Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Beginning to lose hope

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Beginning to lose hope

Unread postby halfassed » November 23rd, 2007, 10:47 pm

I've posted on a few different boards, and I'm losing hope that someone can help me. Is my problem that difficult or does the malware world just despise Vista??
If anyone has any suggestions on how to get rid of this trojan/virus or whatever it is, pleeeeeeaase help me out.

Popups on IE, slow running, and God only knows what else. I have run ComboFix, and things have gotten marginally better but I know there are still some hidden issues. I will post Combofix, and HJT logs if anyone is interested.

Thanks
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm
Advertisement
Register to Remove

Re: Beginning to lose hope

Unread postby DFW » November 24th, 2007, 5:16 am

Hello and wecome . My name is DFW and I will be assisting you with your malware issues .

Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Beginning to lose hope

Unread postby DFW » November 24th, 2007, 2:46 pm

Make sure you have the latest Highjackthis, version 2.0.2, if not delete your current one and download and install this one, then post a log




Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
  • Don't use the Analyse This button, its findings are dangerous if misinterpreted.
  • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Just post a new HJT log for the moment
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Beginning to lose hope

Unread postby halfassed » November 24th, 2007, 3:37 pm

I'd just like to thank you in advance for your help!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:36 PM, on 24/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Elantech\Ktp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mdg.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {2330BF12-9FBF-4EE9-A84E-65107F7B5FF8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73E30260-CABD-4260-9133-39B24F34A9B9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {89D7A724-C668-4139-A206-3DED8B6B97E0} - (no file)
O2 - BHO: (no name) - {FB3C35D3-D4C5-4C68-8A14-1A6375E41507} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [28e18d91] rundll32.exe "C:\Windows\system32\irnuxtta.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqnkhf - C:\Windows\SYSTEM32\ssqnkhf.dll
O20 - Winlogon Notify: vvsqvoej - C:\Windows\
O20 - Winlogon Notify: wvuuurs - C:\Windows\SYSTEM32\wvuuurs.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8910 bytes
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: Beginning to lose hope

Unread postby DFW » November 24th, 2007, 6:30 pm

Ok you are quiet heavely infected, as you are now going to be helped here, can you please
repost to the other forums and let them know, we dont what a helpers time taken up searching you logs, sometimes it can take them
days to get to you.

May I draw your attention to the Forum Guidelines on Multi-Posting
  • If you wish to continue here, please notify the other forums so they can close your threads.
  • If you wish to be helped elsewhere let me know so I can close your thread here.

Let them know and we carry on.



To start with just fix this one line

Open up Hijackthis
Click on do a system scan only.
Place a checkmark next to this line

O13 - Gopher Prefix:


Then close all windows except Hijackthis and click Fix Checked



Can you now please post the combofix log you ran before so I can see what it has deleted, and a new HJT Log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Beginning to lose hope

Unread postby halfassed » November 24th, 2007, 7:39 pm

OK.....Other boards notified, thanks again.

Started with line 013, here is new HJT log and combofix log from earlier:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:32 PM, on 24/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Elantech\Ktp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mdg.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {2330BF12-9FBF-4EE9-A84E-65107F7B5FF8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73E30260-CABD-4260-9133-39B24F34A9B9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {89D7A724-C668-4139-A206-3DED8B6B97E0} - (no file)
O2 - BHO: (no name) - {FB3C35D3-D4C5-4C68-8A14-1A6375E41507} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [28e18d91] rundll32.exe "C:\Windows\system32\irnuxtta.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqnkhf - C:\Windows\SYSTEM32\ssqnkhf.dll
O20 - Winlogon Notify: vvsqvoej - C:\Windows\
O20 - Winlogon Notify: wvuuurs - C:\Windows\SYSTEM32\wvuuurs.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8796 bytes





ComboFix 07-11-19.3 - RHW 2007-11-23 17:45:09.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.434 [GMT -5:00]
Running from: C:\Users\RHW\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-19 19:35 0 --a------ C:\ntuser.dat
2007-11-19 04:13 1,326 ---hs---- C:\Windows\System32\xmgprvop.ini
2007-11-16 22:11 36,352 --a------ C:\Windows\System32\wvuuurs.dll
2007-11-14 17:49 2,923,520 --a------ C:\Windows\explorer.exe
2007-11-14 17:49 258,232 --a------ C:\Windows\System32\drivers\acpi.sys
2007-11-14 17:49 28,344 --a------ C:\Windows\System32\drivers\battc.sys
2007-11-14 17:49 14,208 --a------ C:\Windows\System32\drivers\CmBatt.sys
2007-11-11 09:08 729,436 --a------ C:\Windows\System32\PerfStringBackup.INI
2007-11-07 10:26 96,832 --a------ C:\Windows\System32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 04:35 12,931 ----a-w C:\Users\RHW\AppData\Roaming\nvModes.dat
2007-11-23 01:33 85,056 ----a-w C:\Windows\System32\irnuxtta.dll
2007-11-21 21:03 --------- d-----w C:\Program Files\McAfee
2007-11-21 20:57 85,056 ----a-w C:\Windows\System32\agjiwcfj.dll
2007-11-19 09:13 85,056 ----a-w C:\Windows\System32\povrpgmx.dll
2007-11-17 21:12 85,056 ----a-w C:\Windows\System32\cdbviigs.dll
2007-11-17 03:24 36,352 ----a-w C:\Windows\System32\ssqnkhf.dll
2007-11-17 03:15 --------- d-----w C:\Program Files\SlySoft
2007-11-17 03:13 36,352 ----a-w C:\Windows\System32\mljhgee.dll
2007-11-17 03:11 --------- d-----w C:\Users\RHW\AppData\Roaming\Azureus
2007-11-14 22:51 --------- d-----w C:\Program Files\Windows Mail
2007-11-14 22:49 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 22:49 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 22:49 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 22:49 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 22:49 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 22:49 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-14 22:49 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-14 22:49 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 22:49 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 22:49 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 22:49 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 22:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 22:46 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-11 13:57 --------- d-----w C:\Program Files\AnyDVD
2007-11-09 01:09 --------- d-----w C:\Program Files\Azureus
2007-10-30 01:12 --------- d-----w C:\Users\RHW\AppData\Roaming\LimeWire
2007-10-29 02:19 4,128 ----a-w C:\Users\RHW\AppData\Roaming\wklnhst.dat
2007-10-20 14:29 --------- d-----w C:\ProgramData\DVD Shrink
2007-10-18 21:26 679,936 ----a-w C:\Windows\System32\NETw4c32.dll
2007-10-18 21:26 2,756,608 ----a-w C:\Windows\System32\NETw4r32.dll
2007-10-18 21:26 2,216,448 ----a-w C:\Windows\system32\drivers\NETw4v32.sys
2007-10-16 20:00 --------- d-----w C:\Program Files\LimeWire
2007-10-09 21:53 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-09 21:53 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-09 21:53 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-09 21:53 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-09 21:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-09 21:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-09 21:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-09 21:50 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-09 21:50 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-09 21:49 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-03 13:18 99,840 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
2007-08-31 00:33 174 --sha-w C:\Program Files\desktop.ini
2007-08-29 23:48 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-08-29 23:48 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-08-29 23:48 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-08-29 23:48 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-08-29 23:48 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-08-29 23:48 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-08-29 23:48 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-08-29 23:48 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-08-29 23:48 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-08-29 23:48 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-08-29 23:48 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-08-29 23:48 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-08-29 23:48 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-08-29 23:48 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-08-29 23:48 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-08-29 21:27 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-08-29 21:27 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-08-29 21:27 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-08-29 21:27 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-08-29 21:27 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-08-29 21:27 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-08-29 21:26 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-08-29 21:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-08-29 21:26 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-08-29 21:26 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-08-29 21:26 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-08-29 21:26 134,656 ----a-w C:\Windows\System32\dps.dll
2007-08-29 21:26 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-08-29 21:26 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-29 21:23 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-08-24 22:08 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
2007-08-23 22:27 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-08-23 22:27 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-08-23 22:27 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-08-23 22:27 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-08-23 22:26 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-08-23 22:26 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-08-23 22:26 33,624 ----a-w C:\Windows\System32\wups.dll
2007-08-23 22:25 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-08-23 22:25 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-03-28 14:37 94,504 ----a-w C:\Users\RHW\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-05-21 00:59 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-21 00:59 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-21 00:59 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-22_23.35.30.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-23 04:33:18 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-11-23 22:00:30 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-11-23 04:33:46 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-11-23 22:04:05 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-11-21 22:23:29 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-23 22:00:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-23 04:33:45 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-11-23 22:48:00 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-11-23 04:33:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-23 22:18:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-23 04:33:23 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-23 22:18:35 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-23 04:33:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-23 22:18:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-22 00:01:43 112,216 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-11-23 22:06:42 112,216 ----a-w C:\Windows\System32\perfc009.dat
- 2007-11-22 00:01:43 631,670 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-11-23 22:06:42 631,670 ----a-w C:\Windows\System32\perfh009.dat
- 2007-11-21 22:30:27 8,066 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3943849027-2943953009-2692591963-1002_UserData.bin
+ 2007-11-23 22:04:54 8,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3943849027-2943953009-2692591963-1002_UserData.bin
- 2007-11-21 22:30:26 60,740 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-23 22:04:53 60,928 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-11-21 22:30:24 46,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-11-23 22:04:51 46,484 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2330BF12-9FBF-4EE9-A84E-65107F7B5FF8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E30260-CABD-4260-9133-39B24F34A9B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89D7A724-C668-4139-A206-3DED8B6B97E0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB3C35D3-D4C5-4C68-8A14-1A6375E41507}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-16 07:42]
"NvSvc"="RUNDLL32.exe" [2006-11-02 04:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 04:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 04:45 C:\Windows\System32\rundll32.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 16:37 C:\Windows\RtHDVCpl.exe]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-09-15 16:21]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-11-28 17:42]
"IFXSPMGT"="C:\Windows\system32\IFXSPMGT.exe" [2006-11-13 17:23]
"CASS"="C:\Program Files\Compal Electronics" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-08 21:39]
"NWEReboot"="" []
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2006-03-28 05:36]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
"28e18d91"="C:\Windows\system32\irnuxtta.dll" [2007-11-22 20:33]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-21 17:12:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"= C:\Windows\system32\ssqnkhf.dll [2007-11-16 22:24 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnkhf]
ssqnkhf.dll 2007-11-16 22:24 36352 C:\Windows\System32\ssqnkhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vvsqvoej]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuuurs]
wvuuurs.dll 2007-11-16 22:11 36352 C:\Windows\System32\wvuuurs.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys
R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys
R3 EMSCR;EMSCR;C:\Windows\system32\DRIVERS\EMS7SK.sys
R3 ESDCR;ESDCR;C:\Windows\system32\DRIVERS\ESD7SK.sys
R3 Ktp;Elantech Touchpad;C:\Windows\system32\DRIVERS\Ktp.sys
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys
R3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys
S3 moufiltr;Mouse Filter;C:\Windows\system32\DRIVERS\moufiltr.sys
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ

.
Contents of the 'Scheduled Tasks' folder
"2007-03-24 21:08:37 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-03-24 21:08:37 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-23 22:45:09 C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 17:48:17
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 17:49:42
C:\ComboFix2.txt ... 2007-11-22 23:36
.
--- E O F ---
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: Beginning to lose hope

Unread postby DFW » November 25th, 2007, 7:57 am

You are running P2P filesharing programme's, "LimeWire"and "Azureus".

  • Many of these programmes come with unwanted components bundled with them.
  • If you wish to find out whether the one you're using does click here.

Please note: Even if you are using a "safe" P2P programme, it is only the programme that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them
http://forum.malwareremoval.com/viewtop ... e3e96420cc


My recommendation is you uninstall it.




Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Beginning to lose hope

Unread postby halfassed » November 25th, 2007, 9:53 am

Limewire, and Azeurus removed as well as anotherr called emule that I really have never used. Is there any P2P that is moderately safe to use with proper scanning? Torrent or otherwise?

her is the log from WinPFind:

WinPFind3 logfile created on: 25/11/2007 8:39:14 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Users\RHW\Desktop\winPFind\WinPFind3u\
Windows Vista (TM) Home Premium (Version = 6.0.6000)
Internet Explorer (Version = 7.0.6000.16546)

1021.38 Mb Total Physical Memory | 400.27 Mb Available Physical Memory | 39.19% Memory free
2.24 Gb Paging File | 1.30 Gb Available in Paging File | 57.88% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 98.24 Gb Free Space | 65.91% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: HALF-FAST
Current User Name: RHW
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
agrsmsvc.exe -> %System32%\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 29/11/2006 8:55:00 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 PM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 6.0.1.3400 | Size = 719664 bytes | Modified Date = 21/11/2006 5:12:42 PM | Attr = ]
ifxpsdsv.exe -> %System32%\IfxPsdSv.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 136736 bytes | Modified Date = 13/11/2006 5:11:54 PM | Attr = ]
ifxspmgt.exe -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
ifxtcs.exe -> %System32%\IFXTCS.exe -> Infineon Technologies AG [Ver = 3.00.1137.00 | Size = 824864 bytes | Modified Date = 15/11/2006 2:54:50 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 503608 bytes | Modified Date = 14/09/2007 8:59:56 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 267064 bytes | Modified Date = 14/09/2007 9:00:06 AM | Attr = ]
ktp.exe -> %ProgramFiles%\Elantech\Ktp.exe -> ELANTECH Devices Corp. [Ver = 5, 0, 3, 5 | Size = 512000 bytes | Modified Date = 28/03/2006 5:36:04 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 04/08/2007 1:33:14 AM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 6:08:06 AM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 7:15:18 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 11:36:04 AM | Attr = ]
mcshell.exe -> %ProgramFiles%\McAfee\MSC\mcshell.exe -> McAfee, Inc. [Ver = 8,0,226,0 | Size = 854864 bytes | Modified Date = 13/07/2007 3:14:52 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 24/07/2007 11:02:14 AM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 12:41:52 AM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 2:54:42 PM | Attr = ]
omniserv.exe -> %ProgramFiles%\Softex\OmniPass\OmniServ.exe -> Softex Inc. [Ver = 5.0.0.1 | Size = 36864 bytes | Modified Date = 28/11/2006 5:41:00 PM | Attr = ]
psdrt.exe -> %ProgramFiles%\Infineon\Security Platform Software\PSDrt.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 173600 bytes | Modified Date = 13/11/2006 5:19:20 PM | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 4:37:00 PM | Attr = ]
scureapp.exe -> %ProgramFiles%\Softex\OmniPass\scureapp.exe -> [Ver = 5, 0, 0, 1 | Size = 2174976 bytes | Modified Date = 28/11/2006 5:42:52 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 08/02/2007 9:39:34 PM | Attr = ]
sptna.exe -> %ProgramFiles%\Infineon\Security Platform Software\SpTNA.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 656928 bytes | Modified Date = 13/11/2006 5:03:32 PM | Attr = ]
vsnp2std.exe -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 7, 0 | Size = 675840 bytes | Modified Date = 15/09/2006 4:21:54 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winPFind\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21/11/2007 9:19:46 AM | Attr = ]
wireless select switch.exe -> %ProgramFiles%\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe -> [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 20/06/2006 3:12:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/08/2007 5:47:04 PM | Attr = ]
(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> %System32%\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 29/11/2006 8:55:00 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 PM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 6:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(IFXSpMgtSrv) Security Platform Management Service [Win32_Own | Auto | Running] -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
(IFXTCS) Trusted Platform Core Service [Win32_Own | Auto | Running] -> %System32%\IFXTCS.exe -> Infineon Technologies AG [Ver = 3.00.1137.00 | Size = 824864 bytes | Modified Date = 15/11/2006 2:54:50 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 503608 bytes | Modified Date = 14/09/2007 8:59:56 AM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 6:08:06 AM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 7:15:18 PM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 25/07/2007 2:16:16 AM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 11:36:04 AM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 12:41:52 AM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 2:54:42 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(omniserv) Softex OmniPass Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Softex\OmniPass\OmniServ.exe -> Softex Inc. [Ver = 5.0.0.1 | Size = 36864 bytes | Modified Date = 28/11/2006 5:41:00 PM | Attr = ]
(PersonalSecureDriveService) Personal Secure Drive Service [Win32_Own | Auto | Running] -> %System32%\IfxPsdSv.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 136736 bytes | Modified Date = 13/11/2006 5:11:54 PM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 31/08/2007 3:46:18 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
28e18d91 -> %System32%\irnuxtta.dll [rundll32.exe "C:\Windows\system32\irnuxtta.dll",b] -> [Ver = | Size = 85056 bytes | Modified Date = 22/11/2007 8:33:20 PM | Attr = ]
CASS -> %ProgramFiles%\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe -> [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 20/06/2006 3:12:18 PM | Attr = ]
IFXSPMGT -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 267064 bytes | Modified Date = 14/09/2007 9:00:06 AM | Attr = ]
KTPWare -> %ProgramFiles%\Elantech\Ktp.exe -> ELANTECH Devices Corp. [Ver = 5, 0, 3, 5 | Size = 512000 bytes | Modified Date = 28/03/2006 5:36:04 AM | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 04/08/2007 1:33:14 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 7766016 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 81920 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NvSvc -> %System32%\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 90191 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NWEReboot -> -> File not found
OmniPass -> %ProgramFiles%\Softex\OmniPass\scureapp.exe -> [Ver = 5, 0, 0, 1 | Size = 2174976 bytes | Modified Date = 28/11/2006 5:42:52 PM | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 4:37:00 PM | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 08/02/2007 9:39:34 PM | Attr = ]
snp2std -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 7, 0 | Size = 675840 bytes | Modified Date = 15/09/2006 4:21:54 PM | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> File not found
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 30/03/2006 3:45:08 PM | Attr = R ]
< Common Startup > -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 9:05:26 PM | Attr = ]
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 6.0.1.3400 | Size = 719664 bytes | Modified Date = 21/11/2006 5:12:42 PM | Attr = ]
< User Startup > -> C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ->
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 6:16:50 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{60E2746A-9C2E-45A2-85CE-7E1A8A890961} [HKLM] -> %System32%\ssqnkhf.dll [] -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:25:00 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ssqnkhf -> %System32%\ssqnkhf.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:25:00 PM | Attr = ]
vvsqvoej -> Reg Data - Value does not exist -> File not found
wvuuurs -> %System32%\wvuuurs.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:11:38 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.mdg.ca ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\Windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://sympatico.my.msn.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 3:16:42 AM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
{2330BF12-9FBF-4EE9-A84E-65107F7B5FF8} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 3:46:14 PM | Attr = ]
{73E30260-CABD-4260-9133-39B24F34A9B9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 3:00:36 AM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 66880 bytes | Modified Date = 24/07/2007 11:02:40 AM | Attr = ]
{89D7A724-C668-4139-A206-3DED8B6B97E0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{FB3C35D3-D4C5-4C68-8A14-1A6375E41507} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 3:00:36 AM | Attr = ]
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 5601 bytes | Modified Date = 26/10/2006 10:28:50 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 3:46:14 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Send image to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 2773 bytes | Modified Date = 29/08/2006 6:12:28 PM | Attr = ]
Send page to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm -> [Ver = | Size = 5601 bytes | Modified Date = 26/10/2006 10:28:50 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{144AAE16-8B7F-4B11-9A0F-58C20FACFDE4} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
{1AD799CF-CB7E-40D3-A7EC-2362464A8B24} -> () ->
{579BF180-7F95-4B80-A216-3B5BAD8461C8} -> (Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) ->
{9AB61100-357B-40A8-91C9-0764C63731BE} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> Reg Data - Key not found -> File not found
dvd -> Reg Data - Key not found -> File not found
its -> Reg Data - Key not found -> File not found
mhtml -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 06/08/2007 11:43:20 AM | Attr = R ]
tv -> Reg Data - Key not found -> File not found
vbscript -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{8FD07749-EFFA-48C6-947C-45A8D7BF422F} -> CLVistaGenie Control - CodeBase = http://www.cyberlink.com/vista/prog/CLVistaGenie.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/s ... wflash.cab ->


