR
2008-04-08 22:04 --------- d-----w C:\Program Files\MOBv2
2008-04-01 14:33 --------- d-----w C:\Program Files\Packet Tracer 4.11
2008-03-31 11:46 536,784 ----a-w C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-26 14:43 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-23 21:25 --------- d-----w C:\Program Files\HCScript
2008-03-23 20:13 --------- d-----w C:\Program Files\Folder Lock
2008-03-21 22:01 --------- d-----w C:\Program Files\Mindscape
2008-03-20 20:58 --------- d-----w C:\Users\Eoin\AppData\Roaming\Apple Computer
2008-03-20 20:39 --------- d-----w C:\Program Files\iTunes
2008-03-20 20:38 --------- d-----w C:\ProgramData\Apple Computer
2008-03-20 20:38 --------- d-----w C:\Program Files\iPod
2008-03-14 12:17 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 22:36 --------- d-----w C:\Program Files\LaceLevel2GDS
2008-03-12 22:17 --------- d-----w C:\Users\Eoin\AppData\Roaming\Intel
2008-03-12 22:17 --------- d-----w C:\Program Files\Intel
2008-03-06 18:12 --------- d-----w C:\ProgramData\Sony Ericsson
2008-03-05 10:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-03 17:11 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-03 17:10 --------- d-----w C:\Program Files\Common Files\Real
2008-03-01 14:59 --------- d-----w C:\Users\Eoin\AppData\Roaming\AVG7
2008-02-29 22:55 --------- d-----w C:\Program Files\Cell Phone Manager
2008-02-29 22:23 --------- d-----w C:\Users\Eoin\AppData\Roaming\Systweak
2008-02-29 22:23 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 03:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 03:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 03:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-16 03:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 03:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-08-31 02:20 174 --sha-w C:\Program Files\desktop.ini
2007-05-03 16:36 12,978 ----a-w C:\Users\Eoin\AppData\Roaming\nvModes.dat
2007-05-02 01:37 30,357 ----a-w C:\Users\Eoin\menu3.zip
2007-05-02 01:37 184,790 ----a-w C:\Users\Eoin\menu015try.zip
2007-05-02 01:37 125,141 ----a-w C:\Users\Eoin\menu4.zip
2007-05-02 01:36 32,308 ----a-w C:\Users\Eoin\menu2.zip
2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0009\tmpA24C.tmp
2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0000\tmpA24C.tmp
2007-03-03 17:34 0 ----a-w C:\Users\Eoin\AppData\Roaming\wklnhst.dat
2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2007-05-10 23:11 56 --sha-r C:\Windows\System32\AEBD113E2B.sys
2007-09-16 21:52 1,890 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 22:30 249856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-12 00:07 1006264]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 18:56 317152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-03 18:08 185896]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-25 00:33 167936]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 19:58 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 18:32 472800]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12 71176]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 16:35 77824]

