a281207
2008-05-07, 06:32
Hello!
My computer is infected... any help would be appreciated!
Thanks!
Logs are attached below
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 06, 2008 9:05:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/05/2008
Kaspersky Anti-Virus database records: 743221
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 73925
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 03:16:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20080506-174310-3950C8A6.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10072007-204658.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\abook.mab Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\cert8.db Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\key3.db Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Inbox.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Inbox.sbd\HOA.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Inbox.sbd\Louis.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Inbox.sbd\Michelle.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Sent.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Trash.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Inbox.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Inbox.sbd\HOA.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Inbox.sbd\Louis.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Inbox.sbd\Michelle.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Sent.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Trash.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\panacea.dat Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\parent.lock Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Louis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbdam Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbdao Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbeam Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbeao Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbm Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\fii.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\hp Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{55D070D3-E8D2-4B59-81ED-0EFE5E992DD7} Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Temp\~DFA2F7.tmp Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Temp\~DFE77.tmp Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Temp\~DFEB91.tmp Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Louis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Louis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-18-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc1.dll Infected: Trojan.Win32.Vapsup.elf skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc2.exe Infected: Trojan.Win32.Vapsup.ekt skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc3.dll Infected: Trojan.Win32.Vapsup.elf skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc4.dll Infected: Trojan.Win32.Vapsup.elf skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc5.exe Infected: Trojan.Win32.Vapsup.elf skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5C32EB44-EA67-4FBA-8A3C-DB58B7E6B537}\RP295\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.92 DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{99DF6059-DEC1-4C74-8F7C-94F6F76755BA}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C1BC1231-A031-4964-8ED3-D6FF69DD0065}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
**************************************************************************************************************************************************************************************************************************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:23 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CutePDF Writer Companion - {8C3733AE-F794-439A-A959-844DCA64F1A2} - C:\Program Files\Acro Software\CutePDF Writer Companion\CPWC_Co.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CICache] CICache.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181429995177
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {F91AB7B8-EE67-42AF-A5AA-8E232C396A04} (HTMLPRint Control) - https://reports.clearscreening.com/cabs/htmlprint.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9131 bytes
My computer is infected... any help would be appreciated!
Thanks!
Logs are attached below
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 06, 2008 9:05:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/05/2008
Kaspersky Anti-Virus database records: 743221
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 73925
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 03:16:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20080506-174310-3950C8A6.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10072007-204658.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\abook.mab Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\cert8.db Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\key3.db Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Inbox.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Inbox.sbd\HOA.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Inbox.sbd\Louis.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Inbox.sbd\Michelle.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Sent.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\Local Folders\Trash.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Inbox.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Inbox.sbd\HOA.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Inbox.sbd\Louis.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Inbox.sbd\Michelle.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Sent.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\Mail\mail.dslextreme.com\Trash.msf Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\panacea.dat Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\parent.lock Object is locked skipped
C:\Documents and Settings\Louis\Application Data\Thunderbird\Profiles\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Louis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbdam Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbdao Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbeam Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbeao Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbm Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\fii.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\hp Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Google\Google Desktop\46cbc03a3d75\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{55D070D3-E8D2-4B59-81ED-0EFE5E992DD7} Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Temp\~DFA2F7.tmp Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Temp\~DFE77.tmp Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Temp\~DFEB91.tmp Object is locked skipped
C:\Documents and Settings\Louis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Louis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Louis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-18-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc1.dll Infected: Trojan.Win32.Vapsup.elf skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc2.exe Infected: Trojan.Win32.Vapsup.ekt skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc3.dll Infected: Trojan.Win32.Vapsup.elf skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc4.dll Infected: Trojan.Win32.Vapsup.elf skipped
C:\RECYCLER\S-1-5-21-1060284298-308236825-725345543-1003\Dc5.exe Infected: Trojan.Win32.Vapsup.elf skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5C32EB44-EA67-4FBA-8A3C-DB58B7E6B537}\RP295\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.92 DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{99DF6059-DEC1-4C74-8F7C-94F6F76755BA}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C1BC1231-A031-4964-8ED3-D6FF69DD0065}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
**************************************************************************************************************************************************************************************************************************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:23 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: CutePDF Writer Companion - {8C3733AE-F794-439A-A959-844DCA64F1A2} - C:\Program Files\Acro Software\CutePDF Writer Companion\CPWC_Co.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CICache] CICache.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181429995177
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {F91AB7B8-EE67-42AF-A5AA-8E232C396A04} (HTMLPRint Control) - https://reports.clearscreening.com/cabs/htmlprint.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9131 bytes