PDA

View Full Version : Vertec HiJack Log Pasted here



Vertec
2008-09-03, 06:11
I received a request to save my pasted file as a .exe file. Not sure what that means since I am pasting this in, and not actually providing the log file.
This was not done in safe mode. The original scan, and your request, a week or so ago can be found by searching on vertec in the forums.


Anyways, sorry for the confusion. Here is the posting. I can attach if you want it later, but your "Read this first" posting requested I paste it here.
Respectfully, just trying to follow the rules. Hope this is what you want. Thanks, in advance, Shaba for trying anyways. Please readvise if this is not how you want it.
Here it is again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:49 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = walledgarden.mchsd.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mchsd.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BM7393421d] Rundll32.exe "C:\WINDOWS\system32\ofpiknvl.dll",s
O4 - HKLM\..\Run: [70a07181] rundll32.exe "C:\WINDOWS\system32\yefpcefa.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127603326428
O16 - DPF: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} - http://scanner.vav-scan.com/setup/setup.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/isan/default/popcaploader_v6.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SSH Sentinel (SSHIPM) - SSH Communications Security - C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10153 bytes
-------------------------------

Previous topic: http://forums.spybot.info/showthread.php?t=33127

Shaba
2008-09-03, 16:53
Hi Vertec

Rename HijackThis.exe to Vertec.exe by doing the following;

Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down menu; "Rename"
And now Rename HijackThis.exe to Vertec.exe
When you've renamed HijackThis, open HijackThis again.
Take a fresh HijackThis log (click Do a system scan and save a log file)
Post the fresh HijackThis log here.

After that:

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Vertec
2008-09-04, 04:43
Thanks, Shaba, and I will now go and work on your next steps and send them here as I get them done.
Thanks!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:18 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\HijackThis\vertec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = walledgarden.mchsd.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mchsd.com
O2 - BHO: {a162586f-fd12-b57a-4744-ffca3ba82ce0} - {0ec28ab3-acff-4474-a75b-21dff685261a} - C:\WINDOWS\system32\kkashi.dll
O2 - BHO: (no name) - {3AC960D0-4EE6-4F61-8EDA-1066320B1459} - C:\WINDOWS\system32\wvUkICvU.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F515F2B-DB6C-4972-8262-BA0108648523} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {788629AF-89BB-40CC-825C-44170578E2CC} - C:\WINDOWS\system32\ddcDvwUO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B3F33824-D72D-485D-9329-77FA2DF09F46} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C89399A5-3D1C-4B12-8E22-4625E6D62493} - C:\WINDOWS\system32\efcCsrpM.dll
O2 - BHO: (no name) - {D7DE6CDC-824C-432A-A61A-270A694A6D8A} - C:\WINDOWS\system32\xxyxWNDs.dll (file missing)
O2 - BHO: (no name) - {EAE5E139-2120-4522-8D85-1B58C052FC2C} - C:\WINDOWS\system32\cbXPhfGW.dll (file missing)
O2 - BHO: (no name) - {FC199917-15BB-41EC-82DA-BD4EEECA4748} - C:\WINDOWS\system32\ddcApOhi.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [70a07181] rundll32.exe "C:\WINDOWS\system32\yefpcefa.dll",b
O4 - HKLM\..\Run: [BM7393421d] Rundll32.exe "C:\WINDOWS\system32\ofpiknvl.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127603326428
O16 - DPF: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} - http://scanner.vav-scan.com/setup/setup.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/isan/default/popcaploader_v6.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: ddcDvwUO - C:\WINDOWS\SYSTEM32\ddcDvwUO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SSH Sentinel (SSHIPM) - SSH Communications Security - C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11996 bytes

Vertec
2008-09-04, 06:07
Shaba, Please note the following:
Before it finalized the log, it popped up a window that said:
"Cannot export APIsvc: Error writing the file. There may be a disk or file system error."

Anyways...here it is.
and...Thanks.

