Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Username   Need to register?
Password:   Forgot password?
Subject: (optional)
Icon: [*]
Formatting Mode:
Normal
Advanced
Help

Insert Bold text Insert Italicised text Insert Underlined text Insert Centered text Insert a Hyperlink Insert E-mail Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text Insert List
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
:) :( :D ;)
:cool: :o shocked_yellow :P
confused2 smokin: waveysmiley waggyfinger
brshteeth nananana lips_sealed kewl_glasses
Show All Smilies

Disable Smilies?
Use signature?
Turn BBCode off?
Receive email on reply?
The file size of the attachment must be under 200K.
Do not preview if you have attached an image.
Attachment:
    

Topic Review
Pancake

[*] posted on 1-2-2008 at 02:50
Your welcome..
au98

[*] posted on 1-2-2008 at 02:26
Thank you very much.
Pancake

[*] posted on 1-2-2008 at 01:10
Ok thats great.You are all done.All clean.

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

Quote:


ComboFix /u


au98

[*] posted on 1-2-2008 at 00:57
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 31, 2008 6:59:03 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/01/2008
Kaspersky Anti-Virus database records: 542685
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 34385
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:23:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Eric\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Eric\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eric\Local Settings\Temp\~DFD15B.tmp Object is locked skipped
C:\Documents and Settings\Eric\Local Settings\Temp\~DFD166.tmp Object is locked skipped
C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eric\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Eric\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BD647E03-2251-49F8-BC2F-4A6D8B5AB595}\RP33\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{57B063C0-FD41-4F5E-BD71-8F0A01273E00}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
Pancake

[*] posted on 31-1-2008 at 23:56
Ok good.Just need to do one online check and we are done.Due to the composition and layout of this site my colors and gifs dont show up.


Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • [color=#6666CC]Extended[/color]
    • Scan Options:
      • [color=#6666CC]Scan Archives
      • ScanMail Bases[/color]
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif

    http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
au98

[*] posted on 31-1-2008 at 23:16
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Pancake

[*] posted on 31-1-2008 at 21:28
Before we do any cleaning we need to download the installation package from Microsoft so that it can be used to install the Recovery Console on your computer.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. No validation required! Please select the download link below that's appropriate for your Operating System then download and save the setup package to your desktop. If necessary, change the language version to match your installation. Do NOT change the name of the downloaded file!



[color="Blue"] Microsoft Windows XP Home Edition[/color]
[B]Service Pack 1[/B]
http://www.microsoft.com/downloads/details.aspx?FamilyID=FBE5E4FC-695F-43E5-AF05-719F45C382A4

[B]Service Pack 2[/B]
http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464

[color="blue"]Microsoft Windows XP Professional [/color]
Without Service Packs

http://www.microsoft.com/downloads/details.aspx?FamilyID=55820EDB-5039-4955-BCB7-4FED408EA73F

[B]Service Pack 1[/B]
http://www.microsoft.com/downloads/details.aspx?FamilyID=83F53BE9-28FA-40E8-8EC2-631504EF5E26

[B]Service Pack 2[/B]
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124



Download the file & save it as it's originally named, next to the ComboFix.exe.


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.

[bad img]http://i100.photobucket.com/albums/m7/dasaki/CFScript.gif[/bad img]


Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

[color=RED]Please do not reboot your machine until we have reviewed the log.[/color]
au98

[*] posted on 31-1-2008 at 11:23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:33 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Security\HiJack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/s/commoditynews.dll?method=search&type=weather&searchText=39056&_lid=132&_lnm=SrchfrmHmPg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201744241036
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201747129639
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 4207 bytes
au98

[*] posted on 31-1-2008 at 11:22
ComboFix 08-01-31.4 - Eric 2008-01-31 5:19:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.712 [GMT -6:00]
Running from: D:\Security\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.window
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-30 22:22 . 2007-07-09 07:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-30 22:02 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-30 21:36 . 2008-01-30 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-01-30 21:34 . 2008-01-30 21:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-30 21:34 . 2008-01-30 21:39 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\AVG7
2008-01-30 21:34 . 2008-01-30 21:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-30 21:34 . 2008-01-30 21:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-30 21:33 . 2008-01-30 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-30 21:33 . 2008-01-31 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-30 21:20 . 2008-01-30 21:20 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-30 21:20 . 2008-01-30 21:20 <DIR> d-------- C:\WINDOWS\peernet
2008-01-30 21:19 . 2008-01-30 21:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-30 21:16 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-30 21:14 . 2008-01-30 21:14 <DIR> d-------- C:\WINDOWS\EHome
2008-01-30 21:11 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-01-30 21:11 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-01-30 21:11 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-01-30 20:54 . 2008-01-31 05:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-30 20:51 . 2008-01-30 20:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-30 20:51 . 2008-01-30 20:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 20:51 . 2008-01-30 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-30 20:49 . 2008-01-30 20:49 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-30 20:47 . 2007-12-20 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-30 20:30 . 2004-08-04 01:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-30 20:30 . 2004-08-04 01:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-30 20:30 . 2004-08-04 01:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-30 20:30 . 2004-08-04 01:56 77,312 --a------ C:\WINDOWS\system32\browser.dll
2008-01-30 20:30 . 2007-03-08 09:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-01-30 20:29 . 2008-01-30 20:29 <DIR> d-------- C:\Program Files\ATI Multimedia
2008-01-30 20:27 . 2008-01-30 20:27 <DIR> d-------- C:\Program Files\Windows Media Components
2008-01-30 20:26 . 2008-01-30 20:26 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-30 20:26 . 2008-01-30 20:26 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-01-30 20:26 . 2008-01-30 20:29 <DIR> d-------- C:\Program Files\Common Files\ATI
2008-01-30 20:25 . 2008-01-30 20:47 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-01-30 20:25 . 2008-01-30 20:25 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-30 20:24 . 2008-01-30 20:26 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-30 20:21 . 2008-01-30 20:41 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-01-30 20:21 . 2004-01-09 23:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-12-20 21:53 . 2007-12-20 21:53 2,843,136 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-20 21:09 . 2007-12-20 21:09 368,640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-20 21:08 . 2007-12-20 21:08 272,384 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-12-20 21:02 . 2007-12-20 21:02 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-12-20 20:59 . 2007-12-20 20:59 147,456 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-12-20 20:59 . 2007-12-20 20:59 122,880 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-12-20 20:59 . 2007-12-20 20:59 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-12-20 20:59 . 2007-12-20 20:59 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-20 20:58 . 2007-12-20 20:58 122,880 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-12-20 20:57 . 2007-12-20 20:57 512,000 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-12-20 20:56 . 2007-12-20 20:56 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-12-20 20:53 . 2007-12-20 20:53 9,826,304 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-12-20 20:47 . 2007-12-20 20:47 3,120,640 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-12-20 20:36 . 2007-12-20 20:36 1,661,696 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-12-20 20:35 . 2007-12-20 20:35 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-12-20 20:35 . 2007-12-20 20:35 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-12-20 20:35 . 2007-12-20 20:35 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-12-20 20:24 . 2007-12-20 20:24 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll
2007-12-20 20:20 . 2007-12-20 20:20 5,435,392 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-12-20 20:20 . 2007-12-20 20:20 385,024 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-12-20 20:18 . 2007-12-20 20:18 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-12-20 20:17 . 2007-12-20 20:17 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-20 20:15 . 2007-12-20 20:15 159,744 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-12-20 20:11 . 2007-12-20 20:11 499,712 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 02:27 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-31 02:21 --------- d-----w C:\Documents and Settings\Eric\Application Data\U3
2008-01-31 01:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ATI Launchpad"=""
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 05:06 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-30 21:51 219136]


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 05:20:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 5:20:54
ComboFix-quarantined-files.txt 2008-01-31 11:20:40
.
2008-01-31 07:07:00 --- E O F ---
Pancake

[*] posted on 31-1-2008 at 05:02
Ok thats fine....:D Just incase its left some of the old stuff in the system let run this...


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: It is important that it is saved directly to your desktop

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.


Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall




Caution...Never run and remove files using ComboFix without being supervised by a security analyst

.

au98

[*] posted on 31-1-2008 at 03:56
I decided to go with a fresh windows install. It had been a few years anyway. This looks much better. Thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:48 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Security\HiJack This\HiJackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201744241036
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201747129639
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 3172 bytes
Pancake

[*] posted on 31-1-2008 at 00:02
First thing I want you to do before we do any cleaning is to download Service Pack 1.

http://www.microsoft.com/windowsxp/downloads/updates/sp1/network.mspx.
Daz

[*] posted on 30-1-2008 at 03:52
Pancake is our resident expert on HJT logs, he'll pop in at some point to give you his expert knowledge...

Hang in there though, because it looks to me like you've got one or two issues that need taking care of, other than just a general tidy up... (But I'm no expert, so will refrain from advising further...)

Welcome to KF btw... Enjoy your stay.

w_kf.gif
au98

[*] posted on 30-1-2008 at 00:12
Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:11 PM, on 1/29/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Motive\McciCMService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\AT&T\Internet Security Wizard\ISW.exe
E:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Security\HiJack This\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: Atlanta_Braves - {59b69dba-fa12-4a55-9b87-8ea71bc03108} - E:\Program Files\Atlanta_Braves\tbAtl1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\System32\userinit.exe,msmsgs.exe,winwork.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1037CEC5-2507-1DD9-531B-5200BBCC8BBA} - E:\WINDOWS\System32\uwtnbclt.dll
O2 - BHO: (no name) - {331549FF-0AAA-46ED-9A2E-BCB3A801906F} - E:\WINDOWS\System32\ssqpm.dll (file missing)
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - E:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Atlanta_Braves - {59b69dba-fa12-4a55-9b87-8ea71bc03108} - E:\Program Files\Atlanta_Braves\tbAtl1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - E:\Program Files\QdrDrive\QdrDrive10.dll
O2 - BHO: (no name) - {A61544B7-F792-44D9-91D9-737F628709D3} - E:\WINDOWS\System32\sstqr.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {B6532491-6B06-427E-863E-70356BA05D7E} - E:\WINDOWS\System32\awvtu.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar4.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Atlanta_Braves - {59b69dba-fa12-4a55-9b87-8ea71bc03108} - E:\Program Files\Atlanta_Braves\tbAtl1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - E:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ISW.exe] "E:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] E:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "E:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [Ascs] "E:\WINDOWS\FNTS~1\ati2evxx.exe" -vt yazb (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [QdrModule12] "E:\Program Files\QdrModule\QdrModule12.exe" (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [Jhx] E:\WINDOWS\??crosoft\l?gonui.exe (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [Dot1XCfg] E:\Program Files\Dot1XCfg\Dot1XCfg.exe (User 'Jason')
O4 - HKUS\S-1-5-21-796845957-1450960922-725345543-1004\..\Run: [QdrPack12] "E:\Program Files\QdrPack\QdrPack12.exe" (User 'Jason')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26bba9f8a7414e35d506/netzip/RdxIE601.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: fccdeef - fccdeef.dll (file missing)
O20 - Winlogon Notify: khfebay - khfebay.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Unknown owner - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - E:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11023 bytes