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 23/11/2007 5:44:42 PM | Attr = ]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = ]
ntuser.dat.LOG1 -> %SystemDrive%\ntuser.dat.LOG1 -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = H ]
ntuser.dat.LOG2 -> %SystemDrive%\ntuser.dat.LOG2 -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = H ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 22/11/2007 11:25:57 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Created Date = 22/11/2007 11:21:11 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 22/11/2007 11:35:55 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 22/11/2007 11:21:12 PM | Attr = ]
SA210D6F8.tmp -> %SystemRoot%\SA210D6F8.tmp -> [Ver = | Size = 24 bytes | Created Date = 11/11/2007 8:59:09 AM | Attr = HS]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 95 bytes | Created Date = 18/11/2007 10:18:22 AM | Attr = ]
agjiwcfj.dll -> %System32%\agjiwcfj.dll -> [Ver = | Size = 85056 bytes | Created Date = 21/11/2007 3:57:27 PM | Attr = ]
attxunri.ini -> %System32%\attxunri.ini -> [Ver = | Size = 466 bytes | Created Date = 22/11/2007 8:33:30 PM | Attr = HS]
attxunri.ini2 -> %System32%\attxunri.ini2 -> [Ver = | Size = 638 bytes | Created Date = 22/11/2007 11:34:19 PM | Attr = HS]
attxunri.tmp -> %System32%\attxunri.tmp -> [Ver = | Size = 578 bytes | Created Date = 22/11/2007 8:44:11 PM | Attr = HS]
cdbviigs.dll -> %System32%\cdbviigs.dll -> [Ver = | Size = 85056 bytes | Created Date = 17/11/2007 4:12:11 PM | Attr = ]
irnuxtta.dll -> %System32%\irnuxtta.dll -> [Ver = | Size = 85056 bytes | Created Date = 22/11/2007 8:33:18 PM | Attr = ]
jfcwijga.ini -> %System32%\jfcwijga.ini -> [Ver = | Size = 750 bytes | Created Date = 21/11/2007 3:57:38 PM | Attr = HS]
mljhgee.dll -> %System32%\mljhgee.dll -> [Ver = | Size = 36352 bytes | Created Date = 16/11/2007 10:13:36 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Created Date = 11/11/2007 9:08:08 AM | Attr = ]
povrpgmx.dll -> %System32%\povrpgmx.dll -> [Ver = | Size = 85056 bytes | Created Date = 19/11/2007 4:13:40 AM | Attr = ]
sgiivbdc.ini -> %System32%\sgiivbdc.ini -> [Ver = | Size = 406 bytes | Created Date = 17/11/2007 4:12:24 PM | Attr = HS]
ssqnkhf.dll -> %System32%\ssqnkhf.dll -> [Ver = | Size = 36352 bytes | Created Date = 16/11/2007 10:24:59 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 22/11/2007 11:21:10 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 22/11/2007 11:21:09 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 22/11/2007 11:21:09 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 22/11/2007 11:21:10 PM | Attr = ]
wlan.tmf -> %System32%\wlan.tmf -> [Ver = | Size = 1655289 bytes | Created Date = 14/11/2007 5:49:01 PM | Attr = ]
wvuuurs.dll -> %System32%\wvuuurs.dll -> [Ver = | Size = 36352 bytes | Created Date = 16/11/2007 10:11:36 PM | Attr = ]
xmgprvop.ini -> %System32%\xmgprvop.ini -> [Ver = | Size = 1326 bytes | Created Date = 19/11/2007 4:13:52 AM | Attr = HS]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.9.6 | Size = 96832 bytes | Created Date = 07/11/2007 10:26:08 AM | Attr = ]
hosts.20071030-144155.backup -> %System32%\drivers\etc\hosts.20071030-144155.backup -> [Ver = | Size = 178754 bytes | Created Date = 30/10/2007 1:41:55 PM | Attr = R ]
hosts.20071118-103140.backup -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Created Date = 18/11/2007 10:31:40 AM | Attr = R ]

[Files/Folders - Modified Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 23/11/2007 5:50:02 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071636480 bytes | Modified Date = 23/11/2007 5:00:24 PM | Attr = HS]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = ]
ntuser.dat.LOG1 -> %SystemDrive%\ntuser.dat.LOG1 -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = H ]
ntuser.dat.LOG2 -> %SystemDrive%\ntuser.dat.LOG2 -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 25/11/2007 8:36:50 AM | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 23/11/2007 5:49:46 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 24/11/2007 3:16:10 PM | Attr = HS]
Windows -> %SystemRoot% -> [Folder | Modified Date = 22/11/2007 11:35:56 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/11/2007 5:59:48 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 25/11/2007 8:15:18 AM | Attr = S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 23/11/2007 12:51:30 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Modified Date = 08/11/2007 4:59:02 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 18/11/2007 10:59:30 AM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 14/11/2007 5:51:28 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 22/11/2007 11:35:56 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 23/11/2007 5:06:44 PM | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 196446152 bytes | Modified Date = 11/11/2007 7:46:22 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 14/11/2007 5:59:50 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 11/11/2007 7:46:30 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 25/11/2007 8:38:50 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 23/11/2007 5:03:36 PM | Attr = H ]
SA210D6F8.tmp -> %SystemRoot%\SA210D6F8.tmp -> [Ver = | Size = 24 bytes | Modified Date = 11/11/2007 9:06:36 AM | Attr = HS]
System32 -> %System32% -> [Folder | Modified Date = 23/11/2007 5:06:44 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22/11/2007 11:29:20 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 25/11/2007 8:17:20 AM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 95 bytes | Modified Date = 18/11/2007 10:18:24 AM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 14/11/2007 5:55:08 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 23/11/2007 5:00:36 PM | Attr = H ]
User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job -> [Ver = | Size = 414 bytes | Modified Date = 25/11/2007 8:35:08 AM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4576 bytes | Modified Date = 25/11/2007 8:15:10 AM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4576 bytes | Modified Date = 25/11/2007 8:15:10 AM | Attr = H ]
agjiwcfj.dll -> %System32%\agjiwcfj.dll -> [Ver = | Size = 85056 bytes | Modified Date = 21/11/2007 3:57:28 PM | Attr = ]
attxunri.ini -> %System32%\attxunri.ini -> [Ver = | Size = 466 bytes | Modified Date = 22/11/2007 8:42:54 PM | Attr = HS]
attxunri.ini2 -> %System32%\attxunri.ini2 -> [Ver = | Size = 638 bytes | Modified Date = 23/11/2007 5:05:26 PM | Attr = HS]
attxunri.tmp -> %System32%\attxunri.tmp -> [Ver = | Size = 578 bytes | Modified Date = 22/11/2007 8:44:12 PM | Attr = HS]
catroot -> %System32%\catroot -> [Folder | Modified Date = 14/11/2007 5:55:10 PM | Attr = ]
catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 21/11/2007 8:27:58 PM | Attr = ]
cdbviigs.dll -> %System32%\cdbviigs.dll -> [Ver = | Size = 85056 bytes | Modified Date = 17/11/2007 4:12:14 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 15252 bytes | Modified Date = 25/11/2007 8:15:54 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 23/11/2007 5:45:22 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 338688 bytes | Modified Date = 14/11/2007 5:54:02 PM | Attr = ]
irnuxtta.dll -> %System32%\irnuxtta.dll -> [Ver = | Size = 85056 bytes | Modified Date = 22/11/2007 8:33:20 PM | Attr = ]
jfcwijga.ini -> %System32%\jfcwijga.ini -> [Ver = | Size = 750 bytes | Modified Date = 21/11/2007 7:01:54 PM | Attr = HS]
mljhgee.dll -> %System32%\mljhgee.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:13:38 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 112216 bytes | Modified Date = 23/11/2007 5:06:44 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 631670 bytes | Modified Date = 23/11/2007 5:06:44 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Modified Date = 23/11/2007 5:06:44 PM | Attr = ]
povrpgmx.dll -> %System32%\povrpgmx.dll -> [Ver = | Size = 85056 bytes | Modified Date = 19/11/2007 4:13:42 AM | Attr = ]
sgiivbdc.ini -> %System32%\sgiivbdc.ini -> [Ver = | Size = 406 bytes | Modified Date = 17/11/2007 4:13:08 PM | Attr = HS]
ssqnkhf.dll -> %System32%\ssqnkhf.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:25:00 PM | Attr = ]
Tasks -> %System32%\Tasks -> [Folder | Modified Date = 22/11/2007 11:29:20 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 14/11/2007 5:51:32 PM | Attr = ]
wlan.tmf -> %System32%\wlan.tmf -> [Ver = | Size = 1655289 bytes | Modified Date = 14/11/2007 5:49:02 PM | Attr = ]
wvuuurs.dll -> %System32%\wvuuurs.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:11:38 PM | Attr = ]
xmgprvop.ini -> %System32%\xmgprvop.ini -> [Ver = | Size = 1326 bytes | Modified Date = 20/11/2007 8:33:20 PM | Attr = HS]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.9.6 | Size = 96832 bytes | Modified Date = 07/11/2007 10:26:10 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 22/11/2007 11:33:40 PM | Attr = ]
hosts.20071118-103140.backup -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Modified Date = 30/10/2007 1:41:58 PM | Attr = R ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (196446152 bytes) ->
@Alternate Data Stream - 26 bytes -> %System32%\NETw4c32.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\NETw4r32.dll:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22/07/2007 6:39:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\NETw4v32.sys:Zone.Identifier ->
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071030-144155.backup -> [Ver = | Size = 178754 bytes | Modified Date = 13/09/2007 5:40:04 PM | Attr = R ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Modified Date = 30/10/2007 1:41:58 PM | Attr = R ]

< End of report >
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: Beginning to lose hope

Unread postby DFW » November 26th, 2007, 2:56 am

Hi we need to look a little deeper run Winpfind again but change the settings to 90 days

  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.

    • In the Files Created Within group click 90 days
    • In the Files Modified Within group select 90 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Beginning to lose hope

Unread postby halfassed » November 26th, 2007, 5:19 pm

WinPFind3 logfile created on: 26/11/2007 4:06:33 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Users\RHW\Desktop\winPFind\WinPFind3u\
Windows Vista (TM) Home Premium (Version = 6.0.6000)
Internet Explorer (Version = 7.0.6000.16546)

1021.38 Mb Total Physical Memory | 410.09 Mb Available Physical Memory | 40.15% Memory free
2.24 Gb Paging File | 1.42 Gb Available in Paging File | 63.57% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 93.84 Gb Free Space | 62.96% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: HALF-FAST
Current User Name: RHW
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
agrsmsvc.exe -> %System32%\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 29/11/2006 8:55:00 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 PM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 6.0.1.3400 | Size = 719664 bytes | Modified Date = 21/11/2006 5:12:42 PM | Attr = ]
ifxpsdsv.exe -> %System32%\IfxPsdSv.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 136736 bytes | Modified Date = 13/11/2006 5:11:54 PM | Attr = ]
ifxspmgt.exe -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
ifxtcs.exe -> %System32%\IFXTCS.exe -> Infineon Technologies AG [Ver = 3.00.1137.00 | Size = 824864 bytes | Modified Date = 15/11/2006 2:54:50 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 503608 bytes | Modified Date = 14/09/2007 8:59:56 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 267064 bytes | Modified Date = 14/09/2007 9:00:06 AM | Attr = ]
ktp.exe -> %ProgramFiles%\Elantech\Ktp.exe -> ELANTECH Devices Corp. [Ver = 5, 0, 3, 13 | Size = 647168 bytes | Modified Date = 14/02/2007 4:11:48 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 04/08/2007 1:33:14 AM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 6:08:06 AM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 7:15:18 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 11:36:04 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 24/07/2007 11:02:14 AM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 12:41:52 AM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 2:54:42 PM | Attr = ]
omniserv.exe -> %ProgramFiles%\Softex\OmniPass\OmniServ.exe -> Softex Inc. [Ver = 5.0.0.1 | Size = 36864 bytes | Modified Date = 28/11/2006 5:41:00 PM | Attr = ]
psdrt.exe -> %ProgramFiles%\Infineon\Security Platform Software\PSDrt.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 173600 bytes | Modified Date = 13/11/2006 5:19:20 PM | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 4:37:00 PM | Attr = ]
scureapp.exe -> %ProgramFiles%\Softex\OmniPass\scureapp.exe -> [Ver = 5, 0, 0, 1 | Size = 2174976 bytes | Modified Date = 28/11/2006 5:42:52 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 08/02/2007 9:39:34 PM | Attr = ]
sptna.exe -> %ProgramFiles%\Infineon\Security Platform Software\SpTNA.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 656928 bytes | Modified Date = 13/11/2006 5:03:32 PM | Attr = ]
vsnp2std.exe -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 7, 0 | Size = 675840 bytes | Modified Date = 15/09/2006 4:21:54 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winPFind\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21/11/2007 9:19:46 AM | Attr = ]
wireless select switch.exe -> %ProgramFiles%\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe -> [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 20/06/2006 3:12:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/08/2007 5:47:04 PM | Attr = ]
(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> %System32%\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 29/11/2006 8:55:00 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 PM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 6:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(IFXSpMgtSrv) Security Platform Management Service [Win32_Own | Auto | Running] -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
(IFXTCS) Trusted Platform Core Service [Win32_Own | Auto | Running] -> %System32%\IFXTCS.exe -> Infineon Technologies AG [Ver = 3.00.1137.00 | Size = 824864 bytes | Modified Date = 15/11/2006 2:54:50 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 503608 bytes | Modified Date = 14/09/2007 8:59:56 AM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 6:08:06 AM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 7:15:18 PM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 25/07/2007 2:16:16 AM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 11:36:04 AM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 12:41:52 AM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 2:54:42 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(omniserv) Softex OmniPass Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Softex\OmniPass\OmniServ.exe -> Softex Inc. [Ver = 5.0.0.1 | Size = 36864 bytes | Modified Date = 28/11/2006 5:41:00 PM | Attr = ]
(PersonalSecureDriveService) Personal Secure Drive Service [Win32_Own | Auto | Running] -> %System32%\IfxPsdSv.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 136736 bytes | Modified Date = 13/11/2006 5:11:54 PM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 31/08/2007 3:46:18 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
28e18d91 -> %System32%\irnuxtta.dll [rundll32.exe "C:\Windows\system32\irnuxtta.dll",b] -> [Ver = | Size = 85056 bytes | Modified Date = 22/11/2007 8:33:20 PM | Attr = ]
CASS -> %ProgramFiles%\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe -> [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 20/06/2006 3:12:18 PM | Attr = ]
IFXSPMGT -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 267064 bytes | Modified Date = 14/09/2007 9:00:06 AM | Attr = ]
KTPWare -> %ProgramFiles%\Elantech\Ktp.exe -> ELANTECH Devices Corp. [Ver = 5, 0, 3, 13 | Size = 647168 bytes | Modified Date = 14/02/2007 4:11:48 AM | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 04/08/2007 1:33:14 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 7766016 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 81920 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NvSvc -> %System32%\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 90191 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NWEReboot -> -> File not found
OmniPass -> %ProgramFiles%\Softex\OmniPass\scureapp.exe -> [Ver = 5, 0, 0, 1 | Size = 2174976 bytes | Modified Date = 28/11/2006 5:42:52 PM | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 4:37:00 PM | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 08/02/2007 9:39:34 PM | Attr = ]
snp2std -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 7, 0 | Size = 675840 bytes | Modified Date = 15/09/2006 4:21:54 PM | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> File not found
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 30/03/2006 3:45:08 PM | Attr = R ]
< Common Startup > -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 9:05:26 PM | Attr = ]
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 6.0.1.3400 | Size = 719664 bytes | Modified Date = 21/11/2006 5:12:42 PM | Attr = ]
< User Startup > -> C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ->
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 6:16:50 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{60E2746A-9C2E-45A2-85CE-7E1A8A890961} [HKLM] -> %System32%\ssqnkhf.dll [] -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:25:00 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ssqnkhf -> %System32%\ssqnkhf.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:25:00 PM | Attr = ]
vvsqvoej -> Reg Data - Value does not exist -> File not found
wvuuurs -> %System32%\wvuuurs.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:11:38 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.mdg.ca ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\Windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://sympatico.my.msn.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 3:16:42 AM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
{2330BF12-9FBF-4EE9-A84E-65107F7B5FF8} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 3:46:14 PM | Attr = ]
{73E30260-CABD-4260-9133-39B24F34A9B9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 3:00:36 AM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 66880 bytes | Modified Date = 24/07/2007 11:02:40 AM | Attr = ]
{89D7A724-C668-4139-A206-3DED8B6B97E0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{FB3C35D3-D4C5-4C68-8A14-1A6375E41507} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 3:00:36 AM | Attr = ]
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 5601 bytes | Modified Date = 26/10/2006 10:28:50 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 3:46:14 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Send image to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 2773 bytes | Modified Date = 29/08/2006 6:12:28 PM | Attr = ]
Send page to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm -> [Ver = | Size = 5601 bytes | Modified Date = 26/10/2006 10:28:50 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{144AAE16-8B7F-4B11-9A0F-58C20FACFDE4} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
{1AD799CF-CB7E-40D3-A7EC-2362464A8B24} -> () ->
{579BF180-7F95-4B80-A216-3B5BAD8461C8} -> (Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) ->
{9AB61100-357B-40A8-91C9-0764C63731BE} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> Reg Data - Key not found -> File not found
dvd -> Reg Data - Key not found -> File not found
its -> Reg Data - Key not found -> File not found
mhtml -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 06/08/2007 11:43:20 AM | Attr = R ]
tv -> Reg Data - Key not found -> File not found
vbscript -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{8FD07749-EFFA-48C6-947C-45A8D7BF422F} -> CLVistaGenie Control - CodeBase = http://www.cyberlink.com/vista/prog/CLVistaGenie.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/s ... wflash.cab ->


[Files/Folders - Created Within 90 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 23/11/2007 5:44:42 PM | Attr = ]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = ]
ntuser.dat.LOG1 -> %SystemDrive%\ntuser.dat.LOG1 -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = H ]
ntuser.dat.LOG2 -> %SystemDrive%\ntuser.dat.LOG2 -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = H ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 22/11/2007 11:25:57 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Created Date = 22/11/2007 11:21:11 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 22/11/2007 11:35:55 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 22/11/2007 11:21:12 PM | Attr = ]
SA210D6F8.tmp -> %SystemRoot%\SA210D6F8.tmp -> [Ver = | Size = 24 bytes | Created Date = 11/11/2007 8:59:09 AM | Attr = HS]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 95 bytes | Created Date = 18/11/2007 10:18:22 AM | Attr = ]
agjiwcfj.dll -> %System32%\agjiwcfj.dll -> [Ver = | Size = 85056 bytes | Created Date = 21/11/2007 3:57:27 PM | Attr = ]
attxunri.ini -> %System32%\attxunri.ini -> [Ver = | Size = 466 bytes | Created Date = 22/11/2007 8:33:30 PM | Attr = HS]
attxunri.ini2 -> %System32%\attxunri.ini2 -> [Ver = | Size = 638 bytes | Created Date = 22/11/2007 11:34:19 PM | Attr = HS]
attxunri.tmp -> %System32%\attxunri.tmp -> [Ver = | Size = 578 bytes | Created Date = 22/11/2007 8:44:11 PM | Attr = HS]
cdbviigs.dll -> %System32%\cdbviigs.dll -> [Ver = | Size = 85056 bytes | Created Date = 17/11/2007 4:12:11 PM | Attr = ]
irnuxtta.dll -> %System32%\irnuxtta.dll -> [Ver = | Size = 85056 bytes | Created Date = 22/11/2007 8:33:18 PM | Attr = ]
jfcwijga.ini -> %System32%\jfcwijga.ini -> [Ver = | Size = 750 bytes | Created Date = 21/11/2007 3:57:38 PM | Attr = HS]
mljhgee.dll -> %System32%\mljhgee.dll -> [Ver = | Size = 36352 bytes | Created Date = 16/11/2007 10:13:36 PM | Attr = ]
NETw4c32.dll -> %System32%\NETw4c32.dll -> Intel Corporation [Ver = 11. 1. 0. 0 | Size = 679936 bytes | Created Date = 18/10/2007 4:26:31 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4c32.dll:Zone.Identifier ->
NETw4r32.dll -> %System32%\NETw4r32.dll -> Intel Corporation [Ver = 11. 1. 0. 0 | Size = 2756608 bytes | Created Date = 18/10/2007 4:26:31 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4r32.dll:Zone.Identifier ->
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Created Date = 11/11/2007 9:08:08 AM | Attr = ]
povrpgmx.dll -> %System32%\povrpgmx.dll -> [Ver = | Size = 85056 bytes | Created Date = 19/11/2007 4:13:40 AM | Attr = ]
rasctrnm.h -> %System32%\rasctrnm.h -> [Ver = | Size = 1820 bytes | Created Date = 29/08/2007 4:27:03 PM | Attr = ]
sgiivbdc.ini -> %System32%\sgiivbdc.ini -> [Ver = | Size = 406 bytes | Created Date = 17/11/2007 4:12:24 PM | Attr = HS]
ssqnkhf.dll -> %System32%\ssqnkhf.dll -> [Ver = | Size = 36352 bytes | Created Date = 16/11/2007 10:24:59 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 22/11/2007 11:21:10 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 22/11/2007 11:21:09 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 22/11/2007 11:21:09 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 22/11/2007 11:21:10 PM | Attr = ]
wlan.tmf -> %System32%\wlan.tmf -> [Ver = | Size = 1655289 bytes | Created Date = 14/11/2007 5:49:01 PM | Attr = ]
wvuuurs.dll -> %System32%\wvuuurs.dll -> [Ver = | Size = 36352 bytes | Created Date = 16/11/2007 10:11:36 PM | Attr = ]
xmgprvop.ini -> %System32%\xmgprvop.ini -> [Ver = | Size = 1326 bytes | Created Date = 19/11/2007 4:13:52 AM | Attr = HS]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.9.6 | Size = 96832 bytes | Created Date = 07/11/2007 10:26:08 AM | Attr = ]
Msft_Kernel_SynTP_01000.Wdf -> %System32%\drivers\Msft_Kernel_SynTP_01000.Wdf -> [Ver = | Size = 0 bytes | Created Date = 25/11/2007 6:57:21 PM | Attr = H ]
NETw4v32.sys -> %System32%\drivers\NETw4v32.sys -> Intel Corporation [Ver = 11.1.0.100 | Size = 2216448 bytes | Created Date = 18/10/2007 4:26:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\NETw4v32.sys:Zone.Identifier ->
Rtlh86.sys -> %System32%\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.198.1003.2007 built by: WinDDK | Size = 99840 bytes | Created Date = 03/10/2007 8:18:12 AM | Attr = ]
hosts.20070913-184002.backup -> %System32%\drivers\etc\hosts.20070913-184002.backup -> [Ver = | Size = 761 bytes | Created Date = 13/09/2007 5:40:02 PM | Attr = ]
hosts.20071030-144155.backup -> %System32%\drivers\etc\hosts.20071030-144155.backup -> [Ver = | Size = 178754 bytes | Created Date = 30/10/2007 1:41:55 PM | Attr = R ]
hosts.20071118-103140.backup -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Created Date = 18/11/2007 10:31:40 AM | Attr = R ]

[Files/Folders - Modified Within 90 days]
$Recycle.Bin -> %SystemDrive%\$Recycle.Bin -> [Folder | Modified Date = 01/09/2007 8:40:54 PM | Attr = HS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 23/11/2007 5:50:02 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071636480 bytes | Modified Date = 25/11/2007 9:33:14 PM | Attr = HS]
Intel -> %SystemDrive%\Intel -> [Folder | Modified Date = 18/10/2007 4:19:52 PM | Attr = ]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = ]
ntuser.dat.LOG1 -> %SystemDrive%\ntuser.dat.LOG1 -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = H ]
ntuser.dat.LOG2 -> %SystemDrive%\ntuser.dat.LOG2 -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 25/11/2007 9:05:00 PM | Attr = R ]
ProgramData -> %AllUsersAppData% -> [Folder | Modified Date = 09/09/2007 9:42:18 AM | Attr = H ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 23/11/2007 5:49:46 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 25/11/2007 9:29:24 PM | Attr = HS]
Windows -> %SystemRoot% -> [Folder | Modified Date = 25/11/2007 8:25:06 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 09/10/2007 5:07:58 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/11/2007 5:59:48 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 26/11/2007 3:54:56 PM | Attr = S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 25/11/2007 9:32:12 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Modified Date = 08/11/2007 4:59:02 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 18/11/2007 10:59:30 AM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 14/11/2007 5:51:28 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 22/11/2007 11:35:56 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 26/11/2007 3:56:16 PM | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 25/11/2007 4:32:08 PM | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 196446152 bytes | Modified Date = 11/11/2007 7:46:22 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 14/11/2007 5:59:50 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 11/11/2007 7:46:30 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 25/11/2007 9:36:48 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 25/11/2007 9:33:46 PM | Attr = H ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 29/08/2007 4:41:38 PM | Attr = ]
SA210D6F8.tmp -> %SystemRoot%\SA210D6F8.tmp -> [Ver = | Size = 24 bytes | Modified Date = 11/11/2007 9:06:36 AM | Attr = HS]
System32 -> %System32% -> [Folder | Modified Date = 26/11/2007 3:57:10 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22/11/2007 11:29:20 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 26/11/2007 4:06:16 PM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 30/08/2007 7:33:44 PM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 95 bytes | Modified Date = 18/11/2007 10:18:24 AM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 14/11/2007 5:55:08 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 25/11/2007 9:33:28 PM | Attr = H ]
User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job -> [Ver = | Size = 414 bytes | Modified Date = 26/11/2007 4:05:18 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4576 bytes | Modified Date = 26/11/2007 3:54:48 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4576 bytes | Modified Date = 26/11/2007 3:54:50 PM | Attr = H ]
agjiwcfj.dll -> %System32%\agjiwcfj.dll -> [Ver = | Size = 85056 bytes | Modified Date = 21/11/2007 3:57:28 PM | Attr = ]
attxunri.ini -> %System32%\attxunri.ini -> [Ver = | Size = 466 bytes | Modified Date = 22/11/2007 8:42:54 PM | Attr = HS]
attxunri.ini2 -> %System32%\attxunri.ini2 -> [Ver = | Size = 638 bytes | Modified Date = 26/11/2007 3:57:10 PM | Attr = HS]
attxunri.tmp -> %System32%\attxunri.tmp -> [Ver = | Size = 578 bytes | Modified Date = 22/11/2007 8:44:12 PM | Attr = HS]
catroot -> %System32%\catroot -> [Folder | Modified Date = 25/11/2007 8:21:08 PM | Attr = ]
catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 21/11/2007 8:27:58 PM | Attr = ]
cdbviigs.dll -> %System32%\cdbviigs.dll -> [Ver = | Size = 85056 bytes | Modified Date = 17/11/2007 4:12:14 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 15388 bytes | Modified Date = 26/11/2007 3:55:30 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 25/11/2007 8:21:12 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 29/08/2007 4:38:44 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 338688 bytes | Modified Date = 14/11/2007 5:54:02 PM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 29/08/2007 4:38:48 PM | Attr = ]
irnuxtta.dll -> %System32%\irnuxtta.dll -> [Ver = | Size = 85056 bytes | Modified Date = 22/11/2007 8:33:20 PM | Attr = ]
jfcwijga.ini -> %System32%\jfcwijga.ini -> [Ver = | Size = 750 bytes | Modified Date = 21/11/2007 7:01:54 PM | Attr = HS]
migration -> %System32%\migration -> [Folder | Modified Date = 09/10/2007 5:08:00 PM | Attr = ]
mljhgee.dll -> %System32%\mljhgee.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:13:38 PM | Attr = ]
NETw4c32.dll -> %System32%\NETw4c32.dll -> Intel Corporation [Ver = 11. 1. 0. 0 | Size = 679936 bytes | Modified Date = 18/10/2007 4:26:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4c32.dll:Zone.Identifier ->
NETw4r32.dll -> %System32%\NETw4r32.dll -> Intel Corporation [Ver = 11. 1. 0. 0 | Size = 2756608 bytes | Modified Date = 18/10/2007 4:26:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4r32.dll:Zone.Identifier ->
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 112216 bytes | Modified Date = 26/11/2007 3:56:18 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 631670 bytes | Modified Date = 26/11/2007 3:56:18 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Modified Date = 26/11/2007 3:56:18 PM | Attr = ]
povrpgmx.dll -> %System32%\povrpgmx.dll -> [Ver = | Size = 85056 bytes | Modified Date = 19/11/2007 4:13:42 AM | Attr = ]
ras -> %System32%\ras -> [Folder | Modified Date = 29/08/2007 4:38:50 PM | Attr = ]
rasctrnm.h -> %System32%\rasctrnm.h -> [Ver = | Size = 1820 bytes | Modified Date = 29/08/2007 4:27:04 PM | Attr = ]
sgiivbdc.ini -> %System32%\sgiivbdc.ini -> [Ver = | Size = 406 bytes | Modified Date = 17/11/2007 4:13:08 PM | Attr = HS]
ssqnkhf.dll -> %System32%\ssqnkhf.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:25:00 PM | Attr = ]
Tasks -> %System32%\Tasks -> [Folder | Modified Date = 22/11/2007 11:29:20 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 14/11/2007 5:51:32 PM | Attr = ]
wlan.tmf -> %System32%\wlan.tmf -> [Ver = | Size = 1655289 bytes | Modified Date = 14/11/2007 5:49:02 PM | Attr = ]
wvuuurs.dll -> %System32%\wvuuurs.dll -> [Ver = | Size = 36352 bytes | Modified Date = 16/11/2007 10:11:38 PM | Attr = ]
xmgprvop.ini -> %System32%\xmgprvop.ini -> [Ver = | Size = 1326 bytes | Modified Date = 20/11/2007 8:33:20 PM | Attr = HS]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.9.6 | Size = 96832 bytes | Modified Date = 07/11/2007 10:26:10 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 22/11/2007 11:33:40 PM | Attr = ]
Msft_Kernel_SynTP_01000.Wdf -> %System32%\drivers\Msft_Kernel_SynTP_01000.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 25/11/2007 6:57:22 PM | Attr = H ]
NETw4v32.sys -> %System32%\drivers\NETw4v32.sys -> Intel Corporation [Ver = 11.1.0.100 | Size = 2216448 bytes | Modified Date = 18/10/2007 4:26:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\NETw4v32.sys:Zone.Identifier ->
Rtlh86.sys -> %System32%\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.198.1003.2007 built by: WinDDK | Size = 99840 bytes | Modified Date = 03/10/2007 8:18:12 AM | Attr = ]
hosts.20071030-144155.backup -> %System32%\drivers\etc\hosts.20071030-144155.backup -> [Ver = | Size = 178754 bytes | Modified Date = 13/09/2007 5:40:04 PM | Attr = R ]
hosts.20071118-103140.backup -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Modified Date = 30/10/2007 1:41:58 PM | Attr = R ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (196446152 bytes) ->
@Alternate Data Stream - 26 bytes -> %System32%\NETw4c32.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\NETw4r32.dll:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22/07/2007 6:39:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\NETw4v32.sys:Zone.Identifier ->
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071030-144155.backup -> [Ver = | Size = 178754 bytes | Modified Date = 13/09/2007 5:40:04 PM | Attr = R ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Modified Date = 30/10/2007 1:41:58 PM | Attr = R ]

< End of report >
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: Beginning to lose hope

Unread postby DFW » November 27th, 2007, 10:55 am

WinPFind3 Fix -

please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1




DownLoad CCleaner

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder,
back it up or move it to a permanent folder prior to running CCleaner!


Download CCleaner to clean temp files from your computer.
http://www.ccleaner.com/download/builds ... ading-slim

Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted.
(If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.

Close Cleaner, will run it later

INFO http://www.ccleaner.com/help/tour/








Step #2

AVG Anti-Spyware

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now
    change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.



Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 28e18d91 -> %System32%\irnuxtta.dll [rundll32.exe "C:\Windows\system32\irnuxtta.dll",b]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {60E2746A-9C2E-45A2-85CE-7E1A8A890961} [HKLM] -> %System32%\ssqnkhf.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> ssqnkhf -> %System32%\ssqnkhf.dll
YN -> vvsqvoej -> Reg Data - Value does not exist
YN -> wvuuurs -> %System32%\wvuuurs.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {89D7A724-C668-4139-A206-3DED8B6B97E0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {FB3C35D3-D4C5-4C68-8A14-1A6375E41507} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> {1AD799CF-CB7E-40D3-A7EC-2362464A8B24} -> ()
YN -> {9AB61100-357B-40A8-91C9-0764C63731BE} -> ()
[Files/Folders - Created Within 90 days]
NY -> agjiwcfj.dll -> %System32%\agjiwcfj.dll
NY -> attxunri.ini -> %System32%\attxunri.ini
NY -> attxunri.ini2 -> %System32%\attxunri.ini2
NY -> attxunri.tmp -> %System32%\attxunri.tmp
NY -> irnuxtta.dll -> %System32%\irnuxtta.dll
NY -> jfcwijga.ini -> %System32%\jfcwijga.ini
NY -> mljhgee.dll -> %System32%\mljhgee.dll
NY -> povrpgmx.dll -> %System32%\povrpgmx.dll
NY -> sgiivbdc.ini -> %System32%\sgiivbdc.ini
NY -> ssqnkhf.dll -> %System32%\ssqnkhf.dll
NY -> wvuuurs.dll -> %System32%\wvuuurs.dll
NY -> xmgprvop.ini -> %System32%\xmgprvop.ini
NY -> cdbviigs.dll -> %System32%\cdbviigs.dll
[Files/Folders - Modified Within 90 days]
NY -> agjiwcfj.dll -> %System32%\agjiwcfj.dll
NY -> attxunri.ini -> %System32%\attxunri.ini
NY -> attxunri.ini2 -> %System32%\attxunri.ini2
NY -> attxunri.tmp -> %System32%\attxunri.tmp
NY -> irnuxtta.dll -> %System32%\irnuxtta.dll
NY -> jfcwijga.ini -> %System32%\jfcwijga.ini
NY -> mljhgee.dll -> %System32%\mljhgee.dll
NY -> sgiivbdc.ini -> %System32%\sgiivbdc.ini
NY -> ssqnkhf.dll -> %System32%\ssqnkhf.dll
NY -> wvuuurs.dll -> %System32%\wvuuurs.dll
NY -> xmgprvop.ini -> %System32%\xmgprvop.ini


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:

  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.


Step #4


Now Run CCleaner

Double click CCleaner icon on desktop
Click on Run Cleaner
Confirm to delete

Now close CCleaner



Step #5

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button This must done before saving the report
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
      Image
  • Right-click the AVG Tray Icon and select Exit.
  • Now copy the report back to this topic.



Step #6

Restart into Normal mode

Post the following back here:

  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Beginning to lose hope

Unread postby halfassed » November 27th, 2007, 9:36 pm

DFW:

Everything seems to be running smoother now. Switched to Firefox browser, and seems to work a bit faster in general. Only problem encountered was WinPFind3U didn't ask to reboot, so rebooted manually. Here are new logs.

WinPFind3 logfile created on: 27/11/2007 8:18:55 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Users\RHW\Desktop\winPFind\WinPFind3u\
Windows Vista (TM) Home Premium (Version = 6.0.6000)
Internet Explorer (Version = 7.0.6000.16546)

1021.38 Mb Total Physical Memory | 386.96 Mb Available Physical Memory | 37.89% Memory free
2.24 Gb Paging File | 1.39 Gb Available in Paging File | 61.89% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.14 Gb Free Space | 61.82% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: HALF-FAST
Current User Name: RHW
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
agrsmsvc.exe -> %System32%\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 29/11/2006 8:55:00 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 4:25:42 AM | Attr = ]
bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 6.0.1.3400 | Size = 719664 bytes | Modified Date = 21/11/2006 5:12:42 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 7:31:10 AM | Attr = ]
ifxpsdsv.exe -> %System32%\IfxPsdSv.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 136736 bytes | Modified Date = 13/11/2006 5:11:54 PM | Attr = ]
ifxspmgt.exe -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
ifxtcs.exe -> %System32%\IFXTCS.exe -> Infineon Technologies AG [Ver = 3.00.1137.00 | Size = 824864 bytes | Modified Date = 15/11/2006 2:54:50 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 503608 bytes | Modified Date = 14/09/2007 8:59:56 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 267064 bytes | Modified Date = 14/09/2007 9:00:06 AM | Attr = ]
ktp.exe -> %ProgramFiles%\Elantech\Ktp.exe -> ELANTECH Devices Corp. [Ver = 5, 0, 3, 13 | Size = 647168 bytes | Modified Date = 14/02/2007 4:11:48 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 04/08/2007 1:33:14 AM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 6:08:06 AM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 7:15:18 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 11:36:04 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 24/07/2007 11:02:14 AM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 12:41:52 AM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 2:54:42 PM | Attr = ]
omniserv.exe -> %ProgramFiles%\Softex\OmniPass\OmniServ.exe -> Softex Inc. [Ver = 5.0.0.1 | Size = 36864 bytes | Modified Date = 28/11/2006 5:41:00 PM | Attr = ]
psdrt.exe -> %ProgramFiles%\Infineon\Security Platform Software\PSDrt.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 173600 bytes | Modified Date = 13/11/2006 5:19:20 PM | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 4:37:00 PM | Attr = ]
scureapp.exe -> %ProgramFiles%\Softex\OmniPass\scureapp.exe -> [Ver = 5, 0, 0, 1 | Size = 2174976 bytes | Modified Date = 28/11/2006 5:42:52 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 08/02/2007 9:39:34 PM | Attr = ]
sptna.exe -> %ProgramFiles%\Infineon\Security Platform Software\SpTNA.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 656928 bytes | Modified Date = 13/11/2006 5:03:32 PM | Attr = ]
vsnp2std.exe -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 7, 0 | Size = 675840 bytes | Modified Date = 15/09/2006 4:21:54 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winPFind\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21/11/2007 9:19:46 AM | Attr = ]
wireless select switch.exe -> %ProgramFiles%\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe -> [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 20/06/2006 3:12:18 PM | Attr = ]
wmiadap.exe -> -> File not found

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/08/2007 5:47:04 PM | Attr = ]
(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> %System32%\agrsmsvc.exe -> Agere Systems [Ver = 1.0.0.4 | Size = 9216 bytes | Modified Date = 29/11/2006 8:55:00 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 7:31:10 AM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] -> -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 6:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(IFXSpMgtSrv) Security Platform Management Service [Win32_Own | Auto | Running] -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
(IFXTCS) Trusted Platform Core Service [Win32_Own | Auto | Running] -> %System32%\IFXTCS.exe -> Infineon Technologies AG [Ver = 3.00.1137.00 | Size = 824864 bytes | Modified Date = 15/11/2006 2:54:50 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 503608 bytes | Modified Date = 14/09/2007 8:59:56 AM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 04/08/2007 6:08:06 AM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 22/07/2007 7:15:18 PM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 25/07/2007 2:16:16 AM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 15/08/2007 11:36:04 AM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 25/07/2007 12:41:52 AM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 18/07/2007 2:54:42 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(omniserv) Softex OmniPass Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Softex\OmniPass\OmniServ.exe -> Softex Inc. [Ver = 5.0.0.1 | Size = 36864 bytes | Modified Date = 28/11/2006 5:41:00 PM | Attr = ]
(PersonalSecureDriveService) Personal Secure Drive Service [Win32_Own | Auto | Running] -> %System32%\IfxPsdSv.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 136736 bytes | Modified Date = 13/11/2006 5:11:54 PM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 8 | Size = 600912 bytes | Modified Date = 31/08/2007 3:46:18 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 4:25:42 AM | Attr = ]
CASS -> %ProgramFiles%\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe -> [Ver = 1, 0, 0, 4 | Size = 184320 bytes | Modified Date = 20/06/2006 3:12:18 PM | Attr = ]
IFXSPMGT -> %System32%\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1135.00 | Size = 661024 bytes | Modified Date = 13/11/2006 5:23:38 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.2.4 | Size = 267064 bytes | Modified Date = 14/09/2007 9:00:06 AM | Attr = ]
KTPWare -> %ProgramFiles%\Elantech\Ktp.exe -> ELANTECH Devices Corp. [Ver = 5, 0, 3, 13 | Size = 647168 bytes | Modified Date = 14/02/2007 4:11:48 AM | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 04/08/2007 1:33:14 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 7766016 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 81920 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NvSvc -> %System32%\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.10.9754 | Size = 90191 bytes | Modified Date = 19/12/2006 4:38:00 PM | Attr = ]
NWEReboot -> -> File not found
OmniPass -> %ProgramFiles%\Softex\OmniPass\scureapp.exe -> [Ver = 5, 0, 0, 1 | Size = 2174976 bytes | Modified Date = 28/11/2006 5:42:52 PM | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 4:37:00 PM | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 08/02/2007 9:39:34 PM | Attr = ]
snp2std -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 7, 0 | Size = 675840 bytes | Modified Date = 15/09/2006 4:21:54 PM | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> File not found
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 30/03/2006 3:45:08 PM | Attr = R ]
< Common Startup > -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup ->
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 9:05:26 PM | Attr = ]
%AllUsersAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 6.0.1.3400 | Size = 719664 bytes | Modified Date = 21/11/2006 5:12:42 PM | Attr = ]
< User Startup > -> C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ->
%UserAppData%\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 6:16:50 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 7:29:58 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.mdg.ca ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\Windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://sympatico.my.msn.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 3:16:42 AM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
{2330BF12-9FBF-4EE9-A84E-65107F7B5FF8} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 3:46:14 PM | Attr = ]
{73E30260-CABD-4260-9133-39B24F34A9B9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 3:00:36 AM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 66880 bytes | Modified Date = 24/07/2007 11:02:40 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 3:00:36 AM | Attr = ]
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 5601 bytes | Modified Date = 26/10/2006 10:28:50 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 3:46:14 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Send image to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 2773 bytes | Modified Date = 29/08/2006 6:12:28 PM | Attr = ]
Send page to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm -> [Ver = | Size = 5601 bytes | Modified Date = 26/10/2006 10:28:50 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{144AAE16-8B7F-4B11-9A0F-58C20FACFDE4} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
{1AD799CF-CB7E-40D3-A7EC-2362464A8B24} -> () ->
{579BF180-7F95-4B80-A216-3B5BAD8461C8} -> (Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) ->
{9AB61100-357B-40A8-91C9-0764C63731BE} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
about -> Reg Data - Key not found -> File not found
dvd -> Reg Data - Key not found -> File not found
its -> Reg Data - Key not found -> File not found
mhtml -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
ms-its -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.dll -> McAfee, Inc. [Ver = 2.4.0 | Size = 1099304 bytes | Modified Date = 30/03/2007 10:41:24 AM | Attr = ]
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 06/08/2007 11:43:20 AM | Attr = R ]
tv -> Reg Data - Key not found -> File not found
vbscript -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{8FD07749-EFFA-48C6-947C-45A8D7BF422F} -> CLVistaGenie Control - CodeBase = http://www.cyberlink.com/vista/prog/CLVistaGenie.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/s ... wflash.cab ->


[Files/Folders - Created Within 90 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 23/11/2007 5:44:42 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071636480 bytes | Created Date = 01/01/1601 5:00:00 AM | Attr = HS]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = ]
ntuser.dat.LOG1 -> %SystemDrive%\ntuser.dat.LOG1 -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = H ]
ntuser.dat.LOG2 -> %SystemDrive%\ntuser.dat.LOG2 -> [Ver = | Size = 0 bytes | Created Date = 19/11/2007 7:35:35 PM | Attr = H ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 22/11/2007 11:25:57 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Created Date = 22/11/2007 11:21:11 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 22/11/2007 11:35:55 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 22/11/2007 11:21:12 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 26/11/2007 5:28:57 PM | Attr = ]
SA210D6F8.tmp -> %SystemRoot%\SA210D6F8.tmp -> [Ver = | Size = 24 bytes | Created Date = 11/11/2007 8:59:09 AM | Attr = HS]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 95 bytes | Created Date = 18/11/2007 10:18:22 AM | Attr = ]
NETw4c32.dll -> %System32%\NETw4c32.dll -> Intel Corporation [Ver = 11. 1. 0. 0 | Size = 679936 bytes | Created Date = 18/10/2007 4:26:31 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4c32.dll:Zone.Identifier ->
NETw4r32.dll -> %System32%\NETw4r32.dll -> Intel Corporation [Ver = 11. 1. 0. 0 | Size = 2756608 bytes | Created Date = 18/10/2007 4:26:31 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4r32.dll:Zone.Identifier ->
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Created Date = 11/11/2007 9:08:08 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 22/11/2007 11:21:10 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 22/11/2007 11:21:09 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 22/11/2007 11:21:09 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 22/11/2007 11:21:10 PM | Attr = ]
wlan.tmf -> %System32%\wlan.tmf -> [Ver = | Size = 1655289 bytes | Created Date = 14/11/2007 5:49:01 PM | Attr = ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.9.6 | Size = 96832 bytes | Created Date = 07/11/2007 10:26:08 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 27/11/2007 7:24:15 PM | Attr = ]
Msft_Kernel_SynTP_01000.Wdf -> %System32%\drivers\Msft_Kernel_SynTP_01000.Wdf -> [Ver = | Size = 0 bytes | Created Date = 25/11/2007 6:57:21 PM | Attr = H ]
NETw4v32.sys -> %System32%\drivers\NETw4v32.sys -> Intel Corporation [Ver = 11.1.0.100 | Size = 2216448 bytes | Created Date = 18/10/2007 4:26:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\NETw4v32.sys:Zone.Identifier ->
Rtlh86.sys -> %System32%\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.198.1003.2007 built by: WinDDK | Size = 99840 bytes | Created Date = 03/10/2007 8:18:12 AM | Attr = ]
hosts.20070913-184002.backup -> %System32%\drivers\etc\hosts.20070913-184002.backup -> [Ver = | Size = 761 bytes | Created Date = 13/09/2007 5:40:02 PM | Attr = ]
hosts.20071030-144155.backup -> %System32%\drivers\etc\hosts.20071030-144155.backup -> [Ver = | Size = 178754 bytes | Created Date = 30/10/2007 1:41:55 PM | Attr = R ]
hosts.20071118-103140.backup -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Created Date = 18/11/2007 10:31:40 AM | Attr = R ]

[Files/Folders - Modified Within 90 days]
$Recycle.Bin -> %SystemDrive%\$Recycle.Bin -> [Folder | Modified Date = 01/09/2007 8:40:54 PM | Attr = HS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 23/11/2007 5:50:02 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071636480 bytes | Modified Date = 27/11/2007 8:13:30 PM | Attr = HS]
Intel -> %SystemDrive%\Intel -> [Folder | Modified Date = 18/10/2007 4:19:52 PM | Attr = ]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = ]
ntuser.dat.LOG1 -> %SystemDrive%\ntuser.dat.LOG1 -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = H ]
ntuser.dat.LOG2 -> %SystemDrive%\ntuser.dat.LOG2 -> [Ver = | Size = 0 bytes | Modified Date = 19/11/2007 7:35:36 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 27/11/2007 7:24:10 PM | Attr = R ]
ProgramData -> %AllUsersAppData% -> [Folder | Modified Date = 27/11/2007 7:24:12 PM | Attr = H ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 23/11/2007 5:49:46 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 27/11/2007 7:17:34 PM | Attr = HS]
Windows -> %SystemRoot% -> [Folder | Modified Date = 27/11/2007 8:17:12 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 09/10/2007 5:07:58 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/11/2007 5:59:48 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 27/11/2007 8:13:38 PM | Attr = S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 27/11/2007 7:35:58 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Modified Date = 08/11/2007 4:59:02 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 27/11/2007 7:40:40 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 18/11/2007 10:59:30 AM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 14/11/2007 5:51:28 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 22/11/2007 11:35:56 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 27/11/2007 7:42:12 PM | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 26/11/2007 5:16:00 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 14/11/2007 5:59:50 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 27/11/2007 7:40:40 PM | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 26/11/2007 5:28:58 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 27/11/2007 8:16:44 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 27/11/2007 8:14:06 PM | Attr = H ]
SA210D6F8.tmp -> %SystemRoot%\SA210D6F8.tmp -> [Ver = | Size = 24 bytes | Modified Date = 11/11/2007 9:06:36 AM | Attr = HS]
System32 -> %System32% -> [Folder | Modified Date = 27/11/2007 7:42:14 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 22/11/2007 11:29:20 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 27/11/2007 8:18:46 PM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 30/08/2007 7:33:44 PM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 95 bytes | Modified Date = 18/11/2007 10:18:24 AM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 14/11/2007 5:55:08 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 27/11/2007 8:13:44 PM | Attr = H ]
User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job -> [Ver = | Size = 414 bytes | Modified Date = 27/11/2007 8:15:40 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4576 bytes | Modified Date = 27/11/2007 8:13:46 PM | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 4576 bytes | Modified Date = 27/11/2007 8:13:46 PM | Attr = H ]
catroot -> %System32%\catroot -> [Folder | Modified Date = 25/11/2007 8:21:08 PM | Attr = ]
catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 27/11/2007 7:38:52 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 15904 bytes | Modified Date = 27/11/2007 8:16:18 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 27/11/2007 7:24:16 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 338688 bytes | Modified Date = 14/11/2007 5:54:02 PM | Attr = ]
migration -> %System32%\migration -> [Folder | Modified Date = 09/10/2007 5:08:00 PM | Attr = ]
NETw4c32.dll -> %System32%\NETw4c32.dll -> Intel Corporation [Ver = 11. 1. 0. 0 | Size = 679936 bytes | Modified Date = 18/10/2007 4:26:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4c32.dll:Zone.Identifier ->
NETw4r32.dll -> %System32%\NETw4r32.dll -> Intel Corporation [Ver = 11. 1. 0. 0 | Size = 2756608 bytes | Modified Date = 18/10/2007 4:26:32 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4r32.dll:Zone.Identifier ->
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 111022 bytes | Modified Date = 27/11/2007 7:42:14 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 630074 bytes | Modified Date = 27/11/2007 7:42:14 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Modified Date = 27/11/2007 7:42:12 PM | Attr = ]
Tasks -> %System32%\Tasks -> [Folder | Modified Date = 22/11/2007 11:29:20 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 14/11/2007 5:51:32 PM | Attr = ]
wlan.tmf -> %System32%\wlan.tmf -> [Ver = | Size = 1655289 bytes | Modified Date = 14/11/2007 5:49:02 PM | Attr = ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.9.6 | Size = 96832 bytes | Modified Date = 07/11/2007 10:26:10 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 22/11/2007 11:33:40 PM | Attr = ]
Msft_Kernel_SynTP_01000.Wdf -> %System32%\drivers\Msft_Kernel_SynTP_01000.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 25/11/2007 6:57:22 PM | Attr = H ]
NETw4v32.sys -> %System32%\drivers\NETw4v32.sys -> Intel Corporation [Ver = 11.1.0.100 | Size = 2216448 bytes | Modified Date = 18/10/2007 4:26:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\NETw4v32.sys:Zone.Identifier ->
Rtlh86.sys -> %System32%\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.198.1003.2007 built by: WinDDK | Size = 99840 bytes | Modified Date = 03/10/2007 8:18:12 AM | Attr = ]
hosts.20071030-144155.backup -> %System32%\drivers\etc\hosts.20071030-144155.backup -> [Ver = | Size = 178754 bytes | Modified Date = 13/09/2007 5:40:04 PM | Attr = R ]
hosts.20071118-103140.backup -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Modified Date = 30/10/2007 1:41:58 PM | Attr = R ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %System32%\NETw4c32.dll:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\NETw4r32.dll:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22/07/2007 6:39:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\drivers\NETw4v32.sys:Zone.Identifier ->
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071030-144155.backup -> [Ver = | Size = 178754 bytes | Modified Date = 13/09/2007 5:40:04 PM | Attr = R ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts.20071118-103140.backup -> [Ver = | Size = 206961 bytes | Modified Date = 30/10/2007 1:41:58 PM | Attr = R ]

< End of report >

WinPFind3U Log:

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\28e18d91 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{60E2746A-9C2E-45A2-85CE-7E1A8A890961} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60E2746A-9C2E-45A2-85CE-7E1A8A890961} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnkhf deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vvsqvoej deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuuurs deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89D7A724-C668-4139-A206-3DED8B6B97E0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB3C35D3-D4C5-4C68-8A14-1A6375E41507} deleted successfully.
DNS NameServer information removed successfully for adapter:
DNS NameServer information removed successfully for adapter:
[Files/Folders - Created Within 90 days]
C:\Windows\SYSTEM32\agjiwcfj.dll moved successfully.
C:\Windows\SYSTEM32\attxunri.ini moved successfully.
C:\Windows\SYSTEM32\attxunri.ini2 moved successfully.
C:\Windows\SYSTEM32\attxunri.tmp moved successfully.
C:\Windows\SYSTEM32\irnuxtta.dll moved successfully.
C:\Windows\SYSTEM32\jfcwijga.ini moved successfully.
C:\Windows\SYSTEM32\mljhgee.dll moved successfully.
C:\Windows\SYSTEM32\povrpgmx.dll moved successfully.
C:\Windows\SYSTEM32\sgiivbdc.ini moved successfully.
C:\Windows\SYSTEM32\ssqnkhf.dll moved successfully.
C:\Windows\SYSTEM32\wvuuurs.dll moved successfully.
C:\Windows\SYSTEM32\xmgprvop.ini moved successfully.
C:\Windows\SYSTEM32\cdbviigs.dll moved successfully.
[Files/Folders - Modified Within 90 days]
File C:\Windows\SYSTEM32\agjiwcfj.dll not found!
File C:\Windows\SYSTEM32\attxunri.ini not found!
File C:\Windows\SYSTEM32\attxunri.ini2 not found!
File C:\Windows\SYSTEM32\attxunri.tmp not found!
File C:\Windows\SYSTEM32\irnuxtta.dll not found!
File C:\Windows\SYSTEM32\jfcwijga.ini not found!
File C:\Windows\SYSTEM32\mljhgee.dll not found!
File C:\Windows\SYSTEM32\sgiivbdc.ini not found!
File C:\Windows\SYSTEM32\ssqnkhf.dll not found!
File C:\Windows\SYSTEM32\wvuuurs.dll not found!
File C:\Windows\SYSTEM32\xmgprvop.ini not found!
< End of log >
Created on 11/27/2007 19:33:17


AVG Anti-Spyware Report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:11:44 PM 27/11/2007

+ Scan result:



:mozilla.133:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.307:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.387:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.420:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@amazonsearsca.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@brightcove.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@workopolis.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.117:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.405:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.406:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@ads.adengage[2].txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.394:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.65:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.88:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.327:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.86:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.395:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.399:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.419:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.453:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@e-2dj6wbkogiczwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@e-2dj6whlisndpodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@e-2dj6wjkogmdzcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@e-2dj6wjlowmajeco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.158:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.159:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.204:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.205:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.206:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.266:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.267:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.458:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@ehg-camcorderinfo.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@ehg-techtarget.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.392:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.341:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.439:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.440:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.441:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.442:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.443:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.444:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.445:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.385:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.386:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.256:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.257:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.258:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.259:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.260:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@www.safer-networking[1].txt -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.100:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.94:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.95:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.96:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.98:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.57:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.58:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.63:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.78:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.84:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.85:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.326:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.34:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.235:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.236:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.422:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.384:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\rhw@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.89:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.90:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.113:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.115:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.116:C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: Beginning to lose hope

Unread postby DFW » November 28th, 2007, 9:01 am

Hi again


Please run this online scan, using Internet Explorer, please run CCleaner again in normal mode just before.


Kaspersky Online Scanner .

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence,
click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Beginning to lose hope

Unread postby halfassed » November 28th, 2007, 8:03 pm

Everything is running fairly well, although I haven't been able to download the latest Vista update. I keep getting an error, and the solution says to delete some download log files but then it won't let me delete them! Not sure if it has anything to do with all this new anti-virus activity but it seems suspicious.

New Logs:

KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 28, 2007 6:08:35 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/11/2007
Kaspersky Anti-Virus database records: 467878


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\

Scan Statistics
Total number of scanned objects 70758
Number of viruses found 4
Number of infected objects 15
Number of suspicious objects 0
Duration of the scan process 01:09:54

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped

C:\Boot\BCD.LOG Object is locked skipped

C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype1.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype2.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype4.dat Object is locked skipped

C:\ProgramData\McAfee\MNA\NAData Object is locked skipped

C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\ProgramData\McAfee\MSC\Logs\{427B5940-27F1-44AB-82E4-1DE239F593D1}.log Object is locked skipped

C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped

C:\ProgramData\McAfee\VirusScan\Data\TFRDA6.tmp Object is locked skipped

C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be9c1c50d9d95b970d2a9704d6c1d8df_f2118730-8687-47d1-8c7d-13ea82239a0f Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.253.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.253.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy159.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf36F7.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf36F8.tmp Object is locked skipped

C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped

C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped

C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\UsrClass.dat{34875266-6a72-11db-9114-0014220f037f}.TM.blf Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\UsrClass.dat{34875266-6a72-11db-9114-0014220f037f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows\UsrClass.dat{34875266-6a72-11db-9114-0014220f037f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\RHW\AppData\Local\Microsoft\Windows Defender\FileTracker\{5761F279-349F-4CB9-B61A-D3FCEF4B4E1E} Object is locked skipped

C:\Users\RHW\AppData\Local\Mozilla\Firefox\Profiles\cmkidvyd.default\Cache\_CACHE_001_ Object is locked skipped

C:\Users\RHW\AppData\Local\Mozilla\Firefox\Profiles\cmkidvyd.default\Cache\_CACHE_002_ Object is locked skipped

C:\Users\RHW\AppData\Local\Mozilla\Firefox\Profiles\cmkidvyd.default\Cache\_CACHE_003_ Object is locked skipped

C:\Users\RHW\AppData\Local\Mozilla\Firefox\Profiles\cmkidvyd.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Users\RHW\AppData\Local\Temp\~DFF342.tmp Object is locked skipped

C:\Users\RHW\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\cert8.db Object is locked skipped

C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\history.dat Object is locked skipped

C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\key3.db Object is locked skipped

C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\parent.lock Object is locked skipped

C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\search.sqlite Object is locked skipped

C:\Users\RHW\AppData\Roaming\Mozilla\Firefox\Profiles\cmkidvyd.default\urlclassifier2.sqlite Object is locked skipped

C:\Users\RHW\AppData\Roaming\SiteAdvisor\SiteAdv.csh Object is locked skipped

C:\Users\RHW\Azureus Downloads\Clone DVD-2.9.1.0 & Clone CD-5.3.0.1[NEW]\CloneDVD 2.9.1.0 Keygen.exe/data0000.cab/wr-1-922.exe Infected: Trojan-Downloader.Win32.Small.gll skipped

C:\Users\RHW\Azureus Downloads\Clone DVD-2.9.1.0 & Clone CD-5.3.0.1[NEW]\CloneDVD 2.9.1.0 Keygen.exe/data0000.cab Infected: Trojan-Downloader.Win32.Small.gll skipped

C:\Users\RHW\Azureus Downloads\Clone DVD-2.9.1.0 & Clone CD-5.3.0.1[NEW]\CloneDVD 2.9.1.0 Keygen.exe Rsrc-Package: infected - 2 skipped

C:\Users\RHW\Azureus Downloads\Clone DVD-2.9.1.0 & Clone CD-5.3.0.1[NEW]\Slysoft Products Generic Crack 1.43.exe/data0000.cab/wr-1-922.exe Infected: Trojan-Downloader.Win32.Small.gll skipped

C:\Users\RHW\Azureus Downloads\Clone DVD-2.9.1.0 & Clone CD-5.3.0.1[NEW]\Slysoft Products Generic Crack 1.43.exe/data0000.cab Infected: Trojan-Downloader.Win32.Small.gll skipped

C:\Users\RHW\Azureus Downloads\Clone DVD-2.9.1.0 & Clone CD-5.3.0.1[NEW]\Slysoft Products Generic Crack 1.43.exe Rsrc-Package: infected - 2 skipped

C:\Users\RHW\Desktop\winPFind\WinPFind3u\MovedFiles\Windows\SYSTEM32\agjiwcfj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\Users\RHW\Desktop\winPFind\WinPFind3u\MovedFiles\Windows\SYSTEM32\cdbviigs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\Users\RHW\Desktop\winPFind\WinPFind3u\MovedFiles\Windows\SYSTEM32\irnuxtta.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\Users\RHW\Desktop\winPFind\WinPFind3u\MovedFiles\Windows\SYSTEM32\mljhgee.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.app skipped

C:\Users\RHW\Desktop\winPFind\WinPFind3u\MovedFiles\Windows\SYSTEM32\povrpgmx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

C:\Users\RHW\Desktop\winPFind\WinPFind3u\MovedFiles\Windows\SYSTEM32\ssqnkhf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.app skipped

C:\Users\RHW\Desktop\winPFind\WinPFind3u\MovedFiles\Windows\SYSTEM32\wvuuurs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.app skipped

C:\Users\RHW\Downloads\Slysoft AnyDVD 6.1.6.0 Latest Incl Keymaker&Patch.rar/keygen.exe Infected: Trojan-Dropper.Win32.Delf.aer skipped

C:\Users\RHW\Downloads\Slysoft AnyDVD 6.1.6.0 Latest Incl Keymaker&Patch.rar RAR: infected - 1 skipped

C:\Users\RHW\ntuser.dat Object is locked skipped

C:\Users\RHW\ntuser.dat.LOG1 Object is locked skipped

C:\Users\RHW\ntuser.dat.LOG2 Object is locked skipped

C:\Users\RHW\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\RHW\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\RHW\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\bthservsdp.dat Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\SA210D6F8.tmp Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{13c14c74-de75-11db-b2e8-0016cfebcc0c}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{13c14c74-de75-11db-b2e8-0016cfebcc0c}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{13c14c74-de75-11db-b2e8-0016cfebcc0c}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{13c14c74-de75-11db-b2e8-0016cfebcc0c}.TxR.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\Temp\mcmsc_bDamVTzFXuhaZQh Object is locked skipped

C:\Windows\Temp\mcmsc_i3QeiYzN9QpSKrE Object is locked skipped

C:\Windows\Temp\mcmsc_Si5okHDrJn6DBdc Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:20 PM, on 28/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Elantech\Ktp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mdg.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {2330BF12-9FBF-4EE9-A84E-65107F7B5FF8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73E30260-CABD-4260-9133-39B24F34A9B9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8800 bytes
halfassed
Regular Member
 
Posts: 25
Joined: November 22nd, 2007, 9:57 pm

Re: Beginning to lose hope

Unread postby DFW » November 29th, 2007, 2:10 pm

Open up Hijackthis
Click on do a system scan only.
Place a checkmark next to these lines(if still present)

O2 - BHO: (no name) - {2330BF12-9FBF-4EE9-A84E-65107F7B5FF8} - (no file)
O2 - BHO: (no name) - {73E30260-CABD-4260-9133-39B24F34A9B9} - (no file)


Then close all windows except Hijackthis and click Fix Checked




To answer you question "any P2P that is moderately safe to use with proper scanning", the answer is no, the
trouble is,even if you use a safe program, it's what you download that contain malware, this is the infected downloads
you have on your system at present, and they were probably downloaded when you had a Antivirus running.

C:\Users\RHW\Azureus Downloads\Clone DVD-2.9.1.0
C:\Users\RHW\Downloads\Slysoft AnyDVD 6.1.6.0 Latest Incl Keymaker



I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them
http://forum.malwareremoval.com/viewtop ... e3e96420cc



Now we need to delete these files



  • Download OTMoveIt by OldTimer from here
  • Double click on OTMoveIt to start OTMoveIt
    Image
  • Untick the option to Unregister Dll's and Ocx's (1)
  • Select the contents of the below codebox, then press Ctrl+C to copy it to the clipboard
    Code: Select all
     
    C:\Users\RHW\Azureus Downloads\Clone DVD-2.9.1.0
    C:\Users\RHW\Downloads\Slysoft AnyDVD 6.1.6.0 Latest Incl Keymaker
    

  • In OTMoveIt Right click on the box labelled Paste List of Files/Folders to be Moved
  • Click Paste (2)
  • Click MoveIt! (3)
  • Copy and paste the contents of the results box (4) as a reply to this topic



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3.
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.



Update Adobe Reader

Please uninstall Adobe Reader 7.0.9 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs.
Locate Adobe Reader 7.0.9 and click on Change/Remove to uninstall it.

Click here to download the latest version of Adobe Acrobat Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts.
Allow the installation to be ran and it will be installed automatically for you.






Now please post a new HJT Log, and the OTMoveIt results
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware