Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Redirecting pages

  1. #1
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default Redirecting pages

    Hi i have had a few problems in the last couple of days. It started a search of a specific item in google instead of taking me to the page i wanted to view a different page appeared, I just thought a mistake had occurred but this is happening now quite often and i am anticipating that i have some kind of malware in the system. However i have ran a scan with my own spyware programme and it has found nothing, I used a programme called stop and this came up with something called tanspy some kind of trojan. However i did an sdfix scan in safe mode and this report came back as no viruses found.
    Spy-bot would not start when all this started happening, i downloaded stop which stated that it would conflict with spy-bot so spy-bot was removed. I have since uninstalled stop and have tried to download spy-bot again but it still refuses to start even though at times the tea timer sits on the task bar and seems to be working.
    I have prepared a hijack this printout i have gone through this list but there maybe something still in there that i don't recognise.
    Hope this is correct in the way it has been prepared.



    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SYSTEM32\USRshutA.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\Program Files\Virgin Broadband\PCguard\Rps.exe
    C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...8&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
    O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144979886703
    O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.co...x/HMAtchmt.ocx
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9a5d083292664) (gupdate1c9a5d083292664) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11737 bytes

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    You must have read and followed the "Before you Post" instructions, anything else will waste your time and mine.

    85.255.112.128 <<< at the very least you are hacked by criminals form the Ukraine.
    http://whois.domaintools.com/85.255.112.128

    You have cut off the header of the HJT log which contains information we need. Post like this from notepad:
    Edit > Select All > copy/paste all highlited information.

    Malware may be hidden, we will begin our search like this:

    1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

    2) Download Malwarebytes' Anti-Malware to your Desktop
    http://www.malwarebytes.org/

    http://www.besttechie.net/mbam/mbam-setup.exe <<< download

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform FULL SCAN, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    * Please post contents of that file & a new HJT log in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Tutorial if needed:
    http://www.techsupportteam.org/forum...ware-mbam.html

    3) Post also an uninstall list: Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default RE Malware

    Thanks for your reply. OK i installed the application malwarebytes onto the desk top as directed. However clicking on it or trying to open the programme is doing nothing. Its acting exactly like Spy-Bot clicking on Spy-Bot fails to load the programme. However look in task manager and both programmes are there but not actually using any CPU. Its almost as though something in this PC is preventing either programme running.
    There is also another strange thing going on, my son might be on his games console on line and i am on line on the pc at the same time he then loses his connection but i still have mine.
    Also if the pc is shut down over night and then restarted say in the morning the home page fails to load and there is an error message that page cannot be displayed. But when i repair the connection everything seems to be ok. This has only started recently could these problems all be linked to the same problem. I will also post the full hijack this list as required.

  4. #4
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default

    Quote Originally Posted by pskelley View Post
    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    You must have read and followed the "Before you Post" instructions, anything else will waste your time and mine.

    85.255.112.128 <<< at the very least you are hacked by criminals form the Ukraine.
    http://whois.domaintools.com/85.255.112.128

    You have cut off the header of the HJT log which contains information we need. Post like this from notepad:
    Edit > Select All > copy/paste all highlited information.

    Malware may be hidden, we will begin our search like this:

    1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

    2) Download Malwarebytes' Anti-Malware to your Desktop
    http://www.malwarebytes.org/

    http://www.besttechie.net/mbam/mbam-setup.exe <<< download

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform FULL SCAN, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    * Please post contents of that file & a new HJT log in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Tutorial if needed:
    http://www.techsupportteam.org/forum...ware-mbam.html

    3) Post also an uninstall list: Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

    Thanks
    Now you are starting to worry me are you saying that my particular connection has been hacked by these Ukraines?