C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [2008-04-25 15:45:58 178419]
GpsGate.lnk.disabled [2007-12-15 15:16:35 727]
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-08-30 12:40:18 967680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]
winpto32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTRegRun"=C:\Windows\CTRegRun.EXE
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
"<NO NAME>"=
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"win32"=win32.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"win32"=win32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C44FE2CB-3481-4FBF-A5F3-B2FABE8CC8B7}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{188B4E3A-3F51-4A7B-A1C0-2820E27496CA}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"TCP Query User{27C3463E-256C-4ED3-8FE0-EB259A9922A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{ECCE41E4-72AC-4F5B-8CE5-D0C43ADF8284}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E33A3EE7-8792-41C5-9668-06D5A06D5053}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
"UDP Query User{1F397FCB-1A91-4FA6-BBC2-43D0CD0F38B5}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
"TCP Query User{D301CEEB-ABC7-4281-B7A9-B54E284E11CF}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{BFC33E59-3570-49DC-8A90-7A1B227E2003}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{29BBA6C7-300D-42D4-9CF5-68C27829829B}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{B317AD82-1ED5-40D6-B464-3EA434EAEBC9}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{755898F7-C334-434A-ACAA-26296C755950}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{713370D8-C926-45D9-8E9F-3CB415C38128}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{12EF38DD-32CA-4056-B125-ACA178E455F8}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{513DFAC5-EFE8-4C59-9ABB-01A2DD27B921}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{A9FFC76B-D956-477B-8C4A-7EB6C12C4BA5}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{F420B305-9AAF-406C-B08E-1F15CF64228A}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{CF4AEA11-9AB7-48F4-915D-329A5E943C2C}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{5F70D864-796D-47E7-B768-B76BB747C514}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"TCP Query User{79F51C64-6F48-422A-BAA2-DBF066FC5E0B}C:\\program files\\bzflag2.0.8\\bzflag.exe"= UDP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
"UDP Query User{DA2874DE-C06D-45FE-A9CD-3D360D447285}C:\\program files\\bzflag2.0.8\\bzflag.exe"= TCP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
"TCP Query User{2EE415E1-E854-4467-8A95-23100A4938CF}C:\\program files\\ircontrol\\irserver.exe"= UDP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
"UDP Query User{D8AEB950-D728-4F71-8672-209C92049B86}C:\\program files\\ircontrol\\irserver.exe"= TCP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
"TCP Query User{62B2583D-2781-4435-99EE-55DEB64AF067}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{910C5ACA-299A-46DE-AC08-5A8D4C59393A}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6572FA1D-CD2E-46D9-957E-1C07FE55A0C3}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{F558A4B3-FBD2-45CB-9576-15C8500FD3A9}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"{02A329AF-C624-4373-B7E2-9B2DB3FD3D8D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C3B6C4B9-C6AB-4DE1-884F-47B18EA9F568}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{62BF94D5-9554-48DE-AD16-7675D4859FE9}C:\\program files\\lanhelper\\lanhelper.exe"= UDP:C:\program files\lanhelper\lanhelper.exe:LanHelper
"UDP Query User{A5B80441-DFD9-47B3-A3D2-A5FDC5C3E058}C:\\program files\\lanhelper\\lanhelper.exe"= TCP:C:\program files\lanhelper\lanhelper.exe:LanHelper
"TCP Query User{A4819CB2-182B-4FD7-AF79-654A08696F0F}C:\\windows\\system32\\win32.exe"= UDP:C:\windows\system32\win32.exe:win32
"UDP Query User{A612699F-046F-42FA-BE3B-29346A6FEFDF}C:\\windows\\system32\\win32.exe"= TCP:C:\windows\system32\win32.exe:win32
"TCP Query User{0E5C01F0-6724-4743-9F83-D0DD1C245F6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3AF82318-F002-4CC4-97A9-CD8B73D34E25}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{317F486D-E12F-4739-B30F-7C4AE83DB813}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"UDP Query User{1FE3B78C-C42F-4339-8DC1-ABDADCD13B67}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"TCP Query User{D7DE3678-CB81-4D86-8ADF-5871F26FEB30}C:\\program files\\software602\\602lan suite\\lansuite.exe"= UDP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
"UDP Query User{2C4448CC-9403-49CC-9EB2-4C50BE4AF11C}C:\\program files\\software602\\602lan suite\\lansuite.exe"= TCP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
"TCP Query User{122DBDF8-E22D-456A-BC7B-87381E482007}C:\\program files\\winhttrack\\winhttrack.exe"= UDP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
"UDP Query User{C325A83E-F4EE-4F5D-BCBB-219A4F1C6CA6}C:\\program files\\winhttrack\\winhttrack.exe"= TCP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
"TCP Query User{409BEF95-6FC5-499C-84F0-FCA0593E537C}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= UDP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
"UDP Query User{B26E29C1-895A-4530-8BF2-E21B13C6622A}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= TCP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
"TCP Query User{218C4ED3-D71A-4C7C-A623-85B247D65541}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
"UDP Query User{6A67A492-5B9E-47E5-BA56-10CA437A5A97}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
"TCP Query User{B110815C-2272-401D-B354-FA5E0C478DE5}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2BE1654A-BF55-4883-A94F-423FBB46ED61}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{D33BA580-DC8A-434F-859B-04C394AB8575}C:\\program files\\printeranywhere\\paconsole.exe"= UDP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
"UDP Query User{6A4A7029-4FE8-4BD7-97A7-5E6C3A7ADE83}C:\\program files\\printeranywhere\\paconsole.exe"= TCP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
"TCP Query User{A8EFB8E0-63B2-412E-B064-70B4EE7D9224}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= UDP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
"UDP Query User{A02F2CAF-5E69-4846-915C-B65DCFE1A361}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= TCP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
"TCP Query User{AFDB44F8-7978-442A-9129-A61F84B6444D}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"UDP Query User{A7BB86C4-91E3-4AC4-9804-99D5AEE071A1}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"TCP Query User{8939DC1F-0A47-4C56-9924-3E0A49DA8C19}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{A13A1466-617E-49B0-82D3-6E1AF5BE0569}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{ECDAC532-BD4D-408F-BD41-5D625CCA9C46}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{468D8920-30DA-4AD3-BF7A-D57E171941B3}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{B6783685-E473-41B4-BE9D-4398017C4D54}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= UDP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
"UDP Query User{459BCF29-1E44-4953-8443-AFDEDE57B48B}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= TCP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
"TCP Query User{DBE77AC5-984E-44B4-976B-87C1EA629CCB}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"UDP Query User{23E75A70-2BF3-42FE-A4E7-82B0331E45ED}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"TCP Query User{692E9D1D-7BC5-40D3-8A84-F3D31E83DE87}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"UDP Query User{0E23CF64-AE0F-4D62-9902-6C00CF0F94C3}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"TCP Query User{92901270-D66B-41BA-96C1-EA6803A427F2}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
"UDP Query User{E30F714D-D7AD-4D26-88B8-6FF141782A92}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
"TCP Query User{1ED80795-E7EF-413E-884D-B583102BF45A}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= UDP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{60D4A8EE-AC74-425A-A140-A69BB0CD17A1}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= TCP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{F81C2E42-C615-4AAF-A028-1E142B3B5E1F}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{72B80CA4-84EF-474A-9F2F-7A4295CD5529}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager
"{15C4A70A-6403-49EC-8B2B-3E5594577CB7}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{DF489AFB-5603-4E7D-8E5D-E0D6D2974F15}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{0B1E84C4-3B2A-430F-9A79-7432269993CF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{12263D06-480C-4FE4-AD25-9D06306F48AA}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"UDP Query User{34A02684-D24A-4CA1-8D72-47591482ADE7}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"TCP Query User{BF29EB53-6D26-493D-841B-B0B55015ACE6}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"UDP Query User{DE1F1B2C-EF75-46EC-B0C0-EE74D26EF30D}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"TCP Query User{9FE57C8A-7CA5-43BD-B917-B982B2AFAF84}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"UDP Query User{C4F38A2D-E526-429B-A5E0-251B8C9CCB89}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"TCP Query User{82A8F417-40D2-4EA8-9E16-E0BCEAE1313F}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"UDP Query User{6460D90C-3C5C-42AC-A249-0C14AE3119A2}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"TCP Query User{DC646897-A69E-41E3-A995-DF59BDE1FD76}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"UDP Query User{BF11F33D-2197-4667-A5D6-AEC8C3BF440A}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"TCP Query User{2916E70F-2A86-461F-B806-C4B0485C3C7B}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"UDP Query User{8B9DFB14-E146-47DD-940D-75855A519D8E}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"TCP Query User{8CDB1622-263E-4DE6-8462-24A6C74A9528}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{E17D0939-5B3E-4506-BA59-FDCD53633D65}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
"{93DDBCCF-473B-469F-8057-6EDDDC25C96C}"= UDP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
"{7A69DFBB-067F-40E4-BAE8-9FFC9FB324F7}"= TCP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{95345637-FB24-4F17-B463-A89E8F353A5A}C:\\program files\\net tools\\nettools5.exe"= UDP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
"UDP Query User{49542D88-5B1A-4A47-B763-1DBA63B6AD0D}C:\\program files\\net tools\\nettools5.exe"= TCP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
"TCP Query User{E15B006E-3176-48AA-838B-8ED6847E01DB}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= UDP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
"UDP Query User{11820745-F4A7-48BF-93FB-ED73509459A4}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= TCP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
"{547C8FF0-71C1-4E26-854F-FF726EDAF31C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{4E61C821-09DA-4ED4-B979-CBE2928821B2}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EFB1BC85-9420-4AF6-84D7-588037D135C3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{086064AD-E3FF-4E9C-9CA5-458C230596E1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7E6081F6-0E36-4B54-8BC6-3F80D4D6BBDF}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{945E2144-BA2C-425C-A3BF-5C6F555AE164}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"{414752C9-B471-49E9-B9A4-B3C2C10BA9B0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D038A45C-94EB-43A5-B3BB-FCB77629F8CB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{87B09E58-FACD-4098-BE48-E9D62C3BDEFE}C:\\windows\\system32\\rlvknlg.exe"= UDP:C:\windows\system32\rlvknlg.exe:rlvknlg.exe
"{B6B99E3B-D1FF-4983-A4EC-389E4DB15B63}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"{E222D3CD-8A07-4F22-A8E0-E6C10CA7D4B9}"= UDP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
"{028FE1AA-816F-43E8-9F3E-BA046911B995}"= TCP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{24B5CAAC-EFC6-4DCC-A42E-7BF789DD2F1E}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= UDP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
"UDP Query User{53D2DE27-FCD1-435F-A2DB-7076C7F21D82}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= TCP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
"{64901ED3-BA96-418E-85E8-B4716880EE7D}"= UDP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe
"{88D1E12C-30ED-4A16-9563-2043886FD70C}"= TCP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-05-23 23:05]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R2 gfi_lnss8_attservice;GFI LANguard N.S.S. 8.0 Attendant Service;"C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 21:44]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]
S0 MFX;MFX;C:\Windows\system32\drivers\MFX.sys [2006-09-01 16:55]
S3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 13:17]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
\shell\Auto\command - Cn911.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-25 14:21:43 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-14 08:38:12 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-14 08:38:12 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-14 00:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 23:31:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Bat\X_Bat.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-04-29 23:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 22:43:09

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

437 --- E O F --- 2008-04-29 07:03:58

Shaba
2008-04-30, 15:27
Hi

Please post also a fresh HijackThis log :)

egrogan1
2008-05-05, 01:29
Logfile of HijackThis v1.99.1
Scan saved at 23:28:25, on 04/05/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eoin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Startup: GpsGate.lnk.disabled
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Shaba
2008-05-05, 16:40
Hi

Please post back a fresh HijackThis log with version 2.0.2 :)

egrogan1
2008-05-07, 22:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:06, on 07/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
O4 - Startup: GpsGate.lnk.disabled
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14283 bytes

Shaba
2008-05-08, 16:56
Hi

TeaTimer is still enabled. Please disable it now.

After that:

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)

Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\Windows\system32\rlservice.exe

Driver::
RelevantKnowledge

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"win32"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"win32"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

egrogan1
2008-05-09, 03:12
ComboFix 08-05-08.1 - Eoin 2008-05-09 0:44:25.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1195 [GMT 1:00]
Running from: C:\Users\Eoin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Eoin\Desktop\CFScript.txt

FILE ::
C:\Windows\system32\rlservice.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Rabio
C:\Windows\system32\rlservice.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge


((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 23:54 --------- d-----w C:\ProgramData\VMware
2008-05-08 23:53 21 ----a-w C:\qpmd8376.bin
2008-05-08 23:35 --------- d-----w C:\Users\Eoin\AppData\Roaming\Azureus
2008-05-08 22:58 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-08 11:41 --------- d-----w C:\ProgramData\Google Updater
2008-05-07 15:27 --------- d-----w C:\Users\Eoin\AppData\Roaming\VMware
2008-05-07 11:48 --------- d-----w C:\ProgramData\Apple Computer
2008-05-07 11:48 --------- d-----w C:\Program Files\iTunes
2008-05-07 11:48 --------- d-----w C:\Program Files\iPod
2008-05-07 11:35 --------- d-----w C:\Program Files\QuickTime
2008-05-07 11:17 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-07 11:08 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 09:58 --------- d-----w C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
2008-05-07 09:17 --------- d-----w C:\Program Files\CCleaner
2008-05-06 18:09 --------- d-----w C:\Users\Eoin\AppData\Roaming\Winamp
2008-05-06 14:09 --------- d-----w C:\Program Files\Winamp
2008-05-02 15:27 12,978 ----a-w C:\Users\Eoin\AppData\Roaming\nvModes.dat
2008-05-01 21:08 --------- d-----w C:\Program Files\Common Files\L&H
2008-05-01 21:06 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-01 20:22 --------- d-----w C:\Users\Eoin\AppData\Roaming\Thinstall
2008-04-30 23:05 --------- d-----w C:\Users\Eoin\AppData\Roaming\ErrorKiller
2008-04-30 20:40 --------- d-----w C:\Program Files\HP
2008-04-30 16:03 --------- d-----w C:\Program Files\Bat
2008-04-30 16:00 --------- d-----w C:\Program Files\Net Tools
2008-04-29 23:05 67,080 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-04-29 23:04 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-04-29 23:04 --------- d-----w C:\ProgramData\avg8
2008-04-29 23:04 --------- d-----w C:\Program Files\AVG
2008-04-29 22:02 --------- d-----w C:\Users\Eoin\AppData\Roaming\Malwarebytes
2008-04-29 22:02 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-29 22:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 07:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-28 19:55 --------- d-----w C:\Program Files\Freeware PDF Unlocker
2008-04-28 19:53 --------- d-----w C:\Program Files\WinPcap
2008-04-28 19:52 --------- d-----w C:\Program Files\ElcomSoft
2008-04-28 17:53 --------- d-----w C:\Users\Eoin\AppData\Roaming\KompoZer
2008-04-28 16:39 --------- d-----w C:\Program Files\UZC Trial
2008-04-28 16:39 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-26 20:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 15:53 554 ----a-w C:\sccfg.sys
2008-04-25 15:53 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-25 15:37 --------- d-----w C:\ProgramData\Lavasoft
2008-04-25 15:35 --------- d-----w C:\Program Files\Lavasoft
2008-04-25 15:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 14:47 --------- d-----w C:\Program Files\Thinstall.VS
2008-04-25 14:42 --------- d-----w C:\Users\Eoin\AppData\Roaming\Downloaded Installations
2008-04-25 13:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-25 13:43 691,545 ----a-w C:\Windows\unins000.exe
2008-04-24 20:32 --------- d-----w C:\Users\Eoin\AppData\Roaming\WinCare2008
2008-04-24 18:20 --------- d---a-w C:\ProgramData\TEMP
2008-04-24 18:09 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-24 18:08 --------- d-----w C:\Users\Eoin\AppData\Roaming\PC Tools
2008-04-24 17:54 --------- d-----w C:\Program Files\Google
2008-04-17 15:42 --------- d-----w C:\Program Files\Azureus
2008-04-10 12:18 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 20:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 22:09 --------- d-----w C:\Program Files\NFR
2008-04-08 22:04 --------- d-----w C:\Program Files\MOBv2
2008-04-01 14:33 --------- d-----w C:\Program Files\Packet Tracer 4.11
2008-03-31 11:46 536,784 ----a-w C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-26 14:43 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-23 21:25 --------- d-----w C:\Program Files\HCScript
2008-03-23 20:13 --------- d-----w C:\Program Files\Folder Lock
2008-03-21 22:01 --------- d-----w C:\Program Files\Mindscape
2008-03-20 20:58 --------- d-----w C:\Users\Eoin\AppData\Roaming\Apple Computer
2008-03-12 22:36 --------- d-----w C:\Program Files\LaceLevel2GDS
2008-03-12 22:17 --------- d-----w C:\Users\Eoin\AppData\Roaming\Intel
2008-03-12 22:17 --------- d-----w C:\Program Files\Intel
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 03:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 03:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 03:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-16 03:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 03:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-08-31 02:20 174 --sha-w C:\Program Files\desktop.ini
2007-05-02 01:37 30,357 ----a-w C:\Users\Eoin\menu3.zip
2007-05-02 01:37 184,790 ----a-w C:\Users\Eoin\menu015try.zip
2007-05-02 01:37 125,141 ----a-w C:\Users\Eoin\menu4.zip
2007-05-02 01:36 32,308 ----a-w C:\Users\Eoin\menu2.zip
2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0009\tmpA24C.tmp
2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0000\tmpA24C.tmp
2007-03-03 17:34 0 ----a-w C:\Users\Eoin\AppData\Roaming\wklnhst.dat
2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-01-28 18:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-28 18:24 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-28 18:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-05-10 23:11 56 --sha-r C:\Windows\System32\AEBD113E2B.sys
2007-09-16 21:52 1,890 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01D7F8D2-56DB-4327-A992-00ACE6684580}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D6E387-53ED-41B7-9F02-DD9E615DFB2B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-30 00:04 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A72E4F7F-F506-4898-B609-FF892745A1F5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-30 00:04 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-30 00:04 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 22:30 249856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-12 00:07 1006264]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 18:56 317152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-03 18:08 185896]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-25 00:33 167936]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 19:58 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 18:32 472800]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12 71176]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-30 00:04 1177368]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 11:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 11:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 11:26 81920]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 22:52 68400]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GpsGate.lnk.disabled [2007-12-15 15:16:35 727]
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-08-30 12:40:18 967680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTRegRun"=C:\Windows\CTRegRun.EXE
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
"<NO NAME>"=
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C44FE2CB-3481-4FBF-A5F3-B2FABE8CC8B7}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{188B4E3A-3F51-4A7B-A1C0-2820E27496CA}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"TCP Query User{27C3463E-256C-4ED3-8FE0-EB259A9922A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{ECCE41E4-72AC-4F5B-8CE5-D0C43ADF8284}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E33A3EE7-8792-41C5-9668-06D5A06D5053}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
"UDP Query User{1F397FCB-1A91-4FA6-BBC2-43D0CD0F38B5}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
"TCP Query User{D301CEEB-ABC7-4281-B7A9-B54E284E11CF}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{BFC33E59-3570-49DC-8A90-7A1B227E2003}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{29BBA6C7-300D-42D4-9CF5-68C27829829B}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{B317AD82-1ED5-40D6-B464-3EA434EAEBC9}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{755898F7-C334-434A-ACAA-26296C755950}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{713370D8-C926-45D9-8E9F-3CB415C38128}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{12EF38DD-32CA-4056-B125-ACA178E455F8}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{513DFAC5-EFE8-4C59-9ABB-01A2DD27B921}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{A9FFC76B-D956-477B-8C4A-7EB6C12C4BA5}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{F420B305-9AAF-406C-B08E-1F15CF64228A}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{CF4AEA11-9AB7-48F4-915D-329A5E943C2C}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{5F70D864-796D-47E7-B768-B76BB747C514}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"TCP Query User{79F51C64-6F48-422A-BAA2-DBF066FC5E0B}C:\\program files\\bzflag2.0.8\\bzflag.exe"= UDP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
"UDP Query User{DA2874DE-C06D-45FE-A9CD-3D360D447285}C:\\program files\\bzflag2.0.8\\bzflag.exe"= TCP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
"TCP Query User{2EE415E1-E854-4467-8A95-23100A4938CF}C:\\program files\\ircontrol\\irserver.exe"= UDP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
"UDP Query User{D8AEB950-D728-4F71-8672-209C92049B86}C:\\program files\\ircontrol\\irserver.exe"= TCP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
"TCP Query User{62B2583D-2781-4435-99EE-55DEB64AF067}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{910C5ACA-299A-46DE-AC08-5A8D4C59393A}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6572FA1D-CD2E-46D9-957E-1C07FE55A0C3}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{F558A4B3-FBD2-45CB-9576-15C8500FD3A9}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"{02A329AF-C624-4373-B7E2-9B2DB3FD3D8D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C3B6C4B9-C6AB-4DE1-884F-47B18EA9F568}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{62BF94D5-9554-48DE-AD16-7675D4859FE9}C:\\program files\\lanhelper\\lanhelper.exe"= UDP:C:\program files\lanhelper\lanhelper.exe:LanHelper
"UDP Query User{A5B80441-DFD9-47B3-A3D2-A5FDC5C3E058}C:\\program files\\lanhelper\\lanhelper.exe"= TCP:C:\program files\lanhelper\lanhelper.exe:LanHelper
"TCP Query User{A4819CB2-182B-4FD7-AF79-654A08696F0F}C:\\windows\\system32\\win32.exe"= UDP:C:\windows\system32\win32.exe:win32
"UDP Query User{A612699F-046F-42FA-BE3B-29346A6FEFDF}C:\\windows\\system32\\win32.exe"= TCP:C:\windows\system32\win32.exe:win32
"TCP Query User{0E5C01F0-6724-4743-9F83-D0DD1C245F6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3AF82318-F002-4CC4-97A9-CD8B73D34E25}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{317F486D-E12F-4739-B30F-7C4AE83DB813}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"UDP Query User{1FE3B78C-C42F-4339-8DC1-ABDADCD13B67}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"TCP Query User{D7DE3678-CB81-4D86-8ADF-5871F26FEB30}C:\\program files\\software602\\602lan suite\\lansuite.exe"= UDP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
"UDP Query User{2C4448CC-9403-49CC-9EB2-4C50BE4AF11C}C:\\program files\\software602\\602lan suite\\lansuite.exe"= TCP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
"TCP Query User{122DBDF8-E22D-456A-BC7B-87381E482007}C:\\program files\\winhttrack\\winhttrack.exe"= UDP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
"UDP Query User{C325A83E-F4EE-4F5D-BCBB-219A4F1C6CA6}C:\\program files\\winhttrack\\winhttrack.exe"= TCP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
"TCP Query User{409BEF95-6FC5-499C-84F0-FCA0593E537C}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= UDP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
"UDP Query User{B26E29C1-895A-4530-8BF2-E21B13C6622A}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= TCP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
"TCP Query User{218C4ED3-D71A-4C7C-A623-85B247D65541}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
"UDP Query User{6A67A492-5B9E-47E5-BA56-10CA437A5A97}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
"TCP Query User{B110815C-2272-401D-B354-FA5E0C478DE5}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2BE1654A-BF55-4883-A94F-423FBB46ED61}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{D33BA580-DC8A-434F-859B-04C394AB8575}C:\\program files\\printeranywhere\\paconsole.exe"= UDP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
"UDP Query User{6A4A7029-4FE8-4BD7-97A7-5E6C3A7ADE83}C:\\program files\\printeranywhere\\paconsole.exe"= TCP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
"TCP Query User{A8EFB8E0-63B2-412E-B064-70B4EE7D9224}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= UDP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
"UDP Query User{A02F2CAF-5E69-4846-915C-B65DCFE1A361}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= TCP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
"TCP Query User{AFDB44F8-7978-442A-9129-A61F84B6444D}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"UDP Query User{A7BB86C4-91E3-4AC4-9804-99D5AEE071A1}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"TCP Query User{8939DC1F-0A47-4C56-9924-3E0A49DA8C19}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{A13A1466-617E-49B0-82D3-6E1AF5BE0569}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{ECDAC532-BD4D-408F-BD41-5D625CCA9C46}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{468D8920-30DA-4AD3-BF7A-D57E171941B3}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{B6783685-E473-41B4-BE9D-4398017C4D54}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= UDP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
"UDP Query User{459BCF29-1E44-4953-8443-AFDEDE57B48B}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= TCP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
"TCP Query User{DBE77AC5-984E-44B4-976B-87C1EA629CCB}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"UDP Query User{23E75A70-2BF3-42FE-A4E7-82B0331E45ED}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"TCP Query User{692E9D1D-7BC5-40D3-8A84-F3D31E83DE87}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"UDP Query User{0E23CF64-AE0F-4D62-9902-6C00CF0F94C3}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"TCP Query User{92901270-D66B-41BA-96C1-EA6803A427F2}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
"UDP Query User{E30F714D-D7AD-4D26-88B8-6FF141782A92}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
"TCP Query User{1ED80795-E7EF-413E-884D-B583102BF45A}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= UDP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{60D4A8EE-AC74-425A-A140-A69BB0CD17A1}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= TCP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{F81C2E42-C615-4AAF-A028-1E142B3B5E1F}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{72B80CA4-84EF-474A-9F2F-7A4295CD5529}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager
"{15C4A70A-6403-49EC-8B2B-3E5594577CB7}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{DF489AFB-5603-4E7D-8E5D-E0D6D2974F15}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{0B1E84C4-3B2A-430F-9A79-7432269993CF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{12263D06-480C-4FE4-AD25-9D06306F48AA}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"UDP Query User{34A02684-D24A-4CA1-8D72-47591482ADE7}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"TCP Query User{BF29EB53-6D26-493D-841B-B0B55015ACE6}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"UDP Query User{DE1F1B2C-EF75-46EC-B0C0-EE74D26EF30D}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"TCP Query User{9FE57C8A-7CA5-43BD-B917-B982B2AFAF84}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"UDP Query User{C4F38A2D-E526-429B-A5E0-251B8C9CCB89}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"TCP Query User{82A8F417-40D2-4EA8-9E16-E0BCEAE1313F}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"UDP Query User{6460D90C-3C5C-42AC-A249-0C14AE3119A2}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"TCP Query User{DC646897-A69E-41E3-A995-DF59BDE1FD76}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"UDP Query User{BF11F33D-2197-4667-A5D6-AEC8C3BF440A}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"TCP Query User{2916E70F-2A86-461F-B806-C4B0485C3C7B}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"UDP Query User{8B9DFB14-E146-47DD-940D-75855A519D8E}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"TCP Query User{8CDB1622-263E-4DE6-8462-24A6C74A9528}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{E17D0939-5B3E-4506-BA59-FDCD53633D65}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
"{93DDBCCF-473B-469F-8057-6EDDDC25C96C}"= UDP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
"{7A69DFBB-067F-40E4-BAE8-9FFC9FB324F7}"= TCP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{95345637-FB24-4F17-B463-A89E8F353A5A}C:\\program files\\net tools\\nettools5.exe"= UDP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
"UDP Query User{49542D88-5B1A-4A47-B763-1DBA63B6AD0D}C:\\program files\\net tools\\nettools5.exe"= TCP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
"TCP Query User{E15B006E-3176-48AA-838B-8ED6847E01DB}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= UDP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
"UDP Query User{11820745-F4A7-48BF-93FB-ED73509459A4}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= TCP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
"{547C8FF0-71C1-4E26-854F-FF726EDAF31C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{4E61C821-09DA-4ED4-B979-CBE2928821B2}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EFB1BC85-9420-4AF6-84D7-588037D135C3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{086064AD-E3FF-4E9C-9CA5-458C230596E1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7E6081F6-0E36-4B54-8BC6-3F80D4D6BBDF}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{945E2144-BA2C-425C-A3BF-5C6F555AE164}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{87B09E58-FACD-4098-BE48-E9D62C3BDEFE}C:\\windows\\system32\\rlvknlg.exe"= UDP:C:\windows\system32\rlvknlg.exe:rlvknlg.exe
"{B6B99E3B-D1FF-4983-A4EC-389E4DB15B63}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"{E222D3CD-8A07-4F22-A8E0-E6C10CA7D4B9}"= UDP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
"{028FE1AA-816F-43E8-9F3E-BA046911B995}"= TCP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{24B5CAAC-EFC6-4DCC-A42E-7BF789DD2F1E}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= UDP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
"UDP Query User{53D2DE27-FCD1-435F-A2DB-7076C7F21D82}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= TCP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
"{64901ED3-BA96-418E-85E8-B4716880EE7D}"= UDP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe
"{88D1E12C-30ED-4A16-9563-2043886FD70C}"= TCP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe
"{2D53C8FC-3A61-4413-8957-9ADA409B3A3E}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{B3D12B16-50E9-404B-9E0F-6544708D9BD3}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5447F459-96CE-4702-9D1F-EF8F1A22787B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{7D0CDABF-AD55-40C8-A677-DFAC79CEC95F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{63284311-6A51-4AE7-B0E0-CFE561A9E0B5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-05-23 23:05]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-04-30 00:04]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-30 00:04]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-30 00:04]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R2 gfi_lnss8_attservice;GFI LANguard N.S.S. 8.0 Attendant Service;"C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-04-30 00:05]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]
S0 MFX;MFX;C:\Windows\system32\drivers\MFX.sys [2006-09-01 16:55]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
Contents of the 'Scheduled Tasks' folder
"2008-04-25 14:21:43 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-14 08:38:12 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-14 08:38:12 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-14 00:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 00:54:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Windows\System32\snmp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\vmnat.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\vmnetdhcp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Windows\System32\lpremove.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-09 1:11:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 00:10:40
ComboFix2.txt 2008-04-29 22:43:54

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

425 --- E O F --- 2008-05-06 19:04:00

egrogan1
2008-05-09, 03:14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:13, on 09/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
O4 - Startup: GpsGate.lnk.disabled
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: winpto32 - C:\Windows\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13550 bytes

Shaba
2008-05-09, 12:49
Hi

Do you have troubles disabling TeaTimer?

Shaba
2008-05-14, 12:06
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.