ComboFix 08-09-03.02 - steveo 2008-09-03 21:19:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2541 [GMT -5:00]
Running from: C:\Documents and Settings\steveo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\steveo\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-nestleusainc.hitbox[1].txt
C:\Documents and Settings\New Account\Desktop\Vista Antivirus 2008.lnk
C:\Documents and Settings\steveo\Application Data\FunWebProducts
C:\Documents and Settings\steveo\Application Data\FunWebProducts\Data\steveo\avatar.dat
C:\Documents and Settings\steveo\Application Data\inst.exe
C:\Documents and Settings\steveo\Application Data\macromedia\Flash Player\#SharedObjects\7PNL64M3\bin.clearspring.com
C:\Documents and Settings\steveo\Application Data\macromedia\Flash Player\#SharedObjects\7PNL64M3\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\steveo\Application Data\macromedia\Flash Player\#SharedObjects\7PNL64M3\interclick.com
C:\Documents and Settings\steveo\Application Data\macromedia\Flash Player\#SharedObjects\7PNL64M3\interclick.com\ud.sol
C:\Documents and Settings\steveo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\steveo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\steveo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\steveo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\steveo\Cookies\steveo@adserver[2].txt
C:\Documents and Settings\steveo\Cookies\steveo@clicktorrent[1].txt
C:\Documents and Settings\steveo\Cookies\steveo@hb.pcworld[2].txt
C:\Documents and Settings\steveo\Cookies\steveo@indextools[1].txt
C:\Documents and Settings\steveo\Cookies\steveo@my.clearchannelradio[1].txt
C:\Documents and Settings\steveo\Cookies\steveo@track.bestbuy[1].txt
C:\Documents and Settings\steveo\Cookies\steveo@vendorweb.citibank[2].txt
C:\Documents and Settings\steveo\Cookies\steveo@webr.harley-davidson[1].txt
C:\Documents and Settings\steveo\Cookies\steveo@www.selfstoragebay[2].txt
C:\Documents and Settings\steveo\Cookies\steveo@www.webschwab[2].txt
C:\Program Files\VAV
C:\WINDOWS\BM7393421d.txt
C:\WINDOWS\BM7393421d.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\afecpfey.ini
C:\WINDOWS\system32\ajanxplc.ini
C:\WINDOWS\system32\baouqrsr.dll
C:\WINDOWS\system32\bdyybn.dll
C:\WINDOWS\system32\bobjmher.ini
C:\WINDOWS\system32\cciagkgy.dll
C:\WINDOWS\system32\ckbxjdpa.dll
C:\WINDOWS\system32\cmcskmcx.dll
C:\WINDOWS\system32\cyclpj.dll
C:\WINDOWS\system32\ddcDvwUO.dll
C:\WINDOWS\system32\dgdkkejt.ini
C:\WINDOWS\system32\dxsegrfl.dll
C:\WINDOWS\system32\efcCsrpM.dll
C:\WINDOWS\system32\eMmmlnmp.ini
C:\WINDOWS\system32\eMmmlnmp.ini2
C:\WINDOWS\system32\epkcgcgq.ini
C:\WINDOWS\system32\etqdmhra.ini
C:\WINDOWS\system32\eycfewgm.ini
C:\WINDOWS\system32\fchtchgg.dll
C:\WINDOWS\system32\fcksneok.ini
C:\WINDOWS\system32\fgknradn.ini
C:\WINDOWS\system32\fkdfdguq.ini
C:\WINDOWS\system32\fndpokgq.ini
C:\WINDOWS\system32\fukbwhni.ini
C:\WINDOWS\system32\fxortdxf.ini
C:\WINDOWS\system32\gkjgtaed.dll
C:\WINDOWS\system32\glycmxwd.ini
C:\WINDOWS\system32\hajoryur.ini
C:\WINDOWS\system32\hcskru.dll
C:\WINDOWS\system32\hvkkfpht.ini
C:\WINDOWS\system32\ihOpAcdd.ini
C:\WINDOWS\system32\ihOpAcdd.ini2
C:\WINDOWS\system32\iilbcxrd.ini
C:\WINDOWS\system32\ilacbwov.dll
C:\WINDOWS\system32\jangbh.dll
C:\WINDOWS\system32\jaxixlcc.ini
C:\WINDOWS\system32\jdmhbxcx.ini
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jjjlm.tmp
C:\WINDOWS\system32\jkpxwhnc.ini
C:\WINDOWS\system32\jwdovsrc.ini
C:\WINDOWS\system32\kkashi.dll
C:\WINDOWS\system32\kmscvbdr.ini
C:\WINDOWS\system32\lbesqvxx.ini
C:\WINDOWS\system32\lfuqungm.ini
C:\WINDOWS\system32\llekdymt.ini
C:\WINDOWS\system32\lsfnaxpg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MprsCcfe.ini
C:\WINDOWS\system32\MprsCcfe.ini2
C:\WINDOWS\system32\mqxgspbw.dll
C:\WINDOWS\system32\nhesnuiq.dll
C:\WINDOWS\system32\nhvnvxwx.ini
C:\WINDOWS\system32\niegaxot.ini
C:\WINDOWS\system32\njvpffba.ini
C:\WINDOWS\system32\nyrphleb.ini
C:\WINDOWS\system32\oclmphsm.dll
C:\WINDOWS\system32\ofpiknvl.dll
C:\WINDOWS\system32\ohgfjgfw.ini
C:\WINDOWS\system32\peqdnwiu.ini
C:\WINDOWS\system32\pnbfmvjm.dll
C:\WINDOWS\system32\pzirfw.dll
C:\WINDOWS\system32\qejceoei.ini
C:\WINDOWS\system32\qoppufkm.ini
C:\WINDOWS\system32\qxhfbtax.ini
C:\WINDOWS\system32\rbhczy.dll
C:\WINDOWS\system32\rehmjbob.dll
C:\WINDOWS\system32\rifhuloo.ini
C:\WINDOWS\system32\rmbgxvqs.dll
C:\WINDOWS\system32\rndhsaix.ini
C:\WINDOWS\system32\sbdqgoxy.ini
C:\WINDOWS\system32\sDNWxyxx.ini
C:\WINDOWS\system32\sDNWxyxx.ini2
C:\WINDOWS\system32\siscppng.dll
C:\WINDOWS\system32\sqvxgbmr.ini
C:\WINDOWS\system32\svsffe.dll
C:\WINDOWS\system32\sykxjpfy.ini
C:\WINDOWS\system32\uacjphiw.ini
C:\WINDOWS\system32\ucvdsuhv.dll
C:\WINDOWS\system32\uotgusmu.ini
C:\WINDOWS\system32\UvCIkUvw.ini
C:\WINDOWS\system32\UvCIkUvw.ini2
C:\WINDOWS\system32\vfsaopeg.dll
C:\WINDOWS\system32\vtnirb.dll
C:\WINDOWS\system32\wbyhkjau.ini
C:\WINDOWS\system32\WGfhPXbc.ini
C:\WINDOWS\system32\WGfhPXbc.ini2
C:\WINDOWS\system32\wghycqxo.dll
C:\WINDOWS\system32\wmwwknar.ini
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\wtbibrua.ini
C:\WINDOWS\system32\xcmkscmc.ini
C:\WINDOWS\system32\yefpcefa.dll
C:\WINDOWS\system32\yimrybqn.dll
C:\WINDOWS\system32\yqbyfiml.dll
C:\WINDOWS\system32\zxdnt3d.cfg
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

2008-08-12 22:38 . 2008-08-12 22:38 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-08-12 22:24 . 2008-08-12 22:24 <DIR> d-------- C:\Documents and Settings\steveo\Application Data\ATI
2008-08-12 22:20 . 2008-08-12 22:20 <DIR> d-------- C:\ATI
2008-08-12 22:12 . 2008-08-12 22:12 <DIR> d-------- C:\Documents and Settings\New Account\Application Data\ATI
2008-08-12 22:12 . 2008-08-12 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-08-12 21:44 . 2008-08-12 21:44 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-08-12 21:20 . 2008-08-12 21:20 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-08-12 21:18 . 2008-01-22 14:42 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-08-12 21:18 . 2008-01-22 15:39 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-08-12 21:18 . 2008-01-08 02:34 11,942 -ra------ C:\WINDOWS\atiogl.xml
2008-08-12 21:17 . 2008-01-22 15:14 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-08-12 21:17 . 2008-01-22 15:14 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-08-12 21:17 . 2008-01-22 15:14 887,724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-08-12 21:17 . 2008-01-22 15:44 368,640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-12 21:17 . 2008-01-07 09:43 165,782 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-08-12 21:17 . 2007-08-31 09:20 7,167 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-08-12 21:15 . 2008-08-12 21:35 <DIR> d-------- C:\Program Files\ATI Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 15:06 --------- d-----w C:\Program Files\Quicken
2008-09-01 16:10 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2008-08-25 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-24 13:08 --------- d-----w C:\Program Files\Trend Micro
2008-08-13 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-08-13 03:30 --------- d-----w C:\Program Files\Oberon Media
2008-08-13 02:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-12 12:51 --------- d-----w C:\Program Files\RegCure
2008-08-12 12:47 --------- d-----w C:\Program Files\oldlimewirefiles
2008-08-12 00:27 --------- d-----w C:\Program Files\Video Strip Poker Supreme
2008-07-28 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 13:27 --------- d-----w C:\Documents and Settings\steveo\Application Data\Uniblue
2008-07-24 00:11 --------- d-----w C:\Documents and Settings\New Account\Application Data\vlc
2008-07-24 00:06 --------- d-----w C:\Documents and Settings\New Account\Application Data\DivX
2008-07-22 11:49 --------- d-----w C:\Documents and Settings\New Account\Application Data\Intuit
2008-07-22 04:53 --------- d-----w C:\Documents and Settings\New Account\Application Data\Gtek
2008-07-21 21:15 --------- d-----w C:\Program Files\Star Defender 3
2008-07-20 18:46 --------- d-----w C:\Documents and Settings\steveo\Application Data\Wildfire
2008-07-19 00:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-07-19 00:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-07-18 23:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-07-15 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-03-01 12:47 79,320 ----a-w C:\Documents and Settings\steveo\Application Data\GDIPFONTCACHEV1.DAT
2007-05-11 14:39 47,360 ----a-w C:\Documents and Settings\steveo\Application Data\pcouffin.sys
2007-01-24 02:58 313 ----a-w C:\Documents and Settings\steveo\Application Data\bbbconfig.dat
2006-11-23 14:22 78,072 ----a-w C:\Documents and Settings\steve\Application Data\GDIPFONTCACHEV1.DAT
2006-10-06 02:21 81,920 ----a-w C:\Documents and Settings\steve\Application Data\ezpinst.exe
2006-10-06 02:21 47,360 ----a-w C:\Documents and Settings\steve\Application Data\pcouffin.sys
2005-01-21 00:53 45,056 ------r C:\Program Files\SetAttrib.exe
2004-11-30 07:23 40,960 ------r C:\Program Files\delete.exe
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2002-05-31 19:15 49,152 ----a-w C:\Program Files\owcsetup.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 413696]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [2004-04-30 91256]

C:\Documents and Settings\steveo\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-06-11 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2005-11-23 03:47 53248 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^earthlink dsl5.lnk]
backup=C:\WINDOWS\pss\earthlink dsl5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EarthLink WebLife Backup.lnk]
backup=C:\WINDOWS\pss\EarthLink WebLife Backup.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDrive2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2006-10-30 12:01 392832 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-03-16 03:00 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchPDeviceConn]
--a------ 2005-07-05 20:41 299008 C:\Program Files\Philips\Philips Device Transfer Pop-up\PDeviceConn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2007-05-09 00:29 249856 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBLKsk]
--a------ 2003-03-26 04:10 294912 C:\PROGRA~1\Lexmark\PHOTOC~1\lxblksk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLifeService]
--------- 2005-06-03 18:09 110739 C:\Program Files\Logitech\MediaLife\MediaLifeService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2003-04-28 18:29 122880 C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2007-01-23 01:26 3429904 C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-03-11 11:58 593920 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-03-11 11:45 774144 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-13 19:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-11-03 14:58 28160 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\steveo\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\TVU Player\\TVUPlayer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Harman Pro\\System Architect 1.60\\SystemArchitect.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 SSHIPSEC;SSHIPSEC;C:\WINDOWS\system32\DRIVERS\sshipsec.sys [2002-10-07 370014]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-21 11889]
R2 IOPort;IOPort;C:\WINDOWS\System32\DRIVERS\IOPORT.SYS [1998-11-27 6144]
R2 Par1284;Par1284;C:\Program Files\Roland CutChoice\Program\Par1284.sys [2001-09-05 47328]
R2 SSHIPM;SSH Sentinel;C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe [2002-10-07 2076751]
R2 SSHMONITOR;SSH Sentinel Monitor;C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe [2002-10-07 98402]
R3 sshvnic;SSH Virtual Network Adapter (sshvnic);C:\WINDOWS\system32\DRIVERS\sshvnic5.sys [2002-10-07 6241]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 36224]
S3 GPCIEnu1;GPCIEnu1;C:\WINDOWS\system32\GPCIEnum.sys [2006-08-06 7626]
S3 WLNR;WLNR;C:\WINDOWS\system32\DRIVERS\WLNR.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{3AC960D0-4EE6-4F61-8EDA-1066320B1459} - C:\WINDOWS\system32\wvUkICvU.dll
BHO-{D7DE6CDC-824C-432A-A61A-270A694A6D8A} - C:\WINDOWS\system32\xxyxWNDs.dll
BHO-{EAE5E139-2120-4522-8D85-1B58C052FC2C} - C:\WINDOWS\system32\cbXPhfGW.dll
BHO-{FC199917-15BB-41EC-82DA-BD4EEECA4748} - C:\WINDOWS\system32\ddcApOhi.dll
HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-70a07181 - C:\WINDOWS\system32\yefpcefa.dll
HKLM-Run-BM7393421d - C:\WINDOWS\system32\ofpiknvl.dll
MSConfigStartUp-NvCplDaemon - C:\WINDOWS\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - C:\WINDOWS\system32\NvMcTray.dll
MSConfigStartUp-Logitech BT Wizard - LBTWiz.exe
MSConfigStartUp-nwiz - nwiz.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Settings,ProxyServer = walledgarden.mchsd.com:8000
R1 -: HKCU-Internet Settings,ProxyOverride = *.mchsd.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 21:37:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="System32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpt3xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="System32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="System32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InCDfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InCDPass]
"ImagePath"="System32\DRIVERS\InCDPass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InCDrec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\incdrm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InCDsrv]
"ImagePath"="C:\Program Files\Ahead\InCD\InCDsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="System32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IOPort]
"ImagePath"="\??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="System32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="System32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="System32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="\"C:\Program Files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="System32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="System32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="System32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="System32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbfilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\L8042Kbd]
"ImagePath"="system32\DRIVERS\L8042Kbd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\L8042mou]
"ImagePath"="system32\DRIVERS\L8042mou.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LBTServ]
"ImagePath"="C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceS]
"ImagePath"="C:\WINDOWS\system32\LEXBCES.EXE"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LHidKe]
"ImagePath"="system32\DRIVERS\LHidKE.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
"ImagePath"="\"C:\Program Files\Common Files\LightScribe\LSSrvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LMouKE]
"ImagePath"="system32\DRIVERS\LMouKE.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]
"ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MidiSyn]
"ImagePath"="system32\drivers\MidiSyn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\System32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="System32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="System32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mrtRate]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="System32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="System32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="C:\WINDOWS\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDV]
"ImagePath"="System32\DRIVERS\msdv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="System32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="System32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="System32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="System32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="System32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="System32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="System32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="System32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="System32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="System32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkIpx]
"ImagePath"="System32\DRIVERS\nwlnkipx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkNb]
"ImagePath"="System32\DRIVERS\nwlnknb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkSpx]
"ImagePath"="System32\DRIVERS\nwlnkspx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="System32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Par1284]
"ImagePath"="\??\C:\Program Files\Roland CutChoice\Program\Par1284.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="System32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PcCtlCom]
"ImagePath"="C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="System32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="System32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcouffin]
"ImagePath"="System32\Drivers\Pcouffin.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PcScnSrv]
"ImagePath"="\"C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc]
"ImagePath"="system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PMEM]
"ImagePath"="\??\C:\WINDOWS\System32\drivers\pmemnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Point32]
"ImagePath"="system32\DRIVERS\point32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="System32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="System32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="System32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="System32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="System32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="System32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="System32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="System32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="System32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="System32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\System32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\System32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SansaService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SDDMI2]
"ImagePath"="\??\C:\WINDOWS\system32\DDMI2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="System32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="System32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="System32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sf]
"ImagePath"="system32\drivers\sf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="System32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMBios]
"ImagePath"="System32\DRIVERS\SMBios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SoundMAX Agent Service (default)]
"ImagePath"="C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="System32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="C:\WINDOWS\System32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSHIPM]
"ImagePath"="\"C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe\" -d"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSHIPSEC]
"IMAGEPATH"="System32\DRIVERS\sshipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSHMONITOR]
"ImagePath"="C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe -d"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sshvnic]
"ImagePath"="System32\DRIVERS\sshvnic5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StillCam]
"ImagePath"="System32\DRIVERS\serscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="System32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="System32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="C:\WINDOWS\System32\dllhost.exe /Processid:{20653BA3-BBDD-4A50-9C76-84E98FDEEF6E}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Symantec Core LC]
"ImagePath"="C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symlcbrd]
"ImagePath"="\??\C:\WINDOWS\System32\drivers\symlcbrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="System32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="System32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="C:\WINDOWS\System32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmcfw]
"ImagePath"="system32\DRIVERS\TM_CFW.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmcomm]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\tmcomm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmmbd]
"ImagePath"="system32\DRIVERS\tm_mbd_c.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tmntsrv]
"ImagePath"="C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TmPfw]
"ImagePath"="C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmpreflt]
"ImagePath"="system32\DRIVERS\tmpreflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmproxy]
"ImagePath"="C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmtdi]
"ImagePath"="system32\DRIVERS\tmtdi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmxpflt]
"ImagePath"="system32\DRIVERS\tmxpflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TVICHW32]
"ImagePath"="\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="System32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="System32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="System32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="System32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="System32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="System32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="System32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc]
"ImagePath"="\"C:\Program Files\Windows Live\Messenger\usnsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsapint]
"ImagePath"="system32\DRIVERS\vsapint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="System32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLNR]
"ImagePath"="System32\DRIVERS\WLNR.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvc]
"ImagePath"="\"C:\Program Files\Windows Live\installer\WLSetupSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="C:\WINDOWS\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="C:\WINDOWS\System32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"C:\Program Files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WpdUsb]
"ImagePath"="System32\Drivers\wpdusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="System32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1C131E5A-DDAD-4FD0-AE6E-2FE9D4C67A87}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{3E9B45AD-9F74-4129-AC5C-4406E224FE5C}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{4B515309-8097-4B9E-A99C-DAB3155E61F5}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{53FB8111-60CE-4DAB-BAFB-1563743C4C1F}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{78B39095-6CB3-40B6-A8C7-5BBA97780181}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9C4CADFA-6D1A-417E-89E7-8A3F722E23A8}]
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
**************************************************************************
.
Completion time: 2008-09-03 21:51:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 02:51:13

Pre-Run: 5,318,754,304 bytes free
Post-Run: 6,079,987,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

845 --- E O F --- 2008-09-04 02:50:18

Vertec
2008-09-04, 06:13
after the combofix.

Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:56 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\Program Files\Trend Micro\HijackThis\vertec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = walledgarden.mchsd.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mchsd.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127603326428
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SSH Sentinel (SSHIPM) - SSH Communications Security - C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10798 bytes

Vertec
2008-09-04, 06:16
to perform repairs, merely do the scan and make the log...

Thanks!

Shaba
2008-09-04, 12:51
Yes, that is fine.

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Vertec
2008-09-04, 16:44
I read in the combofix tutorial to go to control panel and network connections and hit 'repair'. I did so and a full reboot and the computer is still down. I am on my laptop now for our communication. The message comes up 'Cannot repair IP address'.
I may have thought about trying a few things, but at this point, I have not been messing around your repair procedure, taking care to only perform what you ask.

I have today and tonight to work this, and then I will be out of town for the weekend...
Thanks!

Vertec
2008-09-04, 16:49
as you last requested. I guess if need be, I can burn a disk and move the list to my laptop to email you, since I am internetless until you advise. Also, please note that after performing your tests so far, Microsoft performed 8 updates upon turnoff of the system.
Thanks

Shaba
2008-09-04, 17:16
This (http://www.tomshardware.com/forum/6961-42-renew-repair-address) might help here.

Vertec
2008-09-04, 19:07
Multiple reboots and it's updating process eventually worked out. I am up, and available. I can tell the computer is better, however, haven't done any other scans till you ask. But I am online and at least working better. What next?
Thanks!

Shaba
2008-09-04, 19:51
Post that uninstall list next, please :)

Vertec
2008-09-05, 06:41
Just did a fresh one to be current...:

Adobe Download Manager 2.0 (Remove Only)
Adobe Encore DVD 1.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe MPEG Encoder
Adobe Premiere 6.5
Adobe Reader 7.0.9
Ahead NeroMIX
Ahead NeroVision Express
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Audio DVD Creator 1.9.1.0
Bejeweled 2 Deluxe
BitLord 1.1
Chuzzle Deluxe 1.0
ConvertXtoDVD 2.0.17
Correlate K-Map 3.9
Data Access Objects (DAO) 3.5
Debt Accelerator
DirectISO 1.6
Disney Pirates of the Caribbean Online
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dr.STIKA PLUS
DriverGuide Toolkit
DVD Solution
dvdSanta 4.00
EAWPilot
EPSON Scan
exPressit S.E. 2.1
F5U109 Driver Uninstall
FaceFun 2006
Family Feud (remove only)
Feeding Frenzy
GameSpy Arcade
Garmin MapSource
GoGear Digital Audio Player SA250/255/260 Device Manager
Google Earth
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
InCD
Intel(R) PRO Network Connections 12.1.12.0
Intel(R) Processor ID Utility
InterActual Player
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment Standard Edition v1.3.1_04
JewelDrops Deluxe
K-Lite Mega Codec Pack 1.59
Lexmark Photo Center
Lexmark Z700-P700 Series Photo Card Reader
LG ODD Auto Firmware Update
LimeWire Pro
LimeWire PRO 4.12.3
Linksys EasyLink Advisor 1.5 (1045)
LiveUpdate 2.6 (Symantec Corporation)
Logitech SetPoint
LoranGPS
Lotus SmartSuite - English
Macromedia Flash Player
Macromedia Shockwave Player
Magic Ball 2 - New Worlds
Magic ISO Maker v4.7 (build 0132)
Mahjong Mania Deluxe 1.0
Mahjongg Artifacts
Map Button (Windows Live Toolbar)
MapSource
Media Center Playlist Editor
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Standard 2006
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MP3's Utilities 1.6.42
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Launcher
MusEdit
MusEdit 3.90.2
Musicnotes Player V1.23.1 and Viewer
Nero 6 Ultra Edition
NoteWorthy Composer
PDFCreator
Peachtree Complete Accounting 2004
PFConfig 1.0.168
Philips Device Transfer Pop-up
Photo Viewer 2.3
Picasa 2
Poker Superstars
Power Tab Editor 1.7
PowerDVD
PowerProducer
ProntoEdit NG
Quicken 2007
QuickTime
RegCure 1.0.0.43
Registry Mechanic 6.0
Ricochet Xtreme
Roland CutChoice 1.1v1
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Smart Menus (Windows Live Toolbar)
SolSuite
Sony Picture Utility
Sony USB Driver
SopCast 1.1.1
SoundMAX
Spybot - Search & Destroy
Sqirlz Morph
SSH Accession
SSH Sentinel
Star Defender 3
Super Mahjong from GameHouse
Symantec KB-DocID:2003093015493306
System Architect 1.60
Tetris Adventure
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Tumble Bugs
Tumblebugs
TVAnts 1.0
TVUPlayer 1.5.12
TweakNow RegCleaner
TweakXP Tweaking Utility 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
UseNeXT
VideoLAN VLC media player 0.8.6d
WD Diagnostics
Wheel of Fortune Deluxe (remove only)
Who Wants To Be A Millionaire 3rd Edition
WIDCOMM Bluetooth Software
WinAVIVideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
Wiz Solitaire
You Don't Know Jack - Volume 3 1.0
You Don't Know Jack 6 - The Lost Gold
YOU DON'T KNOW JACK Volume 3
ZonePRO Designer
Zuma Deluxe 1.0

Shaba
2008-09-05, 10:49
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitLord 1.1
LimeWire Pro
LimeWire PRO 4.12.3

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here along with a fresh uninstall list.

Vertec
2008-09-10, 04:40
I am back on line!

Shaba
2008-09-10, 12:08
Thank you for informing me :)

Vertec
2008-09-10, 15:21
Please note ..this is just run from the windows directory inside Trend Micro. I am not running from a command line or in safe mode.

The three files you mentioned were uninstalled successfully.

uninstall list to follow.
Here we go!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:59 AM, on 9/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\vertec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = walledgarden.mchsd.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mchsd.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127603326428
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SSH Sentinel (SSHIPM) - SSH Communications Security - C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10787 bytes

Vertec
2008-09-10, 15:26
Thanks, again!

Adobe Download Manager 2.0 (Remove Only)
Adobe Encore DVD 1.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe MPEG Encoder
Adobe Premiere 6.5
Adobe Reader 7.0.9
Ahead NeroMIX
Ahead NeroVision Express
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Audio DVD Creator 1.9.1.0
Bejeweled 2 Deluxe
Chuzzle Deluxe 1.0
ConvertXtoDVD 2.0.17
Correlate K-Map 3.9
Data Access Objects (DAO) 3.5
Debt Accelerator
DirectISO 1.6
Disney Pirates of the Caribbean Online
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dr.STIKA PLUS
DriverGuide Toolkit
DVD Solution
dvdSanta 4.00
EAWPilot
EPSON Scan
exPressit S.E. 2.1
F5U109 Driver Uninstall
FaceFun 2006
Family Feud (remove only)
Feeding Frenzy
GameSpy Arcade
Garmin MapSource
GoGear Digital Audio Player SA250/255/260 Device Manager
Google Earth
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
InCD
Intel(R) PRO Network Connections 12.1.12.0
Intel(R) Processor ID Utility
InterActual Player
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment Standard Edition v1.3.1_04
JewelDrops Deluxe
K-Lite Mega Codec Pack 1.59
Lexmark Photo Center
Lexmark Z700-P700 Series Photo Card Reader
LG ODD Auto Firmware Update
Linksys EasyLink Advisor 1.5 (1045)
LiveUpdate 2.6 (Symantec Corporation)
Logitech SetPoint
LoranGPS
Lotus SmartSuite - English
Macromedia Flash Player
Macromedia Shockwave Player
Magic Ball 2 - New Worlds
Magic ISO Maker v4.7 (build 0132)
Mahjong Mania Deluxe 1.0
Mahjongg Artifacts
Map Button (Windows Live Toolbar)
MapSource
Media Center Playlist Editor
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Standard 2006
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MP3's Utilities 1.6.42
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Launcher
MusEdit
MusEdit 3.90.2
Musicnotes Player V1.23.1 and Viewer
Nero 6 Ultra Edition
NoteWorthy Composer
PDFCreator
Peachtree Complete Accounting 2004
PFConfig 1.0.168
Philips Device Transfer Pop-up
Photo Viewer 2.3
Picasa 2
Poker Superstars
Power Tab Editor 1.7
PowerDVD
PowerProducer
ProntoEdit NG
Quicken 2007
QuickTime
RegCure 1.0.0.43
Registry Mechanic 6.0
Ricochet Xtreme
Roland CutChoice 1.1v1
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Smart Menus (Windows Live Toolbar)
SolSuite
Sony Picture Utility
Sony USB Driver
SopCast 1.1.1
SoundMAX
Spybot - Search & Destroy
Sqirlz Morph
SSH Accession
SSH Sentinel
Star Defender 3
Super Mahjong from GameHouse
Symantec KB-DocID:2003093015493306
System Architect 1.60
Tetris Adventure
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Tumble Bugs
Tumblebugs
TVAnts 1.0
TVUPlayer 1.5.12
TweakNow RegCleaner
TweakXP Tweaking Utility 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
UseNeXT
VideoLAN VLC media player 0.8.6d
WD Diagnostics
Wheel of Fortune Deluxe (remove only)
Who Wants To Be A Millionaire 3rd Edition
WIDCOMM Bluetooth Software
WinAVIVideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
Wiz Solitaire
You Don't Know Jack - Volume 3 1.0
You Don't Know Jack 6 - The Lost Gold
YOU DON'T KNOW JACK Volume 3
ZonePRO Designer
Zuma Deluxe 1.0

Shaba
2008-09-10, 15:39
We'll check this next:

* Download GMER from
here (http://www.gmer.net/gmer.zip):
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

Vertec
2008-09-10, 16:31
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-10 08:30:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector (i386-fre)/Trend Micro Inc.) ZwClose [0xA8DF2CE0]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector (i386-fre)/Trend Micro Inc.) ZwConnectPort [0xA8DF2FB0]
SSDT sptd.sys ZwCreateKey [0xF74EF0D0]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector (i386-fre)/Trend Micro Inc.) ZwCreateProcess [0xA8DF2310]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector (i386-fre)/Trend Micro Inc.) ZwCreateProcessEx [0xA8DF25E0]
SSDT sptd.sys ZwEnumerateKey [0xF74F4E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F51BA]
SSDT sptd.sys ZwOpenKey [0xF74EF0B0]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector (i386-fre)/Trend Micro Inc.) ZwOpenProcess [0xA8DF2840]
SSDT sptd.sys ZwQueryKey [0xF74F5292]
SSDT sptd.sys ZwQueryValueKey [0xF74F5112]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector (i386-fre)/Trend Micro Inc.) ZwRequestWaitReplyPort [0xA8DF3150]
SSDT sptd.sys ZwSetValueKey [0xF74F5324]
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys (Trend Micro Malicious Behavior Detector (i386-fre)/Trend Micro Inc.) ZwWriteVirtualMemory [0xA8DF2E80]

Code sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security) IoSetDeviceInterfaceState

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!IoSetDeviceInterfaceState 805E1007 5 Bytes JMP BA6E0B40 sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
PAGENDSM NDIS.sys!NdisMIndicateStatus BA749A5F 5 Bytes JMP BA6E0A70 sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
.text USBPORT.SYS!DllUnload B8A0662C 5 Bytes JMP 8AA41358
? System32\Drivers\aoygicsd.SYS The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7505886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7505832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7527892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7505886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EFAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EFC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EFB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74F0748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74F061E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7504ACA] sptd.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA6DFCF0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA6DFCF0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BA6DFCF0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA6DFCF0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA6DFCF0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [BA6DFCF0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [BA6DFCF0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA6DFAD0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA6DFCF0] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA6E0740] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA6DFD70] sshipsec.sys (SSH IPsec Packet Engine/SSH Communications Security)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8ABCB1E8

AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Fastfat \FatCdrom 8A818448

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)

Device \Driver\usbuhci \Device\USBPDO-0 8AA487A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AC3F1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8AC3F1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8AC3F1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8AC3F1E8
Device \Driver\usbuhci \Device\USBPDO-1 8AA487A0
Device \Driver\usbuhci \Device\USBPDO-2 8AA487A0
Device \Driver\usbuhci \Device\USBPDO-3 8AA487A0
Device \Driver\usbuhci \Device\USBPDO-4 8AA487A0

AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)

Device \Driver\usbuhci \Device\USBPDO-5 8AA487A0
Device \Driver\usbehci \Device\USBPDO-6 8AA3D1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8ABCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8ABCD1E8
Device \Driver\Cdrom \Device\CdRom0 8A9C77A0
Device \Driver\Cdrom \Device\CdRom1 8A9C77A0
Device \Driver\Ftdisk \Device\HarddiskVolume3 8ABCD1E8
Device \Driver\atapi \Device\Ide\IdePort0 8ABCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8ABCC1E8
Device \Driver\atapi \Device\Ide\IdePort1 8ABCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8ABCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 8ABCC1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E9B45AD-9F74-4129-AC5C-4406E224FE5C} 8A90F580
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A90F580
Device \Driver\NetBT \Device\NetbiosSmb 8A90F580
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000088 8A4321E8

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)

Device \Driver\USBSTOR \Device\00000089 8A4321E8

AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Incorporated.)

Device \Driver\PCI_NTPNP0546 \Device\0000005e sptd.sys
Device \Driver\PCI_NTPNP0546 \Device\0000005e sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{1C131E5A-DDAD-4FD0-AE6E-2FE9D4C67A87} 8A90F580
Device \Driver\usbuhci \Device\USBFDO-0 8AA487A0
Device \Driver\usbuhci \Device\USBFDO-1 8AA487A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C001E8
Device \Driver\usbuhci \Device\USBFDO-2 8AA487A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C001E8
Device \Driver\usbuhci \Device\USBFDO-3 8AA487A0
Device \Driver\usbuhci \Device\USBFDO-4 8AA487A0
Device \Driver\Ftdisk \Device\FtControl 8ABCD1E8
Device \Driver\usbuhci \Device\USBFDO-5 8AA487A0
Device \Driver\usbehci \Device\USBFDO-6 8AA3D1E8
Device \Driver\aoygicsd \Device\Scsi\aoygicsd1Port2Path0Target0Lun0 8A9B07A0
Device \Driver\aoygicsd \Device\Scsi\aoygicsd1 8A9B07A0
Device \FileSystem\Fastfat \Fat 8A818448

AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \FileSystem\Cdfs \Cdfs 8A8C7310

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers@{4D36E96D-E325-11CE-BFC1-08002BE10318} NetCfgx.dll,ModemClassCoInstaller?setup\FxsOcm.dll,FaxModemCoClassInstaller?
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM\VID_047D&PID_3900
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM\VID_047D&PID_3900@OEMName Gravis BlackHawk Digital (GamePort)
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM\VID_047D&PID_3900@OEMData 0x03 0x00 0x08 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM\VID_047D&PID_3900@OEMHardwareID Gameport\VID_047D&PID_3900
Reg HKLM\SYSTEM\CurrentControlSet\Services\helpsvc@DependOnService RPCSS?
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x70 0x1F 0xB3 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x53 0x19 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x23 0xFA 0x07 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Joystick\OEM\VID_047D&PID_3900
Reg HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Joystick\OEM\VID_047D&PID_3900@OEMName Gravis BlackHawk Digital (GamePort)
Reg HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Joystick\OEM\VID_047D&PID_3900@OEMData 0x03 0x00 0x08 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Control\MediaProperties\PrivateProperties\Joystick\OEM\VID_047D&PID_3900@OEMHardwareID Gameport\VID_047D&PID_3900
Reg HKLM\SYSTEM\ControlSet002\Services\helpsvc@DependOnService RPCSS?
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x70 0x1F 0xB3 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x11 0x53 0x19 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x23 0xFA 0x07 0x3F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{114E2C3D-CC33-DA46-A1A8-3A0364D0BF84}\ProgID@ DAO.Group.36
Reg HKLM\SOFTWARE\Classes\CLSID\{16E749DB-8E9B-D86A-B1AF-0020EB03A1B7}\InprocServer32@ C:\Program Files\Common Files\Ahead\DSFilter\NeAudioConv.ax
Reg HKLM\SOFTWARE\Classes\CLSID\{16E749DB-8E9B-D86A-B1AF-0020EB03A1B7}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{27077CD1-212A-00E4-CE72-B8CBE7EDF053}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{27077CD1-212A-00E4-CE72-B8CBE7EDF053}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\Web Folders\VAIDDMGR.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{27077CD1-212A-00E4-CE72-B8CBE7EDF053}\ProgID@ VAIDDManager.CacheSink.1
Reg HKLM\SOFTWARE\Classes\CLSID\{27077CD1-212A-00E4-CE72-B8CBE7EDF053}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{27077CD1-212A-00E4-CE72-B8CBE7EDF053}\TypeLib@ {1C77DBD2-12C2-4086-91C0-A8CF727F7C1C}
Reg HKLM\SOFTWARE\Classes\CLSID\{27077CD1-212A-00E4-CE72-B8CBE7EDF053}\VersionIndependentProgID@ VAIDDManager.CacheSink
Reg HKLM\SOFTWARE\Classes\CLSID\{287EF21A-9D1A-0850-5A9C-5CADADD495FF}\InprocServer32@ C:\WINDOWS\system32\CLBCatQ.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{287EF21A-9D1A-0850-5A9C-5CADADD495FF}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{287EF21A-9D1A-0850-5A9C-5CADADD495FF}\ProgID@ ComPlusMetaDataServices.ServicesMetaDataDispenser.1
Reg HKLM\SOFTWARE\Classes\CLSID\{287EF21A-9D1A-0850-5A9C-5CADADD495FF}\VersionIndependentProgID@ ComPlusMetaDataServices.ServicesMetaDataDispenser
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InProcServer32@ %SystemRoot%\System32\browseui.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32@Class System.Security.Policy.AllMembershipCondition
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32\1.0.5000.0@Class System.Security.Policy.AllMembershipCondition
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{3EDCF10F-1C36-0E11-0562-51281A29234E}\ProgId@ System.Security.Policy.AllMembershipCondition
Reg HKLM\SOFTWARE\Classes\CLSID\{68006435-5F14-4E7B-4674-C5DAA4811732}\InprocHandler32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{68006435-5F14-4E7B-4674-C5DAA4811732}\LocalServer32@ C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE /Automation
Reg HKLM\SOFTWARE\Classes\CLSID\{68006435-5F14-4E7B-4674-C5DAA4811732}\LocalServer32@LocalServer32 C84DVn-}f(YR]eAR6.jiWORDFiles>L&rfUmW.cG.e%fI4G}jd /Automation?
Reg HKLM\SOFTWARE\Classes\CLSID\{68006435-5F14-4E7B-4674-C5DAA4811732}\ProgID@ Word.Application.10
Reg HKLM\SOFTWARE\Classes\CLSID\{68006435-5F14-4E7B-4674-C5DAA4811732}\VersionIndependentProgID@ Word.Application
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Control@
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Implemented Categories@
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Implemented Categories\{F2BB56D1-DB07-11D1-AA6B-006097DB9539}
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Implemented Categories\{F2BB56D1-DB07-11D1-AA6B-006097DB9539}@
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\ProgID@ OWC10.PivotTable.10
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\ToolboxBitmap32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL, 1010
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\TypeLib@ {0002E550-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Verb@
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Verb\1@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Verb\2
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Verb\2@ Commands and &Options...,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\Version@ 1.1
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\VersionIndependentProgID@ OWC10.PivotTable
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\Control@
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\MiscStatus\1@ 2229649
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\ProgID@ OWC10.DataSourceControl.10
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\ToolboxBitmap32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL, 1001
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\TypeLib@ {0002E550-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{B543FCF5-8E38-04CC-A7EB-E9C24A1143B2}\VersionIndependentProgID@ OWC10.DataSourceControl
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\AuxUserType@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\AuxUserType\2
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\AuxUserType\2@ Chart
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\AuxUserType\3
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\AuxUserType\3@ Microsoft Excel 2000
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion\Readable
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion\Readable@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion\Readable\Main
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion\Readable\Main@ Biff8,Biff5,ExcelChart
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion\Readwritable
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion\Readwritable@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion\Readwritable\Main
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Conversion\Readwritable\Main@ Biff8
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\DefaultFile
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\DefaultFile@ Biff8
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\0
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\0@ 3,1,32,1
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\1
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\1@ 2,1,16,1
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\2
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\2@ 1,1,1,1
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\3
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\3@ NotesDocInfo,1,1,1
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\4
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DataFormats\GetSet\4@ NoteshNote,-1,1,1
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DefaultExtension@ .xls, Excel Workbook (*.xls)
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DefaultIcon@ C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe,3
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\DocObject@ 16
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Implemented Categories@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Implemented Categories\{000C0118-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Implemented Categories\{000C0118-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\InprocHandler32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\LocalServer32@ C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\LocalServer32@LocalServer32 C84DVn-}f(YR]eAR6.jiEXCELFiles>EUFOC=M&g(pKeqFrsF*m?
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\MiscStatus@ 1
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\PersistentHandler@ {98de59a0-d175-11cd-a7bd-00006b827d94}
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Printable@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\ProgID@ Excel.Chart.8
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Typelib@ {00020813-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Verb@
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Verb\0
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Verb\0@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Verb\1@ &Open,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\Version@ 1.2
Reg HKLM\SOFTWARE\Classes\CLSID\{C8E2C175-EFEA-E064-563D-AF206F4BB9E3}\VersionIndependentProgID@ Excel.Chart
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\InprocServer32@ C:\WINDOWS\system32\wmp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F42963E1-350F-8D23-5CE6-A5F87F15F50C}\InprocServer32@ C:\Program Files\Microsoft Digital Image 2006\sbox.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{F42963E1-350F-8D23-5CE6-A5F87F15F50C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F42963E1-350F-8D23-5CE6-A5F87F15F50C}\ProgID@ Shoebox.ShoeboxLocationPromptUI.11
Reg HKLM\SOFTWARE\Classes\CLSID\{F42963E1-350F-8D23-5CE6-A5F87F15F50C}\TypeLib@ {EDE452B8-DE2E-4477-8EA9-60B84E64B803}
Reg HKLM\SOFTWARE\Classes\CLSID\{F42963E1-350F-8D23-5CE6-A5F87F15F50C}\VersionIndependentProgID@ Shoebox.ShoeboxLocationPromptUI
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3128722C-B445-57AF-1C11-B62E54F8F270}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3128722C-B445-57AF-1C11-B62E54F8F270}@abfmdblahjolomiabikafpdgemgodlehoi 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3128722C-B445-57AF-1C11-B62E54F8F270}@bbfmdblahjolomiabihakpkifpmibeikcjdg 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.14 ----

Shaba
2008-09-10, 16:35
OK, that seems to be fine.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

Vertec
2008-09-11, 14:39
The Kaspersky was first. it is here:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, September 11, 2008 02:02:03
Records in database: 1210267
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 142303
Threat name: 50
Infected objects: 152
Suspicious objects: 1
Duration of the scan: 06:15:01


File name / Threat name / Threats count
C:\Documents and Settings\steveo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-7adef862.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\steveo\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10.tmp Infected: Trojan.Win32.Monder.bbw 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11.tmp Infected: Trojan.Win32.Monder.awj 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12.tmp Infected: Trojan.Win32.Monder.bbw 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13.tmp Infected: Trojan.Win32.Monder.bez 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14.tmp Infected: Trojan-Downloader.Win32.Homles.bz 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\144.tmp Infected: Backdoor.Win32.IRCBot.dd 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\145.tmp Infected: Trojan-Dropper.Win32.VB.lu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15.tmp Infected: Trojan.Win32.Monder.bez 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17.tmp Infected: Trojan.Win32.Monder.bcb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan.Win32.Monder.bcb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp Infected: Trojan.Win32.Monder.bcb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C.tmp Infected: Trojan.Win32.Monder.bde 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E.tmp Infected: Trojan.Win32.Monder.bde 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2.tmp Infected: Trojan.Win32.Monder.bde 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\23.tmp Infected: Trojan.Win32.Monder.eyb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24.tmp Infected: Trojan.Win32.Monder.eyb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cpk 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4.tmp Infected: Trojan.Win32.Monder.awj 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\44.tmp Infected: Trojan-Downloader.Win32.FraudLoad.varq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\50.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.kp 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\57.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.kp 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.xts 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dck 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qqj 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.xts 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.kp 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\65.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\66.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.kp 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quq 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E.tmp Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6F.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.clx 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7.tmp Infected: Trojan.Win32.Monder.ctz 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\70.tmp Infected: Trojan.Win32.Agent.ytr 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\71.tmp Infected: Trojan.Win32.Monder.fcy 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\72.tmp Infected: Trojan.Win32.Monder.kbl 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\73.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ckm 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\74.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\75.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ckm 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\76.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dgt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\77.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.clx 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\78.tmp Infected: Trojan.Win32.Monder.lmu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\79.tmp Infected: Trojan.Win32.Monder.esu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7A.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dfo 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7B.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dfo 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7C.tmp Infected: Trojan.Win32.Monder.lli 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7D.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dgt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7E.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dck 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7F.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cpk 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8.tmp Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\80.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\81.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\82.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\83.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aeuc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\84.tmp Infected: Trojan.Win32.Monder.eyb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\85.tmp Infected: Trojan.Win32.Monder.eyb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\86.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cpk 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\87.tmp Infected: Trojan.Win32.Monder.gpg 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\88.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\89.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dck 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8A.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.clx 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8B.tmp Infected: Trojan.Win32.Agent.ytr 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8C.tmp Infected: Trojan.Win32.Monder.kbl 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8D.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ckm 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8E.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8F.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ckm 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\90.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dgt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\91.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.clx 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\92.tmp Infected: Trojan.Win32.Monder.lmu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\93.tmp Infected: Trojan.Win32.Monder.esu 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\94.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dfo 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\95.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dfo 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\96.tmp Infected: Trojan.Win32.Monder.lli 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\97.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dgt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\98.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.dck 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\99.tmp Infected: Trojan.Win32.Monder.fcy 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A.tmp Infected: Trojan.Win32.Monder.bcb 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B.tmp Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B.tmp Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C.tmp Infected: Trojan-Downloader.Win32.Homles.bz 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D.tmp Infected: Trojan-Downloader.Win32.Homles.bz 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F.tmp Infected: Trojan-Downloader.Win32.Homles.bz 1
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\setup.dll.vir Infected: not-a-virus:Downloader.Win32.VistaAntivirus.a 1
C:\QooBox\Quarantine\C\WINDOWS\system32\baouqrsr.dll.vir Infected: Trojan.Win32.Monder.fyf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ckbxjdpa.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cyclpj.dll.vir Infected: Trojan.Win32.Monder.gdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcDvwUO.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\efcCsrpM.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hcskru.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ilacbwov.dll.vir Infected: Trojan.Win32.Monder.ggc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lsfnaxpg.dll.vir Infected: Trojan.Win32.Monder.ggc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mqxgspbw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nhesnuiq.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pnbfmvjm.dll.vir Infected: Trojan.Win32.Monder.fyf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pzirfw.dll.vir Infected: Trojan.Win32.Monder.gdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rbhczy.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rehmjbob.dll.vir Infected: Trojan.Win32.Monder.gdl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\siscppng.dll.vir Infected: Trojan.Win32.Monder.gdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ucvdsuhv.dll.vir Infected: Trojan.Win32.Monder.gdk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vtnirb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wghycqxo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP471\A0102592.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.adrb 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP471\A0103625.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.adsl 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP475\A0108683.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP482\A0110070.cpl Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP482\A0110071.cpl Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP483\A0110141.dll Infected: Trojan.Win32.Monder.fog 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP484\A0110989.dll Infected: Trojan.Win32.Monder.gdl 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP485\A0111035.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP485\A0111036.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cuw 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP487\A0111127.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP489\A0111192.dll Infected: Trojan.Win32.Monder.jbk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP489\A0111238.dll Infected: Trojan.Win32.Monder.leh 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112297.dll Infected: Trojan.Win32.Monder.fyf 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112300.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112301.dll Infected: Trojan.Win32.Monder.gdk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112302.dll Infected: Trojan.Win32.Monderc.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112304.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112307.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112308.dll Infected: Trojan.Win32.Monder.ggc 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112311.dll Infected: Trojan.Win32.Monder.ggc 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112312.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112315.dll Infected: Trojan.Win32.Monder.fyf 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112316.dll Infected: Trojan.Win32.Monder.gdk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112317.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cva 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112318.dll Infected: Trojan.Win32.Monder.gdl 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112320.dll Infected: Trojan.Win32.Monder.gdk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112322.dll Infected: Trojan.Win32.Monder.gdk 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112324.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeue 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP491\A0112330.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{20A75A9F-7671-46EE-B776-C4183EC2686C}\RP503\A0113105.exe Infected: Trojan.Win32.Monderc.gen 1
G:\Backup\Extra Stuff\outllok\backup.pst Infected: Trojan-Spy.HTML.Bankfraud.w 1

The selected area was scanned.
*********************************************************






And now here is the hijack log directly after. (not even a reboot):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:12 AM, on 9/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\steveo\Local Settings\temp\jkos-steveo\binaries\ScanningProcess.exe
C:\Documents and Settings\steveo\Local Settings\temp\jkos-steveo\binaries\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\vertec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = walledgarden.mchsd.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mchsd.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127603326428
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SSH Sentinel (SSHIPM) - SSH Communications Security - C:\Program Files\SSH Communications Security\SSH Sentinel\sshipm.exe
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - C:\Program Files\SSH Communications Security\SSH Sentinel\sshmonitor.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10718 bytes

Thanks, again, very much.

Vertec

Shaba
2008-09-11, 15:52
Empty these folders:

C:\Documents and Settings\steveo\Application Data\Sun\Java\Deployment\cache
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine
C:\QooBox\Quarantine

Empty Recycle Bin.

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?

Vertec
2008-09-11, 17:39
Thank you very much!
I have not been running spybot or trend other than you specified, so I have not been looking for viruses, but the only one that makes itself obvious, is when I go to shut down, I have seen windows force a shut down of a program called 'Search_Glow' that I would assume is not proper.
I will run trend and spybot with a full scan and see, if that is ok with you.

Secondarily, I see you have my machine accepting updates from windows. Should I go get, and will it let me get, SP3?

I would like to be fully updating, if possible.

Thanks for the help, I am now fully afraid of Peer to Peer stuff. Although it was nice to have free music, particularly.

steve

Shaba
2008-09-11, 17:51
Yes, that is fine. Post back after that, please.

I recommend to take a restore point before installing SP3.

Vertec
2008-09-12, 06:01
popping up, and media.fastclick stuff whizzing by.

I will run my spybot and trend as you are now requesting and see, but I think they are clean, but I still believe have something, albeit WAYY better and mostly clean...just not completely...

Thanks!

Shaba
2008-09-12, 11:25
This might help for that issue:

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Vertec
2008-09-14, 18:07
Not sure what to really do, but in the meantime, I definately have an issue with the 'Search_Glow' pgm that is noticed upon trying to shut down my system. When I attempt to shut down, it ultimately pops up that windows is trying to 'End Program'. It may be affecting my machines ability to get updates. Any ideas?

Thanks!

Shaba
2008-09-14, 19:43
This (http://www.howtomendit.com/answers.php?id=47995) should help.

Shaba
2008-09-21, 12:39
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.