ComboFix 07-11-19.3 - andrew 2007-11-25 18:01:28.1 - NTFSx86
Running from: C:\Documents and Settings\andrew\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.
2007-11-25 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-25 12:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-25 01:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-25 01:56 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\AVG7
2007-11-25 01:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-24 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-24 23:15 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-11-24 23:15 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-11-24 23:15 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-11-24 23:15 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-11-24 18:55 <DIR> d-------- C:\Program Files\IObit
2007-11-24 18:29 <DIR> d-------- C:\Program Files\Ashampoo
2007-11-24 14:37 1,008 -rahs---- C:\WINDOWS\system32\drivers\OP_CACHE.ATR
2007-11-24 14:37 504 -rahs---- C:\WINDOWS\system32\drivers\OP_CACHE.IDX
2007-11-24 14:30 19,656 -rahs---- C:\WINDOWS\system32\OP_CACHE.ATR
2007-11-24 14:30 9,828 -rahs---- C:\WINDOWS\system32\OP_CACHE.IDX
2007-11-23 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 18:29 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-11-23 18:26 <DIR> d-------- C:\Program Files\delete
2007-11-23 17:06 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\GlarySoft
2007-11-23 15:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-22 21:08 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-22 21:05 <DIR> d-------- C:\WINDOWS\system32\rMa18yy
2007-11-22 21:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-22 17:58 <DIR> d-------- C:\Program Files\Abacast
2007-11-22 16:04 <DIR> d-------- C:\Program Files\LimeWire
2007-11-21 22:50 <DIR> d-------- C:\Program Files\Glary Utilities
2007-11-18 14:03 16 --a------ C:\WINDOWS\popcinfot.dat
2007-11-18 14:03 0 --a------ C:\WINDOWS\popcreg.dat
2007-11-17 14:55 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-17 14:55 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-17 14:55 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-17 14:55 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-17 14:52 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-17 14:52 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-17 14:52 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-17 14:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-17 14:52 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-17 12:51 <DIR> d-------- C:\Program Files\EZBackitup
2007-11-14 14:45 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-14 14:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-14 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 14:35 <DIR> dr-h----- C:\MSOCache
2007-11-14 10:40 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-11-14 10:40 <DIR> d-------- C:\Program Files\MSECACHE
2007-11-13 21:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-13 16:07 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2007-11-12 19:03 233,472 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe
2007-11-12 19:03 110,592 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr
2007-11-11 15:52 <DIR> d-------- C:\Program Files\Nero
2007-11-11 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-10 19:46 <DIR> d-------- C:\Program Files\CDBurnerXP
2007-11-09 19:29 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-09 19:28 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-11-09 19:28 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-11-06 22:33 188 --a------ C:\WINDOWS\system32\MsiExec.exe.log
2007-11-06 20:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-06 20:20 <DIR> d-------- C:\Documents and Settings\andrew\Incomplete
2007-11-06 19:52 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\Scribus
2007-11-06 19:33 <DIR> d-------- C:\Program Files\QuickTime
2007-11-06 19:28 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-11-06 19:28 <DIR> d-------- C:\WINDOWS\msapps
2007-11-06 19:28 <DIR> d-------- C:\My Music
2007-11-06 19:28 <DIR> d-------- C:\Documents and Settings\andrew\.thinkfree
2007-11-06 19:28 <DIR> d-------- C:\Documents and Settings\andrew\.tfo3
2007-11-06 19:27 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-06 17:12 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-06 17:12 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-06 17:12 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-05 12:07 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-03 21:14 70,721 --a------ C:\WINDOWS\hpqins01.dat
2007-11-01 22:52 <DIR> d-------- C:\Program Files\RegistryFix
2007-11-01 16:40 26 --a------ C:\WINDOWS\SW_Win2146X32.DLL
2007-11-01 16:37 <DIR> d-------- C:\WINDOWS\system32\Resource
2007-11-01 16:37 <DIR> d-------- C:\Program Files\Softinterface, Inc
2007-11-01 16:37 2,167,977 --a------ C:\WINDOWS\system32\ConvertDoc.hlp
2007-11-01 16:37 1,568,768 --a------ C:\WINDOWS\system32\beconvlib.dll
2007-11-01 16:37 405,504 --a------ C:\WINDOWS\system32\PDFConverterX.ocx
2007-11-01 16:37 245,760 --a------ C:\WINDOWS\system32\WordConverterX2.ocx
2007-11-01 16:37 204,800 --a------ C:\WINDOWS\system32\bprgcomm.dll
2007-11-01 16:37 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2007-11-01 16:37 131,072 --a------ C:\WINDOWS\system32\CSVSpecialProcessing.dll
2007-11-01 16:37 61,440 --a------ C:\WINDOWS\system32\beconv.dll
2007-11-01 16:37 53,248 --a------ C:\WINDOWS\system32\RegisterExe.exe
2007-11-01 16:37 5,527 --a------ C:\WINDOWS\system32\CONVERTDOC.CNT
2007-11-01 15:09 244,416 --a------ C:\WINDOWS\system32\msflxgrd.ocx
2007-11-01 15:09 229,376 --a------ C:\WINDOWS\system32\putree.ocx
2007-11-01 15:09 118,784 --a------ C:\WINDOWS\system32\pudrglst.ocx
2007-11-01 15:09 114,688 --a------ C:\WINDOWS\system32\Pupxpman.exe
2007-11-01 15:09 73,728 --a------ C:\WINDOWS\system32\puslide.ocx
2007-11-01 15:09 45,056 --a------ C:\WINDOWS\system32\pupxptwk.exe
2007-11-01 15:09 38,943 --a------ C:\WINDOWS\system32\PWRUPXP.UND
2007-11-01 15:09 36,864 --a------ C:\WINDOWS\system32\WebOffer.exe
2007-11-01 15:09 15,392 --a------ C:\WINDOWS\system32\pwrupic.icl
2007-11-01 15:04 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2007-10-30 13:59 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\Printer Info Cache
2007-10-30 13:58 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\Image Zone Express
2007-10-29 19:13 <DIR> d-------- C:\Program Files\Primo Software
2007-10-29 18:05 <DIR> d-------- C:\Program Files\Real
2007-10-27 14:01 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\Business Logic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 18:26 312 --sha-r C:\WINDOWS\Fonts\OP_CACHE.ATR
2007-11-24 18:26 156 --sha-r C:\WINDOWS\Fonts\OP_CACHE.IDX
2007-11-24 18:05 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-11-24 18:04 --------- d-----w C:\Documents and Settings\andrew\Application Data\uTorrent
2007-11-24 18:03 --------- d-----w C:\Documents and Settings\andrew\Application Data\LimeWire
2007-11-24 18:02 --------- d-----w C:\Documents and Settings\andrew\Application Data\IE7Pro
2007-11-24 18:02 --------- d-----w C:\Documents and Settings\andrew\Application Data\Ahead
2007-11-24 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-24 17:52 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-24 17:49 --------- d-----w C:\Program Files\SiS Compatible VGA V2.14a
2007-11-24 14:30 --------- d-----w C:\Program Files\uTorrent
2007-11-24 14:30 --------- d-----w C:\Program Files\SiSLan
2007-11-24 14:30 --------- d-----w C:\Program Files\Realtek AC97
2007-11-24 14:30 --------- d-----w C:\Program Files\PCB
2007-11-24 14:30 --------- d-----w C:\Program Files\IE7Pro
2007-11-24 14:30 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-11-24 14:30 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-24 14:30 --------- d-----w C:\Program Files\CCleaner
2007-11-24 14:30 --------- d-----w C:\Program Files\AvRack
2007-11-22 14:00 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-22 14:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-22 14:00 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-11-20 22:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 15:57 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-09 11:30 --------- d-----w C:\Program Files\blcorp
2007-11-06 19:28 --------- d-----w C:\Program Files\DivX
2007-11-06 19:27 --------- d-----w C:\Program Files\Common Files\Real
2007-11-03 21:25 94,784 ----a-w C:\WINDOWS\twain.dll
2007-11-03 21:25 577,536 ----a-w C:\WINDOWS\soundman.exe
2007-11-03 21:25 50,688 ----a-w C:\WINDOWS\twain_32.dll
2007-11-03 21:25 49,680 ----a-w C:\WINDOWS\twunk_16.exe
2007-11-03 21:25 46,352 ----a-w C:\WINDOWS\setdebug.exe
2007-11-03 21:25 33,792 ----a-w C:\WINDOWS\Q330994.exe
2007-11-03 21:25 33,792 ----a-w C:\WINDOWS\ieuninst.exe
2007-11-03 21:25 32,866 ----a-w C:\WINDOWS\slrundll.exe
2007-11-03 21:25 315,392 ----a-w C:\WINDOWS\alcupd.exe
2007-11-03 21:25 28,672 ----a-w C:\WINDOWS\htpatch.exe
2007-11-03 21:25 25,600 ----a-w C:\WINDOWS\twunk_32.exe
2007-11-03 21:25 224,256 ----a-w C:\WINDOWS\regedit.exe
2007-11-03 21:25 217,088 ----a-w C:\WINDOWS\Alcrmv.exe
2007-11-03 21:25 155,136 ----a-w C:\WINDOWS\notepad.exe
2007-11-03 21:25 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
2007-11-03 21:25 10,752 ----a-w C:\WINDOWS\hh.exe
2007-11-03 21:24 90,112 ----a-w C:\WINDOWS\unvise32.exe
2007-11-03 21:24 45,056 ----a-w C:\WINDOWS\winio.dll
2007-11-03 21:24 3,072 ----a-w C:\WINDOWS\winio.sys
2007-11-03 21:24 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2007-11-03 21:24 256,192 ----a-w C:\WINDOWS\winhelp.exe
2007-11-03 21:24 18,944 ----a-w C:\WINDOWS\vmmreg32.dll
2007-10-30 13:08 --------- d-----w C:\Documents and Settings\andrew\Application Data\HP
2007-10-16 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-14 19:54 --------- d-----w C:\Program Files\Common Files\SRS Labs Shared
2007-10-14 16:48 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-12 12:25 --------- d-----w C:\Program Files\Java
2007-10-11 20:25 --------- d-----w C:\Program Files\Windows Live
2007-10-11 20:23 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-10-11 20:20 --------- d-----w C:\Program Files\BroadJump(2)
2007-10-10 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-10-10 22:23 --------- d-----w C:\Program Files\SRS Labs
2007-10-10 16:43 584,704 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-10 10:30 --------- d-----w C:\Program Files\Ahead
2007-10-08 23:03 --------- d-----w C:\Program Files\Common Files\Java
2007-10-08 21:29 --------- d-----w C:\Program Files\PCPitstop
2007-10-08 19:23 --------- d-----w C:\Program Files\inKline Global
2007-10-08 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-08 18:52 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-08 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-08 18:06 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-10-08 16:40 --------- d-----w C:\Program Files\VS Revo Group
2007-10-08 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2007-10-07 18:32 --------- d-----w C:\Documents and Settings\andrew\Application Data\Virgin Broadband
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2007-11-03 21:25]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 17:19]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-02-04 00:49]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-02-04 00:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2007-11-03 21:46]
"PCTVOICE"="pctspk.exe" [2007-11-03 21:38 C:\WINDOWS\system32\pctspk.exe]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2005-12-28 10:39]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-25 01:55]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-25 01:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
OP_CACHE.ATR [2007-11-24 18:01:53]
OP_CACHE.IDX [2007-11-24 18:01:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R3 MTC0001_MPB;MPB device driver;C:\WINDOWS\system32\ntMPB.sys
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-25 18:12:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 18:16:55 - machine was rebooted
.
--- E O F ---
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 25, 2007 5:51:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/11/2007
Kaspersky Anti-Virus database records: 465354
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 85507
Number of viruses found: 6
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 05:05:27
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy5.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\andrew\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\andrew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\History\History.IE5\MSHist012007112520071126\index.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\andrew\ntuser.dat Object is locked skipped
C:\Documents and Settings\andrew\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Ntf5.tmp Object is locked skipped
C:\Ntf6.tmp Object is locked skipped
C:\System Recovery\OP_CACHE.ATR Object is locked skipped
C:\System Recovery\OP_CACHE.IDX Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010002.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\OP_CACHE.ATR Object is locked skipped
C:\System Volume Information\OP_CACHE.IDX Object is locked skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP218\A0067333.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP218\A0067334.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP218\A0067336.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP218\A0067358.dll Infected: not-a-virus:AdWare.Win32.Mirar.k skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP247\A0072847.exe Object is locked skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP247\A0072848.exe Object is locked skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP247\A0072849.dll Object is locked skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP247\A0072850.exe Object is locked skipped
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP274\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\'\China Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\'\China Crack.zip ZIP: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D71DA748-6724-4C04-BDF1-4686C31B31D0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\usgthrsvc\Perflib_Perfdata_6dc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\delete\commonfiles\hdaprop.dll Object is locked skipped
F:\delete\commonfiles\hdashcut.exe Object is locked skipped
F:\delete\commonfiles\hdaudbus.inf Object is locked skipped
F:\delete\commonfiles\hdaudbus.sys Object is locked skipped
F:\delete\commonfiles\hdaudio.inf Object is locked skipped
F:\delete\commonfiles\hdaudio.sys Object is locked skipped
F:\delete\commonfiles\hdaudres.dll Object is locked skipped
F:\delete\update\kb888111wxpsp2.cat Object is locked skipped
F:\delete\update\spcustom.dll Object is locked skipped
F:\delete\update\spmsg.dll Object is locked skipped
F:\delete\update\update.exe Object is locked skipped
F:\delete\update\update.inf Object is locked skipped
F:\delete\update\update.ver Object is locked skipped
F:\delete\update\updspapi.dll Object is locked skipped
F:\delete\winxpsp2\portcls.sys Object is locked skipped
F:\system backup\20071010_180618_andrew.nba/C/WINDOWS/system32/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
F:\system backup\20071010_180618_andrew.nba Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
F:\system backup\backup november\C\WINDOWS\system32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\OP_CACHE.ATR Object is locked skipped
F:\System Volume Information\OP_CACHE.IDX Object is locked skipped
F:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP247\A0072851.exe Object is locked skipped
F:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP247\A0072852.exe Object is locked skipped
G:\photo's\Desktop.ini Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\OP_CACHE.ATR Object is locked skipped
G:\System Volume Information\OP_CACHE.IDX Object is locked skipped
G:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP274\change.log Object is locked skipped
Scan process completed.
Adobe Reader 8.1.1
Advanced WindowsCare 2.55 Personal
Ashampoo FireWall 1.20
AVG 7.5
CCleaner (remove only)
Convert Doc
Easy Start Button
ERUNT 1.1j
Eusing Free Registry Cleaner
Glary Utilities 2.3.1.92
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
IE7Pro
Java(TM) 6 Update 3
Kaspersky Online Scanner
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Premium
Nero 7 Premium
neroxml
NET Installation Assistance for VB6 App (Runtime Only)
PC Booster
PC Pitstop Optimize 1.0v
Realtek AC'97 Audio
Remove DivX Codec
Revo Uninstaller 1.34
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
SiS 650
SiS 900 PCI Fast Ethernet Adapter Driver
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Unlocker 1.8.5
Windows Imaging Component
Windows Installer Clean Up
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery Beta
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:47, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.virginmedia.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: OP_CACHE.ATR
O4 - Global Startup: OP_CACHE.IDX
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone:
http://download.windowsupdate.comO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 1786011000O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee - (no file)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 6362 bytes
All logs in post. hope for help in sorting problems if needed. thankyou