    Here is the complete log file hijack this
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:02:23, on 19/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SYSTEM32\USRshutA.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\Program Files\Virgin Broadband\PCguard\Rps.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144979886703
    O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.co...x/HMAtchmt.ocx
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9a5d083292664) (gupdate1c9a5d083292664) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11093 bytes

  5. #5
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Would it surprise you if I told you the hackers are doing all they can to keep you from removing their junk? We have to get the tools to run to do this. Start by trying to run MBAM in safe mode:
    http://spyware-free.us/tutorials/safemode/

    If that does not work, delete the program and download it again, this time when you click this link:
    http://www.malwarebytes.org/affiliat...mbam-setup.exe

    Then choose Save this file now
    Save it to the Desktop
    Down at the bottom where it says "File name:"
    change that to say yawroc-setup.exe then save it
    Now double click and see if it will update and run
    if not...try in safe mode again
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Please do not quote my instructions, I know what I say and you can scroll back if you need to read it. I do not need that HJT log until after the tool (MBAM in this case) has been run.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default ref MBAM

    Tried all you said started in safe mode too! Changed the file name programme still not starting.

  8. #8
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    You understand that reformat is an option:
    http://spyware-free.us/tutorials/reformat/
    http://www.cyberwalker.net/faqs/how-...stall-faq.html
    http://helpdesk.its.uiowa.edu/window...s/reformat.htm

    Let's see if you can run combofix:

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

    Download ComboFix from here:

    Link 1

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

    Tutorial if needed
    http://www.bleepingcomputer.com/comb...o-use-combofix
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  9. #9
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default Ref Malware

    Just to update i was awaiting a scan to finish from a trusted site and here are two items found in the pc. win32worm agent and another called zango. Zango was quarantined and win32 worm agent was removed. I am now downloading a fresh copy of spy bot to see if it will now start obviously if it does not i will use the combofix application as directed. Will be back to update. But thank you for your help so far.

  10. #10
    Junior Member
    Join Date
    Apr 2009
    Posts
    13

    Default ReComboxfix

    Hi PSKelley
    I did the combofix today. I just want to say that after running that programme i was able to load up Spy-Bot i still have some programmes still to remove which might conflict with spy-bot but at least i am able to run this.
    I have enclosed the scan of combofix and a new HT scan. Things seem to be a lot better thankyou for your help thus far.

    ComboFix 09-04-20.A0 - Carlito Corway 20/04/2009 13:35.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.510.181 [GMT 1:00]
    Running from: c:\documents and settings\Carlito Corway\Desktop\ComboFix.exe
    AV: PCguard Anti-Virus *On-access scanning disabled* (Updated)
    AV: StopSign Antivirus FREE TRIAL diagnostic version *On-access scanning disabled* (Updated)
    FW: PCguard Firewall *disabled*
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\BMaafe2273.txt
    c:\windows\BMaafe2273.xml
    c:\windows\system32\drivers\gaopdxnbdotlmjkrqevpwuvtryasuvptjpsali.sys
    c:\windows\system32\drivers\gaopdxpqjwmrxrgitbacbigskllloymkoqjxjn.sys
    c:\windows\system32\gaopdxcounter
    c:\windows\system32\gaopdxukwiqvenroaioejmmhgcyrqovowypkxe.dll
    c:\windows\system32\SrchSTS.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_gaopdxserv.sys


    ((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
    .

    2009-04-20 04:19 . 2009-04-20 04:20 -------- dc----w C:\Spybot - Search & Destroy
    2009-04-20 04:01 . 2009-04-20 04:01 -------- d-----w c:\program files\SPY-BOT
    2009-04-20 03:30 . 2009-04-20 03:30 268 -c-ha-w C:\sqmdata03.sqm
    2009-04-20 03:30 . 2009-04-20 03:30 244 -c-ha-w C:\sqmnoopt03.sqm
    2009-04-20 03:22 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
    2009-04-20 00:01 . 2009-04-20 00:01 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
    2009-04-19 23:50 . 2009-04-19 23:50 268 -c-ha-w C:\sqmdata02.sqm
    2009-04-19 23:50 . 2009-04-19 23:50 244 -c-ha-w C:\sqmnoopt02.sqm
    2009-04-19 23:50 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-19 23:49 . 2009-04-19 23:49 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-19 23:48 . 2009-04-19 23:48 -------- d-----w c:\program files\Lavasoft
    2009-04-19 22:46 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-19 22:46 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-19 22:46 . 2009-04-19 22:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-19 22:46 . 2009-04-19 22:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-04-19 22:30 . 2009-04-19 22:30 268 -c-ha-w C:\sqmdata01.sqm
    2009-04-19 22:30 . 2009-04-19 22:30 244 -c-ha-w C:\sqmnoopt01.sqm
    2009-04-19 19:24 . 2009-04-19 19:24 268 -c-ha-w C:\sqmdata00.sqm
    2009-04-19 19:24 . 2009-04-19 19:24 244 -c-ha-w C:\sqmnoopt00.sqm
    2009-04-19 17:30 . 2009-04-19 17:30 3584 -csha-w C:\Thumbs.db
    2009-04-18 22:50 . 2009-04-18 22:50 -------- d-----w c:\program files\Fiddler2
    2009-04-18 21:45 . 2009-04-18 21:45 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2009-04-17 08:59 . 2009-04-17 09:04 -------- d-----w c:\program files\LimeWire
    2009-04-15 14:45 . 2009-04-15 14:45 -------- d-----w c:\windows\ERUNT
    2009-04-15 14:36 . 2009-04-15 15:20 -------- dc----w C:\SDFix
    2009-04-15 07:30 . 2009-04-15 07:30 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\eAcceleration
    2009-04-15 07:24 . 2009-04-19 21:00 -------- d-----w c:\program files\Acceleration Software
    2009-04-15 07:22 . 2009-04-15 07:31 -------- d-----w c:\documents and settings\All Users\Application Data\eAcceleration
    2009-04-15 07:21 . 2009-04-15 07:25 -------- d-----w c:\program files\Common Files\eAcceleration
    2009-04-15 07:21 . 2009-04-15 07:30 -------- d-----w c:\program files\eAcceleration
    2009-04-15 07:02 . 2009-04-15 07:02 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
    2009-04-14 17:11 . 2009-04-14 17:11 -------- d-----w c:\program files\Raxco
    2009-04-14 17:11 . 2009-04-14 17:11 -------- d-----w c:\documents and settings\All Users\Application Data\Raxco
    2009-04-14 15:19 . 2009-04-14 17:09 53192 ----a-w c:\windows\system32\drivers\rp_skt32.sys
    2009-04-14 15:18 . 2007-04-19 10:36 48384 ----a-w c:\windows\system32\drivers\rp_pkt32.sys
    2009-04-14 15:18 . 2009-04-14 15:18 -------- d-----w c:\program files\Common Files\Authentium
    2009-04-14 15:17 . 2009-04-14 15:29 -------- d-----w c:\program files\Common Files\Scanner
    2009-04-14 15:11 . 2009-04-14 15:11 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\InstallShield
    2009-04-14 15:06 . 2009-04-14 15:16 -------- d-----w c:\program files\Virgin Broadband
    2009-04-14 13:33 . 2009-04-14 13:33 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
    2009-04-14 07:14 . 2009-04-19 13:49 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\Any Video Converter
    2009-04-14 07:13 . 2009-04-14 07:16 -------- d-----w c:\program files\Any Video Converter
    2009-04-14 07:08 . 2009-04-14 07:08 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\Broad Intelligence
    2009-04-14 07:04 . 2009-04-14 07:06 -------- d-----w c:\program files\MediaCoder
    2009-04-14 06:33 . 2009-04-14 06:33 -------- d-sh--w c:\documents and settings\Carlito Corway\IECompatCache
    2009-04-14 06:31 . 2009-04-14 06:31 -------- d-sh--w c:\documents and settings\Carlito Corway\PrivacIE
    2009-04-14 06:15 . 2009-04-14 06:15 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
    2009-04-14 06:11 . 2009-04-14 06:11 -------- d-sh--w c:\documents and settings\Carlito Corway\IETldCache
    2009-04-14 05:30 . 2009-04-14 05:30 -------- d-----w c:\windows\ie8updates
    2009-04-14 05:25 . 2009-04-14 05:26 -------- dc-h--w c:\windows\ie8
    2009-04-14 05:24 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
    2009-04-11 23:08 . 2004-08-03 23:56 32866 ------w c:\windows\system32\slrundll.exe
    2009-04-11 23:08 . 2004-08-03 23:56 188508 ------w c:\windows\system32\slgen.dll
    2009-04-11 23:08 . 2004-08-03 23:56 73796 ------w c:\windows\system32\slserv.exe
    2009-04-11 23:08 . 2004-08-03 23:56 32866 ------w c:\windows\slrundll.exe
    2009-04-11 22:59 . 2009-04-11 22:59 -------- d-----w c:\windows\ServicePackFiles
    2009-04-11 22:56 . 2004-07-17 10:40 19528 ----a-w c:\windows\000001_.tmp
    2009-04-11 21:29 . 2009-04-11 21:29 -------- dc----w C:\i386
    2009-04-10 20:08 . 2009-04-10 20:08 -------- dc----w C:\73f2dece83ab1992bbc95d88
    2009-04-08 16:20 . 2009-04-08 16:20 -------- d-----w c:\program files\Common Files\xing shared
    2009-04-08 15:44 . 2009-04-08 15:44 -------- d-----w c:\program files\RADVideo
    2009-04-06 02:46 . 2009-04-06 02:46 -------- d-s---w c:\documents and settings\Carlito Corway\UserData
    2009-04-06 01:06 . 2009-04-06 15:19 -------- d-----w c:\program files\Common Files\Yahoo!
    2009-04-05 23:03 . 2009-04-05 23:19 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\Download Manager
    2009-04-02 03:15 . 2009-04-02 03:15 -------- dc----w C:\carlitonesean_VR
    2009-03-29 01:30 . 2009-03-29 01:31 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
    2009-03-26 08:31 . 2009-04-19 23:48 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
    2009-03-26 08:25 . 2009-03-26 08:25 -------- d-----w c:\program files\Trend Micro
    2009-03-25 09:02 . 2009-03-25 09:02 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\IObit
    2009-03-25 09:02 . 2009-03-25 09:02 -------- d-----w c:\program files\IObit
    2009-03-23 00:01 . 2009-03-23 00:01 -------- dcsha-r C:\autorun.inf
    2009-03-22 04:59 . 2009-03-22 12:19 -------- d-----w c:\program files\MP3 Key Changer
    2009-03-22 01:02 . 2009-03-22 01:02 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\Screaming Bee

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-20 12:33 . 2009-04-06 17:08 5177 -c--a-w C:\aaw7boot.log
    2009-04-20 04:20 . 2007-07-10 05:22 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-19 19:37 . 2006-05-06 06:52 -------- d-----w c:\program files\Secure-Delete
    2009-04-18 23:05 . 2006-05-01 17:36 -------- d--h--r c:\documents and settings\Carlito Corway\Application Data\yahoo!
    2009-04-17 09:48 . 2007-04-27 21:42 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\LimeWire
    2009-04-17 08:37 . 2007-01-15 05:01 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2009-04-15 07:11 . 2006-11-24 01:44 -------- d-----w c:\program files\eBay
    2009-04-15 06:29 . 2006-10-08 12:12 -------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
    2009-04-14 15:17 . 2008-03-14 04:06 -------- d-----w c:\program files\CA
    2009-04-14 15:15 . 2008-03-14 03:56 -------- d-----w c:\documents and settings\All Users\Application Data\Virgin Broadband
    2009-04-14 14:36 . 2008-03-14 03:57 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\Virgin Broadband
    2009-04-12 03:10 . 2006-12-15 08:30 -------- d-----w c:\program files\File-Saver
    2009-04-11 23:38 . 2006-04-14 01:41 40256 ----a-w c:\documents and settings\Carlito Corway\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-08 16:19 . 2006-04-14 02:36 -------- d-----w c:\program files\Common Files\Real
    2009-04-07 05:33 . 2006-04-14 01:38 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-07 05:33 . 2009-03-02 01:35 -------- d-----w c:\program files\HOTALBUMMyBOX
    2009-04-07 05:29 . 2009-03-02 01:39 -------- d-----w c:\program files\CASIO
    2009-04-06 17:51 . 2008-04-11 19:28 -------- d-----w c:\program files\Common Files\Teleca Shared
    2009-04-06 16:17 . 2006-08-05 14:29 -------- d-----w c:\documents and settings\All Users\Application Data\Roxio
    2009-04-06 16:16 . 2006-04-14 03:05 -------- d-----w c:\program files\Common Files\Roxio Shared
    2009-04-06 15:52 . 2006-05-03 14:08 50432 ----a-w c:\documents and settings\Carlito Corway\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-06 15:21 . 2007-01-28 09:24 -------- d-----w c:\program files\PhotoArtMaster Classic
    2009-04-06 15:14 . 2008-08-11 02:08 -------- d-----w c:\program files\CamStudio
    2009-04-06 02:48 . 2008-11-19 07:44 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
    2009-04-06 01:06 . 2008-11-18 23:11 -------- d-----w c:\program files\Pinnacle
    2009-04-05 08:54 . 2007-07-10 06:27 144756 -c--a-w C:\avi_log.txt
    2009-04-05 05:58 . 2006-04-14 02:23 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-03-31 23:54 . 2008-06-19 20:59 -------- d-----w c:\program files\Common Files\DVDVideoSoft
    2009-03-31 23:53 . 2009-03-05 05:29 -------- d-----w c:\program files\DVDVideoSoft
    2009-03-31 22:46 . 2007-01-11 09:30 -------- d-----w c:\program files\PeerGuardian2
    2009-03-29 01:28 . 2006-04-25 06:20 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-03-29 01:24 . 2006-05-01 17:27 -------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
    2009-03-29 01:24 . 2006-04-25 06:19 -------- d-----w c:\program files\Yahoo!
    2009-03-24 05:37 . 2008-09-05 15:49 -------- d-----w c:\program files\Flickr Uploadr
    2009-03-22 05:26 . 2009-03-21 07:39 -------- d-----w c:\program files\ZD Soft
    2009-03-16 00:47 . 2006-04-14 02:08 -------- d-----w c:\program files\Google
    2009-03-14 18:46 . 2009-03-14 18:41 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\Audacity
    2009-03-08 03:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 03:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 03:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 03:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 03:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 03:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 03:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 03:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 03:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 03:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
    2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
    2009-03-04 15:11 . 2009-03-04 15:11 -------- d-----w c:\program files\BadgerIT
    2009-03-03 18:10 . 2009-03-03 18:10 -------- d-----w c:\program files\AskSearch
    2009-03-02 18:26 . 2008-05-13 01:10 -------- d-----w c:\program files\NCH Swift Sound
    2009-03-02 18:26 . 2008-05-13 01:10 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\NCH Swift Sound
    2009-03-02 17:12 . 2009-03-02 17:11 -------- d-----w c:\program files\Essentials Codec Pack
    2009-03-02 02:24 . 2009-03-02 02:24 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\CASIO
    2009-03-02 01:23 . 2006-11-28 06:45 -------- d-----w c:\documents and settings\Carlito Corway\Application Data\Apple Computer
    2009-02-28 00:44 . 2009-02-28 00:44 -------- d-----w c:\program files\NCH Software
    2009-02-09 10:20 . 2004-08-04 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:20 . 2004-08-04 12:00 399360 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:20 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
    2009-02-09 10:20 . 2004-08-04 12:00 616960 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:19 . 2004-08-04 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
    2009-02-06 17:24 . 2004-08-04 12:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-06 17:14 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
    2009-02-06 16:54 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
    2009-02-06 16:49 . 2004-08-03 22:59 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-05 23:35 . 2009-02-05 23:35 189712 ----a-w c:\windows\system32\RALMain.dll
    2009-02-05 23:35 . 2009-02-05 23:35 38160 ----a-w c:\windows\system32\MLPagAx.dll
    2009-02-05 23:33 . 2009-02-05 23:33 54544 ----a-w c:\windows\system32\PCLEGetGuid.dll
    2009-02-03 20:08 . 2004-08-04 12:00 55808 ----a-w c:\windows\system32\secur32.dll
    2007-09-17 15:24 . 2006-10-18 05:56 17 ---ha-w c:\documents and settings\Carlito Corway\Local Settings\Application Data\19720201.dat
    2006-04-29 10:01 . 2006-04-29 10:02 774144 ----a-w c:\program files\RngInterstitial.dll
    2004-10-01 14:00 . 2006-11-24 14:07 40960 ----a-w c:\program files\Uninstall_CDS.exe
    2008-02-09 07:2007-01-15 05:02 38:54 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "SpybotSD TeaTimer"="c:\spybot - search & destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2004-08-04 77891]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "Motive SmartBridge"="c:\progra~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe" [2005-09-22 438359]
    "Media Codec Update Service"="c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-01-25 196608]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-07-17 90112]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 185896]
    "Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]
    "PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
    "-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-04-08 335872]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    blueyonder Instant Support Tool.lnk - c:\program files\blueyonder IST\bin\blueyonder-istconfig.exe [2006-5-24 217088]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-6 169472]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Mozilla Firefox.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Mozilla Firefox.lnk
    backup=c:\windows\pss\Mozilla Firefox.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YouTube Uploader for CASIO.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\YouTube Uploader for CASIO.lnk
    backup=c:\windows\pss\YouTube Uploader for CASIO.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Carlito Corway^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Carlito Corway\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "PDEngine"=3 (0x3)
    "PDAgent"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "Lavasoft Ad-Aware Service"=2 (0x2)
    "ITMRTSVC"=2 (0x2)
    "dvpapi"=2 (0x2)
    "NMIndexingService"=3 (0x3)
    "LvHidSvc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

    R0 TfFsMon;TfFsMon; [x]
    R0 TfSysMon;TfSysMon; [x]
    R2 gupdate1c9a5d083292664;Google Update Service (gupdate1c9a5d083292664);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 133104]
    R2 OMSCAN;OMSCAN; [x]
    R2 sstsmonsvc;StopSign Antivirus Security Center Provider;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-02-24 111952]
    R3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
    R3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-09 29744]
    R3 iAimFP8;iAimFP8;c:\windows\system32\DRIVERS\wADV11nt.sys [2002-07-23 11935]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
    R3 SCREAMINGBDRIVER;Screaming Bee Audio; [x]
    R3 TfNetMon;TfNetMon; [x]
    R3 USBSHGX;SHARP GSM GPRS USB Driver 2.0.0;c:\windows\system32\DRIVERS\usbgx_2.sys [2004-03-25 24144]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
    S2 eac_notifysvc;eAcceleration Notification Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-02-24 111952]
    S2 eac_productsvc;eAcceleration Product Manager Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [2009-02-24 263504]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
    S3 4mmdat;4mmdat;c:\windows\system32\DRIVERS\4mmdat.sys [2004-08-03 12288]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

    2009-04-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2009-04-20 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-15 22:38]

    2009-04-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 00:45]

    2009-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1897051121-725345543-1003.job
    - c:\documents and settings\Carlito Corway\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 19:45]

    2009-04-20 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-RunOnce-<NO NAME> - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    Trusted Zone: cover-paradies.to\www
    Trusted Zone: freewebs.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Carlito Corway\Application Data\Mozilla\Firefox\Profiles\teov9h8y.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1822311&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Ask
    FF - prefs.js: browser.startup.homepage - javascript:document.location='hxxp://keepvid.com/?url='+escape(window.location);
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
    FF - component: c:\documents and settings\Carlito Corway\Application Data\Mozilla\Firefox\Profiles\teov9h8y.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
    FF - component: c:\documents and settings\Carlito Corway\Application Data\Mozilla\Firefox\Profiles\teov9h8y.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
    FF - component: c:\documents and settings\Carlito Corway\Application Data\Mozilla\Firefox\Profiles\teov9h8y.default\extensions\{943c7cef-740f-430f-9538-e6945a985368}\components\FFAlert.dll
    FF - component: c:\documents and settings\Carlito Corway\Application Data\Mozilla\Firefox\Profiles\teov9h8y.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFAlert.dll
    FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\Carlito Corway\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-20 13:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gaopdxserv.sys]
    "imagepath"="\systemroot\system32\drivers\gaopdxnbdotlmjkrqevpwuvtryasuvptjpsali.sys"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]
    "ImagePath"="\Sys"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9c,4c,8e,cf,98,
    d9,8a,9d,2e,e8,e1,00,eb,16,2b,de,b9,6a,ed,a1,05,71,de,cd,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,f1,ef,f2,5a,9b,
    33,b7,d8,46,47,15,b0,92,4b,c7,ef,41,ab,ee,3b,81,05,f7,77,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,29,1e,16,a7,30,
    8e,cb,fd,7a,45,05,fd,91,e8,6f,31,a9,4b,78,d3,ea,2b,66,92,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,e6,74,b4,70,ba,
    ff,42,7b,6b,65,49,6a,7e,99,74,f7,98,7c,8f,40,7b,57,7c,97,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,6a,42,64,ec,40,
    a6,93,15,e9,02,6c,fa,fb,1d,47,57,ef,3c,96,32,61,0d,44,02,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,30,85,02,b2,8b,
    0f,47,39,50,93,e5,ab,ec,6a,4e,ab,7c,4c,b9,df,fb,fe,c7,94,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,17,ed,dc,da,e9,
    63,cd,0a,97,20,4e,9a,c7,f1,35,ee,e1,89,13,69,31,e3,91,2a,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,02,00,27,91,ec,
    f6,17,0d,aa,52,c6,00,84,3c,26,64,7c,52,ab,74,53,24,61,e8,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,48,b6,59,b6,ef,
    e2,41,12,b2,46,9a,e2,1b,fe,1b,94,74,31,86,40,5a,fb,33,ee,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,6f,a8,55,d9,f3,
    64,14,5f,37,a4,aa,c3,a6,15,56,0a,da,2b,95,15,bf,88,7b,3b,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,82,a1,14,7e,31,
    1b,bf,c9,f8,31,0f,a9,5f,a0,ec,fb,90,a8,a5,96,b5,33,49,3a,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,04,ca,da,0c,13,
    bc,1b,39,05,73,21,dd,54,d8,4a,c5,9d,15,cf,58,bb,eb,59,06,6c,43,2d,1e,aa,22,\
    .
    Completion time: 2009-04-20 13:48
    ComboFix-quarantined-files.txt 2009-04-20 12:47

    Pre-Run: 35,682,373,632 bytes free
    Post-Run: 36,171,739,136 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    407 --- E O F --- 2009-04-16 08:17

    And HT Scan

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:38:23, on 20/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SYSTEM32\USRshutA.exe
    C:\WINDOWS\SYSTEM32\USRmlnkA.exe
    C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\Program Files\Virgin Broadband\PCguard\Rps.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Spybot - Search & Destroy\SpybotSD.exe
    C:\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
    O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
    O4 - HKUS\S-1-5-21-796845957-1897051121-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
    O4 - HKUS\S-1-5-21-796845957-1897051121-725345543-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\yawspy\TeaTimer.exe (User 'Administrator')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144979886703
    O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.co...x/HMAtchmt.ocx
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
    O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9a5d083292664) (gupdate1c9a5d083292664) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10717 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •