Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: seriously infected. help. Taskmanager disabled, Smitfraud-C., Smitfraud-C.gp, zango

  1. #1
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default seriously infected. help. Taskmanager disabled, Smitfraud-C., Smitfraud-C.gp, zango

    Deckard's System Scanner v20071014.68
    Run by Eoin on 2008-04-28 19:05:56
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 4 Restore Point(s) --
    4: 2008-04-28 17:02:16 UTC - RP607 - Windows Update
    3: 2008-04-25 21:51:08 UTC - RP606 - Windows Defender Checkpoint
    2: 2008-04-25 15:46:00 UTC - RP604 - Removed AVG 7.5
    1: 2008-04-25 15:33:12 UTC - RP602 - Installed Ad-Aware 2007


    Backed up registry hives.
    Performed disk cleanup.

    System Drive C: has 10.56 GiB (less than 15%) free.


    -- HijackThis (run as Eoin.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:18:04, on 28/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\wmsdkns.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\ClamWin\bin\ClamTray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Bat\X_Bat.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Users\Eoin\Desktop\dss.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Eoin.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - C:\Windows\system32\khfCtsRk.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
    O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
    O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\Windows\system32\hgGvtSkl.dll
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGvtSkl.dll,#1
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [BM3a2b1158] Rundll32.exe "C:\Windows\system32\yvfsnrdr.dll",s
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4200] command /c del "C:\Windows\System32\dncjghsu.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3996] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5079] command /c del "C:\Windows\System32\drdekhcm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8460] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA673] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC444] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1039] command /c del "C:\Windows\System32\khfCtsRk.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2090] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1763] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC315] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2293] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3280] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3147] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7958] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3930] command /c del "C:\Windows\System32\dncjghsu.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1626] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6712] command /c del "C:\Windows\System32\drdekhcm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4767] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9078] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1397] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8426] command /c del "C:\Windows\System32\khfCtsRk.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5643] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5406] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6113] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB698] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9873] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3282] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD524] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
    O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
    O4 - Startup: GpsGate.lnk.disabled
    O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 16199 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

    backup-20071010-171806-718 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

    -- File Associations -----------------------------------------------------------

    .js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 AFS - c:\windows\system32\drivers\afs.sys <Not Verified; Oak Technology Inc.; AFS>
    R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>

    S0 MFX - c:\windows\system32\drivers\mfx.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
    R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
    R2 ColdFusion MX Application Server - "c:\cfusionmx\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
    R2 ColdFusion MX ODBC Agent - c:\cfusionmx\db\slserver52\bin\swagent.exe "coldfusion mx odbc agent"
    R2 ColdFusion MX ODBC Server - c:\cfusionmx\db\slserver52\bin\swstrtr.exe "coldfusion mx odbc server"
    R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
    R2 RelevantKnowledge - c:\windows\system32\rlservice.exe /service <Not Verified; RelevantKnowledge; RelevantKnowledge>

    S2 MySQL - "c:\program files\mysql\mysql server 6.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 6.0\my.ini" mysql (file missing)
    S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
    S3 stllssvr -
    S4 iSafer (iSafer - Personal Firewall) -
    S4 NMIndexingService -


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp

    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
    Manufacturer: (Standard CD-ROM drives)
    Name: Slimtype DVD A DS8AZH ATA Device
    PNP Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
    Service: cdrom

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Device ID: ROOT\VMWARE\0000
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet1
    PNP Device ID: ROOT\VMWARE\0000
    Service: VMnetAdapter

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Device ID: ROOT\VMWARE\0001
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet8
    PNP Device ID: ROOT\VMWARE\0001
    Service: VMnetAdapter

    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Dm12
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Dm12
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd


    -- Scheduled Tasks -------------------------------------------------------------

    2008-04-25 15:21:43 406 --a------ C:\Windows\Tasks\Norton Security Scan.job
    2007-11-14 09:38:12 370 --a------ C:\Windows\Tasks\RegCure.job
    2007-11-14 09:38:12 436 --a------ C:\Windows\Tasks\RegCure Program Check.job
    2007-11-14 01:25:00 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job


    -- Files created between 2008-03-28 and 2008-04-28 -----------------------------

    2008-04-28 19:05:21 14080 --a------ C:\Windows\stcloader.exe
    2008-04-28 19:05:19 10752 --a------ C:\Windows\2020search2.dll
    2008-04-28 19:05:19 8192 --a------ C:\Windows\2020search.dll
    2008-04-28 18:06:17 37888 --a------ C:\Windows\system32\hgGvtSkl.dll
    2008-04-27 20:59:39 370945 --ahs---- C:\Windows\system32\RuBJlUvw.ini2
    2008-04-26 20:11:44 11776 --a------ C:\Windows\bokja.exe
    2008-04-26 02:06:07 32512 --a------ C:\Windows\saiemod.dll
    2008-04-26 01:05:26 25088 --a------ C:\Windows\swin32.dll
    2008-04-25 16:10:32 28672 --a------ C:\Windows\voiceip.dll
    2008-04-25 16:10:32 9728 --a------ C:\Windows\cdsm32.dll
    2008-04-25 16:10:31 13312 --a------ C:\Windows\mssvr.exe
    2008-04-25 16:10:31 20992 --a------ C:\Windows\mspphe.dll
    2008-04-25 16:10:31 14848 --a------ C:\Windows\bjam.dll
    2008-04-25 16:10:26 15360 --a------ C:\Windows\msapasrc.dll
    2008-04-25 16:10:26 22016 --a------ C:\Windows\msa64chk.dll
    2008-04-25 16:10:25 21504 --a------ C:\Windows\shdocpl.dll
    2008-04-25 16:10:25 14592 --a------ C:\Windows\shdocpe.dll
    2008-04-25 16:10:25 21504 --a------ C:\Windows\ntnut.exe
    2008-04-25 16:10:24 24320 --a------ C:\Windows\winsb.dll
    2008-04-25 16:10:24 22272 --a------ C:\Windows\browserad.dll
    2008-04-25 16:10:24 19968 --a------ C:\Windows\aviwrap32.dll
    2008-04-25 16:10:24 24320 --a------ C:\Windows\avisynthex32.dll
    2008-04-25 16:10:24 32000 --a------ C:\Windows\avifile32.dll
    2008-04-25 16:10:23 23552 --a------ C:\Windows\autodisc32.dll
    2008-04-25 16:10:23 28160 --a------ C:\Windows\audiosrv32.dll
    2008-04-25 16:10:23 19200 --a------ C:\Windows\ati2dvag32.dll
    2008-04-25 16:10:23 23296 --a------ C:\Windows\ati2dvaa32.dll
    2008-04-25 16:10:23 21504 --a------ C:\Windows\athprxy32.dll
    2008-04-25 16:10:22 29952 --a------ C:\Windows\changeurl_30.dll
    2008-04-25 16:10:22 32512 --a------ C:\Windows\asycfilt32.dll
    2008-04-25 16:10:22 8704 --a------ C:\Windows\asferror32.dll
    2008-04-25 16:10:22 15872 --a------ C:\Windows\apphelp32.dll
    2008-04-25 15:46:02 0 d-------- C:\Program Files\Bat
    2008-04-25 15:44:51 4 --a------ C:\Windows\system32\winfrun32.bin
    2008-04-25 15:44:36 88491 --a------ C:\Windows\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
    2008-04-25 15:44:36 88491 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
    2008-04-25 15:43:58 0 d-------- C:\Program Files\Thinstall.VS
    2008-04-25 15:42:26 38400 --a------ C:\Windows\system32\iifCVPfG.dll
    2008-04-25 14:52:34 691545 --a------ C:\Windows\unins000.exe
    2008-04-25 14:52:34 2535 --a------ C:\Windows\unins000.dat
    2008-04-24 21:59:16 39936 --a------ C:\Windows\system32\jkkIXqpn.dll
    2008-04-24 21:59:15 39936 --a------ C:\Windows\system32\geBspoNf.dll
    2008-04-24 21:52:31 0 d-------- C:\Program Files\ClamWin
    2008-04-24 21:42:18 372459 --ahs---- C:\Windows\system32\kRstCfhk.ini2
    2008-04-24 21:42:13 272384 -----n--- C:\Windows\system32\khfCtsRk.dll
    2008-04-24 19:08:00 0 d-------- C:\Program Files\Spyware Doctor
    2008-04-24 18:58:43 0 d-------- C:\Program Files\Norton Security Scan
    2008-04-08 23:09:36 0 d-------- C:\Program Files\NFR
    2008-04-08 23:05:08 0 d-------- C:\PCPRO
    2008-04-08 23:03:57 0 d-------- C:\Program Files\MOBv2
    2008-04-08 21:47:00 8 --a------ C:\Windows\system32\Urncb.dll
    2008-04-02 21:03:33 0 d-------- C:\Program Files\Freeware PDF Unlocker
    2008-04-01 15:32:37 0 d-------- C:\Program Files\Packet Tracer 4.11


    -- Find3M Report ---------------------------------------------------------------

    2008-04-28 19:18:43 0 d-------- C:\Users\Eoin\AppData\Roaming\Azureus
    2008-04-28 18:53:40 0 d-------- C:\Users\Eoin\AppData\Roaming\KompoZer
    2008-04-28 18:07:32 21 --a------ C:\qpmd8376.bin
    2008-04-28 18:03:29 3308 --a------ C:\Windows\bthservsdp.dat
    2008-04-28 17:39:51 0 d-------- C:\Program Files\UZC Trial
    2008-04-28 17:39:37 0 d-------- C:\Program Files\Sony Ericsson
    2008-04-26 21:33:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-04-26 01:44:37 12978 --a------ C:\Users\Eoin\AppData\Roaming\nvModes.001
    2008-04-26 01:17:13 0 d-------- C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
    2008-04-25 16:53:30 554 --a------ C:\sccfg.sys
    2008-04-25 16:35:33 0 d-------- C:\Program Files\Lavasoft
    2008-04-25 16:32:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-25 15:42:28 0 d-------- C:\Users\Eoin\AppData\Roaming\Downloaded Installations
    2008-04-24 21:59:18 0 d-------- C:\Users\Eoin\AppData\Roaming\Thinstall
    2008-04-24 21:53:50 0 d-------- C:\Users\Eoin\AppData\Roaming\.clamwin
    2008-04-24 21:32:39 0 d-------- C:\Users\Eoin\AppData\Roaming\WinCare2008
    2008-04-24 19:08:00 0 d-------- C:\Users\Eoin\AppData\Roaming\PC Tools
    2008-04-24 18:59:58 0 --a------ C:\Users\Eoin\AppData\Roaming\.googlewebacchosts
    2008-04-24 18:54:18 0 d-------- C:\Program Files\Google
    2008-04-18 13:17:11 0 d-------- C:\Users\Eoin\AppData\Roaming\VMware
    2008-04-17 16:42:32 0 d-------- C:\Program Files\Azureus
    2008-04-15 19:15:12 0 d-------- C:\Program Files\Common Files
    2008-04-10 13:18:58 0 d-------- C:\Program Files\Windows Mail
    2008-04-09 21:19:42 0 d-------- C:\Program Files\Common Files\Adobe
    2008-03-31 12:46:14 536784 --a------ C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2008-03-26 15:43:53 0 d-------- C:\Program Files\Elaborate Bytes
    2008-03-23 22:25:11 0 d-------- C:\Program Files\HCScript
    2008-03-23 21:13:56 0 d-------- C:\Program Files\Folder Lock
    2008-03-21 23:01:22 0 d-------- C:\Program Files\Mindscape
    2008-03-20 21:58:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Apple Computer
    2008-03-20 21:39:06 0 d-------- C:\Program Files\iTunes
    2008-03-20 21:38:35 0 d-------- C:\Program Files\iPod
    2008-03-12 23:36:38 0 d-------- C:\Program Files\LaceLevel2GDS
    2008-03-12 23:17:54 0 d-------- C:\Users\Eoin\AppData\Roaming\Intel
    2008-03-12 23:17:53 0 d-------- C:\Program Files\Intel
    2008-03-05 11:16:41 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-03-03 18:11:32 0 d-------- C:\Program Files\Common Files\xing shared
    2008-03-03 18:10:59 0 d-------- C:\Program Files\Common Files\Real
    2008-03-01 19:55:33 0 d-------- C:\Users\Eoin\AppData\Roaming\Real
    2008-03-01 15:59:59 0 d-------- C:\Users\Eoin\AppData\Roaming\AVG7
    2008-02-29 23:55:40 0 d-------- C:\Program Files\Cell Phone Manager
    2008-02-29 23:23:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Systweak
    2008-02-29 23:23:00 0 d-------- C:\Program Files\Advanced System Optimizer
    2008-02-26 19:26:19 73 --a------ C:\Windows\system32\ssprs.dll
    2008-02-26 19:26:17 336 --a------ C:\Windows\system32\lsprst7.dll
    2008-02-25 23:57:00 75 --a------ C:\Windows\Memory
    2008-02-25 23:57:00 74 --a------ C:\Windows\Logic
    2008-02-25 23:53:48 76 --a------ C:\Windows\Spatial
    2008-02-25 23:50:12 78 --a------ C:\Windows\Numerical
    2008-02-25 23:48:50 75 --a------ C:\Windows\Verbal
    2008-02-25 23:48:14 73 --a------ C:\Windows\Times New Roman
    2008-02-25 23:48:14 454 --a------ C:\Windows\0
    2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\sysprs7.dll
    2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth2.dll
    2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth1.dll


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01D7F8D2-56DB-4327-A992-00ACE6684580}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D6E387-53ED-41B7-9F02-DD9E615DFB2B}]
    24/04/2008 21:42 272384 --------- C:\Windows\system32\khfCtsRk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A72E4F7F-F506-4898-B609-FF892745A1F5}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]
    24/04/2008 21:37 37888 --a------ C:\Windows\system32\hgGvtSkl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/04/2007 00:07]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [18/10/2006 18:56]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/03/2008 18:08]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 06:02]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [25/11/2006 00:33]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 19:58]
    "MSServer"="C:\Windows\system32\hgGvtSkl.dll" [24/04/2008 21:37]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [18/10/2006 18:32]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 08:11]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/06/2007 09:12]
    "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [19/04/2008 16:35]
    "BM3a2b1158"="C:\Windows\system32\yvfsnrdr.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 22:30]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingB3930"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
    "SpybotDeletingD1626"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
    "SpybotDeletingB6712"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
    "SpybotDeletingD4767"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
    "SpybotDeletingB9078"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
    "SpybotDeletingD1397"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
    "SpybotDeletingB8426"=command /c del "C:\Windows\System32\khfCtsRk.dll"
    "SpybotDeletingD5643"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
    "SpybotDeletingB5406"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
    "SpybotDeletingD6113"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
    "SpybotDeletingB698"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
    "SpybotDeletingD9873"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
    "SpybotDeletingB3282"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
    "SpybotDeletingD524"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingA4200"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
    "SpybotDeletingC3996"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
    "SpybotDeletingA5079"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
    "SpybotDeletingC8460"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
    "SpybotDeletingA673"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
    "SpybotDeletingC444"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
    "SpybotDeletingA1039"=command /c del "C:\Windows\System32\khfCtsRk.dll"
    "SpybotDeletingC2090"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
    "SpybotDeletingA1763"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
    "SpybotDeletingC315"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
    "SpybotDeletingA2293"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
    "SpybotDeletingC3280"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
    "SpybotDeletingA3147"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
    "SpybotDeletingC7958"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"

    C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [25/04/2008 15:45:58]
    GpsGate.lnk.disabled [15/12/2007 15:16:35]
    Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [30/08/2007 12:40:18]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)
    "DisableTaskMgr"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"=2 (0x2)
    "DontDisplayLogonHoursWarnings"=1 (0x1)
    "DisableTaskMgr"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisallowRun"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\Windows\system32\hgGvtSkl.dll [24/04/2008 21:37 37888]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]
    winpto32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\Windows\system32\khfCtsRk

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    "CTRegRun"=C:\Windows\CTRegRun.EXE
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    "Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
    "SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    "<NO NAME>"=
    "CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
    "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
    "win32"=win32.exe
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
    "CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
    "vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "win32"=win32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    WindowsMobile wcescomm rapimgr
    LocalServiceRestricted WcesComm RapiMgr


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1367c3-c478-11dc-b0dc-001636e944a6}]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
    AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36571902-a6af-11dc-ad11-9dcbe14d6b3d}]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
    - Cn911.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    8300 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-04-28 19:21:59 ------------

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi egrogan1

    We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    1. Download combofix from any of these links and save it to Desktop:
    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

    If you have problems with Combofix usage, see here

    Post:

    - a fresh HijackThis log
    - combofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Smile Wuhoo. I think that worked

    hey, thanks very much. that seems to have worked. here's that file


    ComboFix 08-04-29.3 - Eoin 2008-04-29 23:19:46.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.907 [GMT 1:00]
    Running from: C:\Users\Eoin\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Windows\123messenger.per
    C:\Windows\2020search.dll
    C:\Windows\2020search2.dll
    C:\Windows\apphelp32.dll
    C:\Windows\asferror32.dll
    C:\Windows\asycfilt32.dll
    C:\Windows\athprxy32.dll
    C:\Windows\ati2dvaa32.dll
    C:\Windows\ati2dvag32.dll
    C:\Windows\audiosrv32.dll
    C:\Windows\autodisc32.dll
    C:\Windows\avifile32.dll
    C:\Windows\avisynthex32.dll
    C:\Windows\aviwrap32.dll
    C:\Windows\bjam.dll
    C:\Windows\bokja.exe
    C:\Windows\browserad.dll
    C:\Windows\cdsm32.dll
    C:\Windows\changeurl_30.dll
    C:\Windows\default.htm
    C:\Windows\didduid.ini
    C:\Windows\lfn.exe
    C:\Windows\licencia.txt
    C:\Windows\mainms.vpi
    C:\Windows\megavid.cdt
    C:\Windows\msa64chk.dll
    C:\Windows\msapasrc.dll
    C:\Windows\mspphe.dll
    C:\Windows\mssvr.exe
    C:\Windows\muotr.so
    C:\Windows\ntnut.exe
    C:\Windows\saiemod.dll
    C:\Windows\shdocpe.dll
    C:\Windows\shdocpl.dll
    C:\Windows\stcloader.exe
    C:\Windows\swin32.dll
    C:\Windows\system32\cictlvvx.dll
    C:\Windows\system32\fccbCuvT.dll
    C:\Windows\system32\fcccbxvt.dll
    C:\Windows\system32\geBspoNf.dll
    C:\Windows\system32\gupwngnw.ini
    C:\Windows\system32\iifCVPfG.dll
    C:\Windows\system32\jkkIXqpn.dll
    C:\Windows\system32\khfCtsRk.dll
    C:\Windows\System32\kRstCfhk.ini
    C:\Windows\System32\kRstCfhk.ini2
    C:\Windows\System32\lbgdjdqo.ini
    C:\Windows\system32\lsprst7.dll
    C:\Windows\system32\mcrh.tmp
    C:\Windows\system32\nrjjwnmi.dll
    C:\Windows\system32\ntlenshe.dll
    C:\Windows\system32\onoavnok.dll
    C:\Windows\system32\oqdjdgbl.dll
    C:\Windows\system32\rqRJYrSK.dll
    C:\Windows\System32\RuBJlUvw.ini
    C:\Windows\System32\RuBJlUvw.ini2
    C:\Windows\system32\ssprs.dll
    C:\Windows\system32\uqvnwtuk.dll
    C:\Windows\system32\Urncb.dll
    C:\Windows\system32\urqNGvwV.dll
    C:\Windows\system32\vtUlJdAp.dll
    C:\Windows\system32\winfrun32.bin
    C:\Windows\system32\wmsdkns.exe
    C:\Windows\system32\wtssvtr32.exe
    C:\Windows\telefonos.txt
    C:\Windows\textos.txt
    C:\Windows\voiceip.dll
    C:\Windows\winsb.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-29 22:31 21 ----a-w C:\qpmd8376.bin
    2008-04-29 22:28 --------- d-----w C:\Users\Eoin\AppData\Roaming\Azureus
    2008-04-29 22:05 --------- d-----w C:\ProgramData\Google Updater
    2008-04-29 22:02 --------- d-----w C:\Users\Eoin\AppData\Roaming\Malwarebytes
    2008-04-29 22:02 --------- d-----w C:\ProgramData\Malwarebytes
    2008-04-29 22:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-29 20:50 --------- d-----w C:\ProgramData\VMware
    2008-04-29 18:11 --------- d-----w C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
    2008-04-29 07:03 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-28 19:55 --------- d-----w C:\Program Files\Freeware PDF Unlocker
    2008-04-28 19:53 --------- d-----w C:\Program Files\WinPcap
    2008-04-28 19:52 --------- d-----w C:\Program Files\ElcomSoft
    2008-04-28 17:53 --------- d-----w C:\Users\Eoin\AppData\Roaming\KompoZer
    2008-04-28 16:39 --------- d-----w C:\Program Files\UZC Trial
    2008-04-28 16:39 --------- d-----w C:\Program Files\Sony Ericsson
    2008-04-26 20:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-04-25 15:53 554 ----a-w C:\sccfg.sys
    2008-04-25 15:53 --------- d-----w C:\Program Files\Norton Security Scan
    2008-04-25 15:37 --------- d-----w C:\ProgramData\Lavasoft
    2008-04-25 15:35 --------- d-----w C:\Program Files\Lavasoft
    2008-04-25 15:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-25 14:50 --------- d-----w C:\ProgramData\Rabio
    2008-04-25 14:48 --------- d-----w C:\Program Files\Bat
    2008-04-25 14:47 --------- d-----w C:\Program Files\Thinstall.VS
    2008-04-25 14:42 --------- d-----w C:\Users\Eoin\AppData\Roaming\Downloaded Installations
    2008-04-25 14:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-04-25 13:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-25 13:43 691,545 ----a-w C:\Windows\unins000.exe
    2008-04-24 20:59 --------- d-----w C:\Users\Eoin\AppData\Roaming\Thinstall
    2008-04-24 20:53 --------- d-----w C:\Users\Eoin\AppData\Roaming\.clamwin
    2008-04-24 20:52 --------- d-----w C:\ProgramData\.clamwin
    2008-04-24 20:52 --------- d-----w C:\Program Files\ClamWin
    2008-04-24 20:32 --------- d-----w C:\Users\Eoin\AppData\Roaming\WinCare2008
    2008-04-24 18:20 --------- d---a-w C:\ProgramData\TEMP
    2008-04-24 18:09 --------- d-----w C:\Program Files\Spyware Doctor
    2008-04-24 18:08 --------- d-----w C:\Users\Eoin\AppData\Roaming\PC Tools
    2008-04-24 17:54 --------- d-----w C:\Program Files\Google
    2008-04-18 12:17 --------- d-----w C:\Users\Eoin\AppData\Roaming\VMware
    2008-04-17 15:42 --------- d-----w C:\Program Files\Azureus
    2008-04-10 12:18 --------- d-----w C:\Program Files\Windows Mail
    2008-04-09 20:19 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-08 22:09 --------- d-----w C:\Program Files\NFR
    2008-04-08 22:04 --------- d-----w C:\Program Files\MOBv2
    2008-04-01 14:33 --------- d-----w C:\Program Files\Packet Tracer 4.11
    2008-03-31 11:46 536,784 ----a-w C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2008-03-26 14:43 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-03-23 21:25 --------- d-----w C:\Program Files\HCScript
    2008-03-23 20:13 --------- d-----w C:\Program Files\Folder Lock
    2008-03-21 22:01 --------- d-----w C:\Program Files\Mindscape
    2008-03-20 20:58 --------- d-----w C:\Users\Eoin\AppData\Roaming\Apple Computer
    2008-03-20 20:39 --------- d-----w C:\Program Files\iTunes
    2008-03-20 20:38 --------- d-----w C:\ProgramData\Apple Computer
    2008-03-20 20:38 --------- d-----w C:\Program Files\iPod
    2008-03-14 12:17 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
    2008-03-12 22:36 --------- d-----w C:\Program Files\LaceLevel2GDS
    2008-03-12 22:17 --------- d-----w C:\Users\Eoin\AppData\Roaming\Intel
    2008-03-12 22:17 --------- d-----w C:\Program Files\Intel
    2008-03-06 18:12 --------- d-----w C:\ProgramData\Sony Ericsson
    2008-03-05 10:16 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-03-03 17:11 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-03-03 17:10 --------- d-----w C:\Program Files\Common Files\Real
    2008-03-01 14:59 --------- d-----w C:\Users\Eoin\AppData\Roaming\AVG7
    2008-02-29 22:55 --------- d-----w C:\Program Files\Cell Phone Manager
    2008-02-29 22:23 --------- d-----w C:\Users\Eoin\AppData\Roaming\Systweak
    2008-02-29 22:23 --------- d-----w C:\Program Files\Advanced System Optimizer
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-16 03:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-16 03:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-16 03:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-02-16 03:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-16 03:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2007-08-31 02:20 174 --sha-w C:\Program Files\desktop.ini
    2007-05-03 16:36 12,978 ----a-w C:\Users\Eoin\AppData\Roaming\nvModes.dat
    2007-05-02 01:37 30,357 ----a-w C:\Users\Eoin\menu3.zip
    2007-05-02 01:37 184,790 ----a-w C:\Users\Eoin\menu015try.zip
    2007-05-02 01:37 125,141 ----a-w C:\Users\Eoin\menu4.zip
    2007-05-02 01:36 32,308 ----a-w C:\Users\Eoin\menu2.zip
    2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0009\tmpA24C.tmp
    2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0000\tmpA24C.tmp
    2007-03-03 17:34 0 ----a-w C:\Users\Eoin\AppData\Roaming\wklnhst.dat
    2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    2007-05-10 23:11 56 --sha-r C:\Windows\System32\AEBD113E2B.sys
    2007-09-16 21:52 1,890 --sha-w C:\Windows\System32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 22:30 249856]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-12 00:07 1006264]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 18:56 317152]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-03 18:08 185896]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02 815104]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-25 00:33 167936]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 19:58 159744]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 18:32 472800]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12 71176]
    "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 16:35 77824]

    C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [2008-04-25 15:45:58 178419]
    GpsGate.lnk.disabled [2007-12-15 15:16:35 727]
    Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-08-30 12:40:18 967680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]
    winpto32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    "CTRegRun"=C:\Windows\CTRegRun.EXE
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    "Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
    "SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    "<NO NAME>"=
    "CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
    "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
    "win32"=win32.exe
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
    "CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
    "vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "win32"=win32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C44FE2CB-3481-4FBF-A5F3-B2FABE8CC8B7}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{188B4E3A-3F51-4A7B-A1C0-2820E27496CA}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "TCP Query User{27C3463E-256C-4ED3-8FE0-EB259A9922A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{ECCE41E4-72AC-4F5B-8CE5-D0C43ADF8284}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{E33A3EE7-8792-41C5-9668-06D5A06D5053}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
    "UDP Query User{1F397FCB-1A91-4FA6-BBC2-43D0CD0F38B5}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
    "TCP Query User{D301CEEB-ABC7-4281-B7A9-B54E284E11CF}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
    "UDP Query User{BFC33E59-3570-49DC-8A90-7A1B227E2003}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
    "TCP Query User{29BBA6C7-300D-42D4-9CF5-68C27829829B}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{B317AD82-1ED5-40D6-B464-3EA434EAEBC9}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{755898F7-C334-434A-ACAA-26296C755950}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
    "{713370D8-C926-45D9-8E9F-3CB415C38128}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
    "{12EF38DD-32CA-4056-B125-ACA178E455F8}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
    "{513DFAC5-EFE8-4C59-9ABB-01A2DD27B921}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
    "{A9FFC76B-D956-477B-8C4A-7EB6C12C4BA5}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
    "{F420B305-9AAF-406C-B08E-1F15CF64228A}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
    "{CF4AEA11-9AB7-48F4-915D-329A5E943C2C}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
    "{5F70D864-796D-47E7-B768-B76BB747C514}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
    "TCP Query User{79F51C64-6F48-422A-BAA2-DBF066FC5E0B}C:\\program files\\bzflag2.0.8\\bzflag.exe"= UDP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
    "UDP Query User{DA2874DE-C06D-45FE-A9CD-3D360D447285}C:\\program files\\bzflag2.0.8\\bzflag.exe"= TCP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
    "TCP Query User{2EE415E1-E854-4467-8A95-23100A4938CF}C:\\program files\\ircontrol\\irserver.exe"= UDP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
    "UDP Query User{D8AEB950-D728-4F71-8672-209C92049B86}C:\\program files\\ircontrol\\irserver.exe"= TCP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
    "TCP Query User{62B2583D-2781-4435-99EE-55DEB64AF067}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
    "UDP Query User{910C5ACA-299A-46DE-AC08-5A8D4C59393A}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
    "TCP Query User{6572FA1D-CD2E-46D9-957E-1C07FE55A0C3}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
    "UDP Query User{F558A4B3-FBD2-45CB-9576-15C8500FD3A9}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
    "{02A329AF-C624-4373-B7E2-9B2DB3FD3D8D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{C3B6C4B9-C6AB-4DE1-884F-47B18EA9F568}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{62BF94D5-9554-48DE-AD16-7675D4859FE9}C:\\program files\\lanhelper\\lanhelper.exe"= UDP:C:\program files\lanhelper\lanhelper.exe:LanHelper
    "UDP Query User{A5B80441-DFD9-47B3-A3D2-A5FDC5C3E058}C:\\program files\\lanhelper\\lanhelper.exe"= TCP:C:\program files\lanhelper\lanhelper.exe:LanHelper
    "TCP Query User{A4819CB2-182B-4FD7-AF79-654A08696F0F}C:\\windows\\system32\\win32.exe"= UDP:C:\windows\system32\win32.exe:win32
    "UDP Query User{A612699F-046F-42FA-BE3B-29346A6FEFDF}C:\\windows\\system32\\win32.exe"= TCP:C:\windows\system32\win32.exe:win32
    "TCP Query User{0E5C01F0-6724-4743-9F83-D0DD1C245F6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{3AF82318-F002-4CC4-97A9-CD8B73D34E25}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{317F486D-E12F-4739-B30F-7C4AE83DB813}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
    "UDP Query User{1FE3B78C-C42F-4339-8DC1-ABDADCD13B67}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
    "TCP Query User{D7DE3678-CB81-4D86-8ADF-5871F26FEB30}C:\\program files\\software602\\602lan suite\\lansuite.exe"= UDP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
    "UDP Query User{2C4448CC-9403-49CC-9EB2-4C50BE4AF11C}C:\\program files\\software602\\602lan suite\\lansuite.exe"= TCP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
    "TCP Query User{122DBDF8-E22D-456A-BC7B-87381E482007}C:\\program files\\winhttrack\\winhttrack.exe"= UDP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
    "UDP Query User{C325A83E-F4EE-4F5D-BCBB-219A4F1C6CA6}C:\\program files\\winhttrack\\winhttrack.exe"= TCP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
    "TCP Query User{409BEF95-6FC5-499C-84F0-FCA0593E537C}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= UDP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
    "UDP Query User{B26E29C1-895A-4530-8BF2-E21B13C6622A}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= TCP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
    "TCP Query User{218C4ED3-D71A-4C7C-A623-85B247D65541}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
    "UDP Query User{6A67A492-5B9E-47E5-BA56-10CA437A5A97}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
    "TCP Query User{B110815C-2272-401D-B354-FA5E0C478DE5}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
    "UDP Query User{2BE1654A-BF55-4883-A94F-423FBB46ED61}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
    "TCP Query User{D33BA580-DC8A-434F-859B-04C394AB8575}C:\\program files\\printeranywhere\\paconsole.exe"= UDP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
    "UDP Query User{6A4A7029-4FE8-4BD7-97A7-5E6C3A7ADE83}C:\\program files\\printeranywhere\\paconsole.exe"= TCP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
    "TCP Query User{A8EFB8E0-63B2-412E-B064-70B4EE7D9224}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= UDP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
    "UDP Query User{A02F2CAF-5E69-4846-915C-B65DCFE1A361}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= TCP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
    "TCP Query User{AFDB44F8-7978-442A-9129-A61F84B6444D}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
    "UDP Query User{A7BB86C4-91E3-4AC4-9804-99D5AEE071A1}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
    "TCP Query User{8939DC1F-0A47-4C56-9924-3E0A49DA8C19}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
    "UDP Query User{A13A1466-617E-49B0-82D3-6E1AF5BE0569}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
    "TCP Query User{ECDAC532-BD4D-408F-BD41-5D625CCA9C46}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{468D8920-30DA-4AD3-BF7A-D57E171941B3}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "TCP Query User{B6783685-E473-41B4-BE9D-4398017C4D54}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= UDP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
    "UDP Query User{459BCF29-1E44-4953-8443-AFDEDE57B48B}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= TCP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
    "TCP Query User{DBE77AC5-984E-44B4-976B-87C1EA629CCB}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
    "UDP Query User{23E75A70-2BF3-42FE-A4E7-82B0331E45ED}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
    "TCP Query User{692E9D1D-7BC5-40D3-8A84-F3D31E83DE87}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
    "UDP Query User{0E23CF64-AE0F-4D62-9902-6C00CF0F94C3}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
    "TCP Query User{92901270-D66B-41BA-96C1-EA6803A427F2}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{E30F714D-D7AD-4D26-88B8-6FF141782A92}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
    "TCP Query User{1ED80795-E7EF-413E-884D-B583102BF45A}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= UDP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
    "UDP Query User{60D4A8EE-AC74-425A-A140-A69BB0CD17A1}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= TCP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
    "TCP Query User{F81C2E42-C615-4AAF-A028-1E142B3B5E1F}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager
    "UDP Query User{72B80CA4-84EF-474A-9F2F-7A4295CD5529}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager
    "{15C4A70A-6403-49EC-8B2B-3E5594577CB7}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
    "{DF489AFB-5603-4E7D-8E5D-E0D6D2974F15}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
    "{0B1E84C4-3B2A-430F-9A79-7432269993CF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{12263D06-480C-4FE4-AD25-9D06306F48AA}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
    "UDP Query User{34A02684-D24A-4CA1-8D72-47591482ADE7}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
    "TCP Query User{BF29EB53-6D26-493D-841B-B0B55015ACE6}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
    "UDP Query User{DE1F1B2C-EF75-46EC-B0C0-EE74D26EF30D}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
    "TCP Query User{9FE57C8A-7CA5-43BD-B917-B982B2AFAF84}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
    "UDP Query User{C4F38A2D-E526-429B-A5E0-251B8C9CCB89}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
    "TCP Query User{82A8F417-40D2-4EA8-9E16-E0BCEAE1313F}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
    "UDP Query User{6460D90C-3C5C-42AC-A249-0C14AE3119A2}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
    "TCP Query User{DC646897-A69E-41E3-A995-DF59BDE1FD76}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
    "UDP Query User{BF11F33D-2197-4667-A5D6-AEC8C3BF440A}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
    "TCP Query User{2916E70F-2A86-461F-B806-C4B0485C3C7B}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
    "UDP Query User{8B9DFB14-E146-47DD-940D-75855A519D8E}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
    "TCP Query User{8CDB1622-263E-4DE6-8462-24A6C74A9528}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
    "UDP Query User{E17D0939-5B3E-4506-BA59-FDCD53633D65}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
    "{93DDBCCF-473B-469F-8057-6EDDDC25C96C}"= UDP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
    "{7A69DFBB-067F-40E4-BAE8-9FFC9FB324F7}"= TCP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
    "TCP Query User{95345637-FB24-4F17-B463-A89E8F353A5A}C:\\program files\\net tools\\nettools5.exe"= UDP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
    "UDP Query User{49542D88-5B1A-4A47-B763-1DBA63B6AD0D}C:\\program files\\net tools\\nettools5.exe"= TCP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
    "TCP Query User{E15B006E-3176-48AA-838B-8ED6847E01DB}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= UDP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
    "UDP Query User{11820745-F4A7-48BF-93FB-ED73509459A4}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= TCP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
    "{547C8FF0-71C1-4E26-854F-FF726EDAF31C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{4E61C821-09DA-4ED4-B979-CBE2928821B2}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{EFB1BC85-9420-4AF6-84D7-588037D135C3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{086064AD-E3FF-4E9C-9CA5-458C230596E1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{7E6081F6-0E36-4B54-8BC6-3F80D4D6BBDF}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
    "UDP Query User{945E2144-BA2C-425C-A3BF-5C6F555AE164}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
    "{414752C9-B471-49E9-B9A4-B3C2C10BA9B0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{D038A45C-94EB-43A5-B3BB-FCB77629F8CB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{87B09E58-FACD-4098-BE48-E9D62C3BDEFE}C:\\windows\\system32\\rlvknlg.exe"= UDP:C:\windows\system32\rlvknlg.exe:rlvknlg.exe
    "{B6B99E3B-D1FF-4983-A4EC-389E4DB15B63}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
    "{E222D3CD-8A07-4F22-A8E0-E6C10CA7D4B9}"= UDP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
    "{028FE1AA-816F-43E8-9F3E-BA046911B995}"= TCP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
    "TCP Query User{24B5CAAC-EFC6-4DCC-A42E-7BF789DD2F1E}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= UDP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
    "UDP Query User{53D2DE27-FCD1-435F-A2DB-7076C7F21D82}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= TCP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
    "{64901ED3-BA96-418E-85E8-B4716880EE7D}"= UDP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe
    "{88D1E12C-30ED-4A16-9563-2043886FD70C}"= TCP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
    "SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-05-23 23:05]
    R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
    R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
    R2 gfi_lnss8_attservice;GFI LANguard N.S.S. 8.0 Attendant Service;"C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service []
    R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
    R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 21:44]
    R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
    R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
    R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]
    S0 MFX;MFX;C:\Windows\system32\drivers\MFX.sys [2006-09-01 16:55]
    S3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 13:17]
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
    \shell\Auto\command - Cn911.exe
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-25 14:21:43 C:\Windows\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2007-11-14 08:38:12 C:\Windows\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2007-11-14 08:38:12 C:\Windows\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2007-11-14 00:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-29 23:31:37
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\CFusionMX\runtime\bin\jrunsvc.exe
    C:\CFusionMX\db\slserver52\bin\swstrtr.exe
    C:\CFusionMX\db\slserver52\bin\swsoc.exe
    C:\CFusionMX\runtime\bin\jrun.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\Windows\System32\snmp.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\Program Files\Bat\X_Bat.exe
    C:\Windows\System32\drivers\XAudio.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
    C:\Windows\System32\taskmgr.exe
    C:\Windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-29 23:43:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-29 22:43:09

    The system cannot find message text for message number 0x2379 in the message file for Application.
    The system cannot find message text for message number 0x2379 in the message file for Application.

    437 --- E O F --- 2008-04-29 07:03:58

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Please post also a fresh HijackThis log
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 23:28:25, on 04/05/2008
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Eoin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
    O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
    O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
    O4 - Startup: GpsGate.lnk.disabled
    O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.4.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
    O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Please post back a fresh HijackThis log with version 2.0.2
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:17:06, on 07/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
    O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
    O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
    O4 - Startup: GpsGate.lnk.disabled
    O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.4.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
    O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14283 bytes

  8. #8
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    TeaTimer is still enabled. Please disable it now.

    After that:

    Open HijackThis, click do a system scan only and checkmark these:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
    O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
    O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)


    Close all windows including browser and press fix checked.

    Reboot.

    Open notepad and copy/paste the text in the codebox below into it:

    Code:
    File::
    C:\Windows\system32\rlservice.exe
    
    Driver::
    RelevantKnowledge
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "win32"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
    "win32"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default

    ComboFix 08-05-08.1 - Eoin 2008-05-09 0:44:25.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1195 [GMT 1:00]
    Running from: C:\Users\Eoin\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Eoin\Desktop\CFScript.txt

    FILE ::
    C:\Windows\system32\rlservice.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Rabio
    C:\Windows\system32\rlservice.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_RelevantKnowledge


    ((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-08 23:54 --------- d-----w C:\ProgramData\VMware
    2008-05-08 23:53 21 ----a-w C:\qpmd8376.bin
    2008-05-08 23:35 --------- d-----w C:\Users\Eoin\AppData\Roaming\Azureus
    2008-05-08 22:58 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-05-08 11:41 --------- d-----w C:\ProgramData\Google Updater
    2008-05-07 15:27 --------- d-----w C:\Users\Eoin\AppData\Roaming\VMware
    2008-05-07 11:48 --------- d-----w C:\ProgramData\Apple Computer
    2008-05-07 11:48 --------- d-----w C:\Program Files\iTunes
    2008-05-07 11:48 --------- d-----w C:\Program Files\iPod
    2008-05-07 11:35 --------- d-----w C:\Program Files\QuickTime
    2008-05-07 11:17 --------- d-----w C:\Program Files\Common Files\Apple
    2008-05-07 11:08 --------- d-----w C:\Program Files\Apple Software Update
    2008-05-07 09:58 --------- d-----w C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
    2008-05-07 09:17 --------- d-----w C:\Program Files\CCleaner
    2008-05-06 18:09 --------- d-----w C:\Users\Eoin\AppData\Roaming\Winamp
    2008-05-06 14:09 --------- d-----w C:\Program Files\Winamp
    2008-05-02 15:27 12,978 ----a-w C:\Users\Eoin\AppData\Roaming\nvModes.dat
    2008-05-01 21:08 --------- d-----w C:\Program Files\Common Files\L&H
    2008-05-01 21:06 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-05-01 20:22 --------- d-----w C:\Users\Eoin\AppData\Roaming\Thinstall
    2008-04-30 23:05 --------- d-----w C:\Users\Eoin\AppData\Roaming\ErrorKiller
    2008-04-30 20:40 --------- d-----w C:\Program Files\HP
    2008-04-30 16:03 --------- d-----w C:\Program Files\Bat
    2008-04-30 16:00 --------- d-----w C:\Program Files\Net Tools
    2008-04-29 23:05 67,080 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
    2008-04-29 23:04 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
    2008-04-29 23:04 --------- d-----w C:\ProgramData\avg8
    2008-04-29 23:04 --------- d-----w C:\Program Files\AVG
    2008-04-29 22:02 --------- d-----w C:\Users\Eoin\AppData\Roaming\Malwarebytes
    2008-04-29 22:02 --------- d-----w C:\ProgramData\Malwarebytes
    2008-04-29 22:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-29 07:03 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-28 19:55 --------- d-----w C:\Program Files\Freeware PDF Unlocker
    2008-04-28 19:53 --------- d-----w C:\Program Files\WinPcap
    2008-04-28 19:52 --------- d-----w C:\Program Files\ElcomSoft
    2008-04-28 17:53 --------- d-----w C:\Users\Eoin\AppData\Roaming\KompoZer
    2008-04-28 16:39 --------- d-----w C:\Program Files\UZC Trial
    2008-04-28 16:39 --------- d-----w C:\Program Files\Sony Ericsson
    2008-04-26 20:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-04-25 15:53 554 ----a-w C:\sccfg.sys
    2008-04-25 15:53 --------- d-----w C:\Program Files\Norton Security Scan
    2008-04-25 15:37 --------- d-----w C:\ProgramData\Lavasoft
    2008-04-25 15:35 --------- d-----w C:\Program Files\Lavasoft
    2008-04-25 15:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-25 14:47 --------- d-----w C:\Program Files\Thinstall.VS
    2008-04-25 14:42 --------- d-----w C:\Users\Eoin\AppData\Roaming\Downloaded Installations
    2008-04-25 13:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-25 13:43 691,545 ----a-w C:\Windows\unins000.exe
    2008-04-24 20:32 --------- d-----w C:\Users\Eoin\AppData\Roaming\WinCare2008
    2008-04-24 18:20 --------- d---a-w C:\ProgramData\TEMP
    2008-04-24 18:09 --------- d-----w C:\Program Files\Spyware Doctor
    2008-04-24 18:08 --------- d-----w C:\Users\Eoin\AppData\Roaming\PC Tools
    2008-04-24 17:54 --------- d-----w C:\Program Files\Google
    2008-04-17 15:42 --------- d-----w C:\Program Files\Azureus
    2008-04-10 12:18 --------- d-----w C:\Program Files\Windows Mail
    2008-04-09 20:19 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-08 22:09 --------- d-----w C:\Program Files\NFR
    2008-04-08 22:04 --------- d-----w C:\Program Files\MOBv2
    2008-04-01 14:33 --------- d-----w C:\Program Files\Packet Tracer 4.11
    2008-03-31 11:46 536,784 ----a-w C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2008-03-26 14:43 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-03-23 21:25 --------- d-----w C:\Program Files\HCScript
    2008-03-23 20:13 --------- d-----w C:\Program Files\Folder Lock
    2008-03-21 22:01 --------- d-----w C:\Program Files\Mindscape
    2008-03-20 20:58 --------- d-----w C:\Users\Eoin\AppData\Roaming\Apple Computer
    2008-03-12 22:36 --------- d-----w C:\Program Files\LaceLevel2GDS
    2008-03-12 22:17 --------- d-----w C:\Users\Eoin\AppData\Roaming\Intel
    2008-03-12 22:17 --------- d-----w C:\Program Files\Intel
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-16 03:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-16 03:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-16 03:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-02-16 03:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-16 03:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2007-08-31 02:20 174 --sha-w C:\Program Files\desktop.ini
    2007-05-02 01:37 30,357 ----a-w C:\Users\Eoin\menu3.zip
    2007-05-02 01:37 184,790 ----a-w C:\Users\Eoin\menu015try.zip
    2007-05-02 01:37 125,141 ----a-w C:\Users\Eoin\menu4.zip
    2007-05-02 01:36 32,308 ----a-w C:\Users\Eoin\menu2.zip
    2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0009\tmpA24C.tmp
    2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0000\tmpA24C.tmp
    2007-03-03 17:34 0 ----a-w C:\Users\Eoin\AppData\Roaming\wklnhst.dat
    2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    2008-01-28 18:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-01-28 18:24 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-01-28 18:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-05-10 23:11 56 --sha-r C:\Windows\System32\AEBD113E2B.sys
    2007-09-16 21:52 1,890 --sha-w C:\Windows\System32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01D7F8D2-56DB-4327-A992-00ACE6684580}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D6E387-53ED-41B7-9F02-DD9E615DFB2B}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    2008-04-30 00:04 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A72E4F7F-F506-4898-B609-FF892745A1F5}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-30 00:04 2050816]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-30 00:04 2050816]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 22:30 249856]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-12 00:07 1006264]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 18:56 317152]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-03 18:08 185896]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-25 00:33 167936]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 19:58 159744]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 18:32 472800]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12 71176]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-30 00:04 1177368]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 11:26 90191]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 11:26 7770112]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 11:26 81920]
    "vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 22:52 68400]
    "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    GpsGate.lnk.disabled [2007-12-15 15:16:35 727]
    Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-08-30 12:40:18 967680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    "CTRegRun"=C:\Windows\CTRegRun.EXE
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    "Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
    "SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    "<NO NAME>"=
    "CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
    "Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
    "CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    "VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
    "vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    "Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C44FE2CB-3481-4FBF-A5F3-B2FABE8CC8B7}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "{188B4E3A-3F51-4A7B-A1C0-2820E27496CA}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
    "TCP Query User{27C3463E-256C-4ED3-8FE0-EB259A9922A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{ECCE41E4-72AC-4F5B-8CE5-D0C43ADF8284}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{E33A3EE7-8792-41C5-9668-06D5A06D5053}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
    "UDP Query User{1F397FCB-1A91-4FA6-BBC2-43D0CD0F38B5}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
    "TCP Query User{D301CEEB-ABC7-4281-B7A9-B54E284E11CF}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
    "UDP Query User{BFC33E59-3570-49DC-8A90-7A1B227E2003}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
    "TCP Query User{29BBA6C7-300D-42D4-9CF5-68C27829829B}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{B317AD82-1ED5-40D6-B464-3EA434EAEBC9}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{755898F7-C334-434A-ACAA-26296C755950}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
    "{713370D8-C926-45D9-8E9F-3CB415C38128}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
    "{12EF38DD-32CA-4056-B125-ACA178E455F8}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
    "{513DFAC5-EFE8-4C59-9ABB-01A2DD27B921}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
    "{A9FFC76B-D956-477B-8C4A-7EB6C12C4BA5}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
    "{F420B305-9AAF-406C-B08E-1F15CF64228A}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
    "{CF4AEA11-9AB7-48F4-915D-329A5E943C2C}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
    "{5F70D864-796D-47E7-B768-B76BB747C514}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
    "TCP Query User{79F51C64-6F48-422A-BAA2-DBF066FC5E0B}C:\\program files\\bzflag2.0.8\\bzflag.exe"= UDP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
    "UDP Query User{DA2874DE-C06D-45FE-A9CD-3D360D447285}C:\\program files\\bzflag2.0.8\\bzflag.exe"= TCP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
    "TCP Query User{2EE415E1-E854-4467-8A95-23100A4938CF}C:\\program files\\ircontrol\\irserver.exe"= UDP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
    "UDP Query User{D8AEB950-D728-4F71-8672-209C92049B86}C:\\program files\\ircontrol\\irserver.exe"= TCP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
    "TCP Query User{62B2583D-2781-4435-99EE-55DEB64AF067}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
    "UDP Query User{910C5ACA-299A-46DE-AC08-5A8D4C59393A}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
    "TCP Query User{6572FA1D-CD2E-46D9-957E-1C07FE55A0C3}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
    "UDP Query User{F558A4B3-FBD2-45CB-9576-15C8500FD3A9}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
    "{02A329AF-C624-4373-B7E2-9B2DB3FD3D8D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{C3B6C4B9-C6AB-4DE1-884F-47B18EA9F568}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{62BF94D5-9554-48DE-AD16-7675D4859FE9}C:\\program files\\lanhelper\\lanhelper.exe"= UDP:C:\program files\lanhelper\lanhelper.exe:LanHelper
    "UDP Query User{A5B80441-DFD9-47B3-A3D2-A5FDC5C3E058}C:\\program files\\lanhelper\\lanhelper.exe"= TCP:C:\program files\lanhelper\lanhelper.exe:LanHelper
    "TCP Query User{A4819CB2-182B-4FD7-AF79-654A08696F0F}C:\\windows\\system32\\win32.exe"= UDP:C:\windows\system32\win32.exe:win32
    "UDP Query User{A612699F-046F-42FA-BE3B-29346A6FEFDF}C:\\windows\\system32\\win32.exe"= TCP:C:\windows\system32\win32.exe:win32
    "TCP Query User{0E5C01F0-6724-4743-9F83-D0DD1C245F6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{3AF82318-F002-4CC4-97A9-CD8B73D34E25}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{317F486D-E12F-4739-B30F-7C4AE83DB813}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
    "UDP Query User{1FE3B78C-C42F-4339-8DC1-ABDADCD13B67}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
    "TCP Query User{D7DE3678-CB81-4D86-8ADF-5871F26FEB30}C:\\program files\\software602\\602lan suite\\lansuite.exe"= UDP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
    "UDP Query User{2C4448CC-9403-49CC-9EB2-4C50BE4AF11C}C:\\program files\\software602\\602lan suite\\lansuite.exe"= TCP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
    "TCP Query User{122DBDF8-E22D-456A-BC7B-87381E482007}C:\\program files\\winhttrack\\winhttrack.exe"= UDP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
    "UDP Query User{C325A83E-F4EE-4F5D-BCBB-219A4F1C6CA6}C:\\program files\\winhttrack\\winhttrack.exe"= TCP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
    "TCP Query User{409BEF95-6FC5-499C-84F0-FCA0593E537C}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= UDP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
    "UDP Query User{B26E29C1-895A-4530-8BF2-E21B13C6622A}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= TCP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
    "TCP Query User{218C4ED3-D71A-4C7C-A623-85B247D65541}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
    "UDP Query User{6A67A492-5B9E-47E5-BA56-10CA437A5A97}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
    "TCP Query User{B110815C-2272-401D-B354-FA5E0C478DE5}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
    "UDP Query User{2BE1654A-BF55-4883-A94F-423FBB46ED61}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
    "TCP Query User{D33BA580-DC8A-434F-859B-04C394AB8575}C:\\program files\\printeranywhere\\paconsole.exe"= UDP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
    "UDP Query User{6A4A7029-4FE8-4BD7-97A7-5E6C3A7ADE83}C:\\program files\\printeranywhere\\paconsole.exe"= TCP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
    "TCP Query User{A8EFB8E0-63B2-412E-B064-70B4EE7D9224}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= UDP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
    "UDP Query User{A02F2CAF-5E69-4846-915C-B65DCFE1A361}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= TCP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
    "TCP Query User{AFDB44F8-7978-442A-9129-A61F84B6444D}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
    "UDP Query User{A7BB86C4-91E3-4AC4-9804-99D5AEE071A1}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
    "TCP Query User{8939DC1F-0A47-4C56-9924-3E0A49DA8C19}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
    "UDP Query User{A13A1466-617E-49B0-82D3-6E1AF5BE0569}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
    "TCP Query User{ECDAC532-BD4D-408F-BD41-5D625CCA9C46}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{468D8920-30DA-4AD3-BF7A-D57E171941B3}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
    "TCP Query User{B6783685-E473-41B4-BE9D-4398017C4D54}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= UDP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
    "UDP Query User{459BCF29-1E44-4953-8443-AFDEDE57B48B}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= TCP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
    "TCP Query User{DBE77AC5-984E-44B4-976B-87C1EA629CCB}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
    "UDP Query User{23E75A70-2BF3-42FE-A4E7-82B0331E45ED}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
    "TCP Query User{692E9D1D-7BC5-40D3-8A84-F3D31E83DE87}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
    "UDP Query User{0E23CF64-AE0F-4D62-9902-6C00CF0F94C3}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
    "TCP Query User{92901270-D66B-41BA-96C1-EA6803A427F2}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{E30F714D-D7AD-4D26-88B8-6FF141782A92}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
    "TCP Query User{1ED80795-E7EF-413E-884D-B583102BF45A}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= UDP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
    "UDP Query User{60D4A8EE-AC74-425A-A140-A69BB0CD17A1}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= TCP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
    "TCP Query User{F81C2E42-C615-4AAF-A028-1E142B3B5E1F}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager
    "UDP Query User{72B80CA4-84EF-474A-9F2F-7A4295CD5529}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager
    "{15C4A70A-6403-49EC-8B2B-3E5594577CB7}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
    "{DF489AFB-5603-4E7D-8E5D-E0D6D2974F15}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
    "{0B1E84C4-3B2A-430F-9A79-7432269993CF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{12263D06-480C-4FE4-AD25-9D06306F48AA}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
    "UDP Query User{34A02684-D24A-4CA1-8D72-47591482ADE7}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
    "TCP Query User{BF29EB53-6D26-493D-841B-B0B55015ACE6}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
    "UDP Query User{DE1F1B2C-EF75-46EC-B0C0-EE74D26EF30D}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
    "TCP Query User{9FE57C8A-7CA5-43BD-B917-B982B2AFAF84}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
    "UDP Query User{C4F38A2D-E526-429B-A5E0-251B8C9CCB89}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
    "TCP Query User{82A8F417-40D2-4EA8-9E16-E0BCEAE1313F}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
    "UDP Query User{6460D90C-3C5C-42AC-A249-0C14AE3119A2}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
    "TCP Query User{DC646897-A69E-41E3-A995-DF59BDE1FD76}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
    "UDP Query User{BF11F33D-2197-4667-A5D6-AEC8C3BF440A}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
    "TCP Query User{2916E70F-2A86-461F-B806-C4B0485C3C7B}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
    "UDP Query User{8B9DFB14-E146-47DD-940D-75855A519D8E}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
    "TCP Query User{8CDB1622-263E-4DE6-8462-24A6C74A9528}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
    "UDP Query User{E17D0939-5B3E-4506-BA59-FDCD53633D65}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
    "{93DDBCCF-473B-469F-8057-6EDDDC25C96C}"= UDP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
    "{7A69DFBB-067F-40E4-BAE8-9FFC9FB324F7}"= TCP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
    "TCP Query User{95345637-FB24-4F17-B463-A89E8F353A5A}C:\\program files\\net tools\\nettools5.exe"= UDP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
    "UDP Query User{49542D88-5B1A-4A47-B763-1DBA63B6AD0D}C:\\program files\\net tools\\nettools5.exe"= TCP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
    "TCP Query User{E15B006E-3176-48AA-838B-8ED6847E01DB}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= UDP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
    "UDP Query User{11820745-F4A7-48BF-93FB-ED73509459A4}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= TCP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
    "{547C8FF0-71C1-4E26-854F-FF726EDAF31C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{4E61C821-09DA-4ED4-B979-CBE2928821B2}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{EFB1BC85-9420-4AF6-84D7-588037D135C3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{086064AD-E3FF-4E9C-9CA5-458C230596E1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{7E6081F6-0E36-4B54-8BC6-3F80D4D6BBDF}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
    "UDP Query User{945E2144-BA2C-425C-A3BF-5C6F555AE164}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
    "TCP Query User{87B09E58-FACD-4098-BE48-E9D62C3BDEFE}C:\\windows\\system32\\rlvknlg.exe"= UDP:C:\windows\system32\rlvknlg.exe:rlvknlg.exe
    "{B6B99E3B-D1FF-4983-A4EC-389E4DB15B63}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
    "{E222D3CD-8A07-4F22-A8E0-E6C10CA7D4B9}"= UDP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
    "{028FE1AA-816F-43E8-9F3E-BA046911B995}"= TCP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
    "TCP Query User{24B5CAAC-EFC6-4DCC-A42E-7BF789DD2F1E}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= UDP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
    "UDP Query User{53D2DE27-FCD1-435F-A2DB-7076C7F21D82}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= TCP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
    "{64901ED3-BA96-418E-85E8-B4716880EE7D}"= UDP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe
    "{88D1E12C-30ED-4A16-9563-2043886FD70C}"= TCP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe
    "{2D53C8FC-3A61-4413-8957-9ADA409B3A3E}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
    "TCP Query User{B3D12B16-50E9-404B-9E0F-6544708D9BD3}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{5447F459-96CE-4702-9D1F-EF8F1A22787B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "{7D0CDABF-AD55-40C8-A677-DFAC79CEC95F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{63284311-6A51-4AE7-B0E0-CFE561A9E0B5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
    "SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-05-23 23:05]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-04-30 00:04]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-30 00:04]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-30 00:04]
    R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
    R2 gfi_lnss8_attservice;GFI LANguard N.S.S. 8.0 Attendant Service;"C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service []
    R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
    R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
    R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-04-30 00:05]
    R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
    R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
    R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]
    R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]
    S0 MFX;MFX;C:\Windows\system32\drivers\MFX.sys [2006-09-01 16:55]
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-25 14:21:43 C:\Windows\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2007-11-14 08:38:12 C:\Windows\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2007-11-14 08:38:12 C:\Windows\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2007-11-14 00:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-09 00:54:37
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\CFusionMX\runtime\bin\jrunsvc.exe
    C:\CFusionMX\db\slserver52\bin\swstrtr.exe
    C:\CFusionMX\db\slserver52\bin\swsoc.exe
    C:\CFusionMX\runtime\bin\jrun.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\Windows\System32\snmp.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Windows\System32\vmnat.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\drivers\XAudio.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\System32\vmnetdhcp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\MOZILL~1\firefox.exe
    C:\Windows\System32\lpremove.exe
    C:\Windows\System32\lpksetup.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-09 1:11:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-09 00:10:40
    ComboFix2.txt 2008-04-29 22:43:54

    The system cannot find message text for message number 0x2379 in the message file for Application.
    The system cannot find message text for message number 0x2379 in the message file for Application.

    425 --- E O F --- 2008-05-06 19:04:00

  10. #10
    Member egrogan1's Avatar
    Join Date
    Apr 2008
    Location
    Ireland
    Posts
    36

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:13:13, on 09/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - (no file)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
    O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
    O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
    O4 - Startup: GpsGate.lnk.disabled
    O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.4.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
    O20 - Winlogon Notify: winpto32 - C:\Windows\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
    O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13550 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •