0

constantly getting bleeping nises and visrus checker is throwing up the culprit rbot.765952.17

here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 11:29:17, on 03/05/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Windows\system32\qpijvqti.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Windows\system32\conime.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\Dave\Desktop\f-bot.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] qpijvqti.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Windows Update] qpijvqti.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] qpijvqti.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186512785546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

3
Contributors
28
Replies
29
Views
9 Years
Discussion Span
Last Post by crunchie
0

Besides a couple of 'unknown' applications that i dont recognize as nasty and a few 'unkown' processes which seems ok to me, i cant see anything in your logs?

Do you know what these are?

C:\Program Files\RAM Def\ramdef.exe
C:\Windows\system32\qpijvqti.exe
C:\Users\Dave\Desktop\f-bot.exe

That executable in system32 worries me a bit but ive never seen it before? (might do some more research on that one unless crunchie can fill me in on it)

These items below are autoloading programs from the registry that i do not recognize as malicious(thats not to say they arent) Something to do with windows update in vista......
O4 - HKLM\..\Run: [Microsoft Windows Update] qpijvqti.exe

O4 - HKLM\..\RunServices: [Microsoft Windows Update] qpijvqti.exe

O4 - HKCU\..\Run: [Microsoft Windows Update] qpijvqti.exe

Apart from this your log looks fine!

If you like, try renaming the HiJackThis.exe to digitalfix.exe....rescan with it and post a new log.

Regards

0

Hi. First of all you need to update hijackthis to version 2.0.2. Download HijackThis from here. Download it to your desktop and NOT a temporary folder.

==========

Try running this;

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All
    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log
0

Sdfix doesnt seem to work woth vista any other ideas?

0

Sorry about that. I thought by now it would have been Vista compatible.

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0
ComboFix 08-05-09.1 - Dave 2008-05-11 13:17:01.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6000.0.1252.1.1033.18.1219 [GMT 1:00]
Running from: C:\Users\Dave\Desktop\ComboFix.exe
.
    /wow section not completed

(((((((((((((((((((((((((   Files Created from 2008-04-11 to 2008-05-11  )))))))))))))))))))))))))))))))
.

2008-05-11 13:16 . 2008-05-11 13:16 <DIR>    d--------   C:\327882R2FWJFW
2008-05-11 13:02 . 2008-05-11 13:02 4,958,588   --a------   C:\Windows\{00000004-00000000-00000004-00001102-00000004-20021102}.BAK
2008-05-11 12:48 . 2008-05-11 13:01 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\AOL
2008-05-11 12:48 . 2008-05-11 12:48 855 --a------   C:\Windows\aolback.exe.lnk
2008-05-11 12:46 . 2008-05-11 12:46 <DIR>    d--------   C:\Users\All Users\Viewpoint
2008-05-11 12:46 . 2008-05-11 12:46 <DIR>    d--------   C:\ProgramData\Viewpoint
2008-05-11 12:46 . 2008-05-11 12:27 54,832  --a------   C:\Windows\System32\AOLParconLink.exe
2008-05-11 12:31 . 2008-05-11 12:48 <DIR>    d--------   C:\Users\All Users\AOL
2008-05-11 12:31 . 2008-05-11 12:48 <DIR>    d--------   C:\ProgramData\AOL
2008-05-11 12:31 . 2008-05-11 12:47 <DIR>    d--------   C:\Program Files\Common Files\aolshare
2008-05-11 12:31 . 2008-05-11 13:10 <DIR>    d--------   C:\Program Files\AOL 9.0
2008-05-11 12:31 . 2006-11-29 23:24 33,588  --a------   C:\Windows\System32\drivers\wanatw4.sys
2008-05-11 11:51 . 2008-05-11 11:52 233,638,225 --a------   C:\Windows\MEMORY.DMP
2008-05-11 11:43 . 2005-01-14 04:41 11,254  --a------   C:\Windows\System32\locate.com
2008-05-11 11:41 . 2008-05-11 11:47 <DIR>    d--------   C:\MGtools
2008-05-11 11:41 . 2008-05-11 11:47 71,275  --a------   C:\MGlogs.zip
2008-05-11 11:17 . 2008-05-11 11:17 <DIR>    d--------   C:\cf
2008-05-11 10:26 . 2008-05-11 10:30 1,238,055   --a------   C:\MGtools.exe
2008-05-11 10:14 . 2008-05-11 10:14 335 --a------   C:\Windows\nsreg.dat
2008-05-07 12:58 . 2008-05-07 12:58 <DIR>    d--------   C:\Users\All Users\Yahoo! Companion
2008-05-07 12:58 . 2008-05-07 12:58 <DIR>    d--------   C:\ProgramData\Yahoo! Companion
2008-05-06 16:03 . 2008-05-06 16:03 354,560 --a------   C:\Windows\System32\TuneUpDefragService.exe
2008-05-06 16:03 . 2008-04-04 14:51 28,416  --a------   C:\Windows\System32\uxtuneup.dll
2008-05-06 16:03 . 2008-04-04 14:51 16,640  --a------   C:\Windows\System32\authuitu.dll
2008-05-06 10:39 . 2008-05-06 10:39 944,184 --a------   C:\Windows\System32\winload.exe
2008-05-06 10:39 . 2008-05-06 10:39 620,088 --a------   C:\Windows\System32\ci.dll
2008-05-06 10:39 . 2008-05-06 10:39 371,712 --a------   C:\Windows\System32\srcore.dll
2008-05-06 10:39 . 2008-05-06 10:39 313,856 --a------   C:\Windows\System32\rstrui.exe
2008-05-06 10:39 . 2008-05-06 10:39 40,960  --a------   C:\Windows\System32\srclient.dll
2008-05-06 10:39 . 2008-05-06 10:39 19,000  --a------   C:\Windows\System32\kd1394.dll
2008-05-06 10:39 . 2008-05-06 10:39 16,384  --a------   C:\Windows\System32\srdelayed.exe
2008-05-06 10:39 . 2008-05-06 10:39 7,168   --a------   C:\Windows\System32\f3ahvoas.dll
2008-05-06 10:39 . 2008-05-06 10:39 6,656   --a------   C:\Windows\System32\kbd106n.dll
2008-05-06 10:38 . 2008-05-06 10:38 2,027,008   --a------   C:\Windows\System32\win32k.sys
2008-05-06 10:38 . 2008-05-06 10:38 296,448 --a------   C:\Windows\System32\gdi32.dll
2008-05-03 15:34 . 2008-05-03 15:34 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\WaterProof
2008-05-03 15:33 . 2008-05-03 15:33 <DIR>    d--------   C:\Program Files\WaterProof
2008-05-03 15:28 . 2008-05-03 15:28 765 --a------   C:\Windows\wininit.ini
2008-05-03 14:46 . 2008-05-03 14:46 401,720 --a------   C:\Users\Dave\HiJackThis.exe
2008-05-03 12:15 . 2008-05-03 12:15 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\ActiveState
2008-05-03 11:44 . 2008-05-03 11:44 83,968  --a------   C:\Windows\System32\dnsrslvr.dll
2008-05-03 11:44 . 2008-05-03 11:44 24,576  --a------   C:\Windows\System32\dnscacheugc.exe
2008-05-03 11:41 . 2008-05-03 11:41 99,840  --a------   C:\Windows\System32\poqexec.exe
2008-05-03 11:03 . 2008-05-03 11:03 <DIR>    d--------   C:\Program Files\Yahoo!
2008-05-03 10:59 . 2008-05-03 11:15 <DIR>    d--------   C:\Program Files\ScanSpyware v3.8
2008-05-03 10:56 . 2008-05-03 10:57 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\AdwareAlert
2008-05-03 10:53 . 2008-05-03 10:53 <DIR>    dr-------   C:\Windows\System32\config\systemprofile\Documents
2008-05-03 10:52 . 2008-05-03 10:49 691,545 --a------   C:\Windows\unins000.exe
2008-05-03 10:52 . 2008-05-03 10:52 2,538   --a------   C:\Windows\unins000.dat
2008-05-03 10:37 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\ouwtoigq.exe
2008-05-03 10:27 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\tktslhpf.exe
2008-05-03 10:07 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\qfdyscpo.exe
2008-05-02 14:42 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\ocpzknen.exe
2008-05-02 14:42 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\bibrraad.exe
2008-05-02 13:17 . 2008-05-02 13:17 <DIR>    d--------   C:\Program Files\Discreet e-Learning
2008-05-02 13:16 . 2000-10-31 02:11 98,304  --a------   C:\Windows\System32\tsccvid.dll
2008-05-01 08:08 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\owhpxbcw.exe
2008-05-01 08:07 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\wmtxpecx.exe
2008-04-27 18:56 . 2008-04-27 18:56 <DIR>    d--------   C:\Program Files\Lavasoft
2008-04-27 18:50 . 2008-04-27 18:50 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\TuneUp Software
2008-04-27 18:49 . 2008-04-27 18:49 <DIR>    d--------   C:\Users\All Users\TuneUp Software
2008-04-27 18:49 . 2008-04-27 18:49 <DIR>    d--------   C:\ProgramData\TuneUp Software
2008-04-27 18:49 . 2008-05-06 16:03 <DIR>    d--------   C:\Program Files\TuneUp Utilities 2008
2008-04-25 17:33 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\wdkrmssf.exe
2008-04-25 17:33 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\vsyjsbyc.exe
2008-04-24 10:28 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\roalqllh.exe
2008-04-24 10:28 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\pzkedbbw.exe
2008-04-20 11:23 . 2008-04-20 11:24 <DIR>    d--h-----   C:\Program Files\Zero G Registry
2008-04-20 11:18 . 2008-04-20 11:18 <DIR>    d--h-----   C:\Users\Dave\InstallAnywhere
2008-04-18 13:25 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\egvqfboc.exe
2008-04-18 13:25 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\bspyjwxp.exe
2008-04-12 15:54 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\bpkahlqa.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 12:09    ---------   d-----w C:\Users\Dave\AppData\Roaming\WTablet
2008-05-11 11:53    ---------   d-----w C:\Program Files\Common Files\AOL
2008-05-11 10:57    ---------   d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-10 18:21    ---------   d-----w C:\ProgramData\Google Updater
2008-05-08 10:44    ---------   d-----w C:\Users\Dave\AppData\Roaming\CoreFTP
2008-05-07 15:05    ---------   d-----w C:\Users\Dave\AppData\Roaming\uTorrent
2008-05-07 14:19    ---------   d-----w C:\Users\Dave\AppData\Roaming\OpenOffice.org2
2008-05-07 13:38    ---------   d-----w C:\Program Files\PartyGaming
2008-05-06 15:09    ---------   d-----w C:\Program Files\Windows Mail
2008-05-06 09:40    ---------   d-----w C:\ProgramData\Microsoft Help
2008-05-05 09:50    ---------   d-----w C:\Program Files\iTunes
2008-05-05 09:50    ---------   d-----w C:\Program Files\iPod
2008-05-05 09:48    ---------   d-----w C:\Program Files\QuickTime
2008-05-05 09:40    ---------   d-----w C:\Program Files\Apple Software Update
2008-05-05 08:42    ---------   d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-03 11:18    ---------   d-----w C:\Program Files\Developers Pad
2008-05-03 10:42    826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-03 10:42    56,320  ----a-w C:\Windows\System32\iesetup.dll
2008-05-03 10:42    52,736  ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-03 10:42    26,624  ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-03 09:42    ---------   d-----w C:\Program Files\Opera
2008-05-03 09:37    ---------   d---a-w C:\ProgramData\TEMP
2008-04-27 18:08    ---------   d-----w C:\Program Files\Windows Media Connect 2
2008-04-27 17:53    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 10:26    ---------   d-----w C:\Users\Dave\AppData\Roaming\Sports Interactive
2008-04-20 10:23    ---------   d-----w C:\Program Files\Sports Interactive
2008-04-05 14:08    ---------   d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-04 16:01    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 16:01    ---------   d-----w C:\Program Files\Dark Basic Software
2008-03-30 21:28    ---------   d-----w C:\Program Files\VideoLAN
2008-03-26 11:58    ---------   d-----w C:\ProgramData\Avira
2008-03-26 11:58    ---------   d-----w C:\Program Files\Avira
2008-03-26 11:13    ---------   d-----w C:\ProgramData\iolo
2008-03-26 11:13    ---------   d-----w C:\Program Files\iolo
2008-03-25 18:16    ---------   d-----w C:\Users\Dave\AppData\Roaming\iolo
2008-03-25 17:04    74,703  ----a-w C:\Windows\System32\mfc45.dll
2008-03-24 19:28    ---------   d-----w C:\ProgramData\Joy coal mpeg heck
2008-03-24 11:36    102,664 ----a-w C:\Windows\system32\drivers\tmcomm.sys
2008-03-19 20:55    ---------   d-----w C:\Program Files\Java
2008-03-19 12:28    ---------   d-----w C:\Program Files\ActiveState Komodo Edit 4
2008-03-17 12:31    ---------   d-----w C:\Program Files\CoreFTP
2008-03-16 18:14    ---------   d-----w C:\Program Files\MSN Messenger
2008-03-16 18:13    ---------   d-----w C:\Program Files\Windows Live
2008-03-16 18:12    ---------   d-----w C:\ProgramData\WLInstaller
2008-03-12 11:16    ---------   dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 09:14    41,984  ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-12 09:14    1,060,920   ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-29 17:53    669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-02-29 17:53    66,872  ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-29 17:53    22,328  ----a-w C:\Users\Dave\AppData\Roaming\PnkBstrK.sys
2008-02-29 17:53    103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-17 10:48    613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-17 10:48    224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-17 10:48    194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 10:48    19,456  ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-17 10:45    3,504,696   ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 10:45    3,470,392   ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 10:44    537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 10:44    449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 10:44    4,247,552   ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 10:44    24,064  ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 10:44    22,016  ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 10:44    2,560   ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-17 10:44    2,144,256   ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 10:44    173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 10:44    167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 10:44    1,686,528   ----a-w C:\Windows\System32\gameux.dll
2008-02-17 10:40    1,244,672   ----a-w C:\Windows\System32\mcmde.dll
2007-11-05 20:02    174 --sha-w C:\Program Files\desktop.ini
2006-10-20 11:09    278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2005-09-20 12:07    52  ----a-w C:\Program Files\Save Windows and Programs (No Data or Documents).BDF
2005-09-20 12:07    52  ----a-w C:\Program Files\Save Data and Documents Only.BDF
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\axbrvpte.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\bibrraad.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\bkmcgiyf.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\bpkahlqa.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\bspyjwxp.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\cfuctank.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\cgqyeyds.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\dzllsxef.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\egvqfboc.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\ggjckaht.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\jgjiszqs.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\jvajkmuy.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\jxhqhuhs.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\lgnmodzc.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\lilsxriu.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\ljyzrhfe.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\mdmidzgf.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\mwmampqr.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\ocpzknen.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\oscurynf.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\othbkolp.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\ouwtoigq.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\owhpxbcw.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\pawyvbrt.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\pzkedbbw.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\qehkqzer.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\qfdyscpo.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\qphbmnie.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\qsuyoyot.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\rlygipjw.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\roalqllh.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\tgarjdgg.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\thgqejpc.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\tktslhpf.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\tpkupwon.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\twawbche.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\vjerjsog.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\vsyjsbyc.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\wbvoermp.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\wdkrmssf.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\wmtxpecx.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\xhrxfcrk.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\yhsjfvtv.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\ynsnpvzp.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\yzzdjyvy.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\zrpkyvow.exe
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 10:45 8704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-18 07:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-05 19:31 1006264]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-11-02 10:44 989696 C:\Windows\System32\bthprops.cpl]
"RAMDef"="C:\Program Files\RAM Def\ramdef.exe" [2002-10-28 13:39 122040]
"CTHelper"="CTHELPER.EXE" [2007-02-12 20:47 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 20:47 19968 C:\Windows\System32\CTXFIHLP.EXE]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 12:58 176128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-03 10:40 262401]
"HostManager"="C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-07-11 13:15:13 132656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\utorrent\\utorrent.exe-UDP-Standard"= TCP:Profile=Public|C:\utorrent\utorrent.exe:µTorrent
"C:\\utorrent\\utorrent.exe-TCP-Standard"= UDP:Profile=Public|C:\utorrent\utorrent.exe:µTorrent
"C:\\Program Files\\TVAnts\\Tvants.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\TVAnts\Tvants.exe:TVAnts
"C:\\Program Files\\TVAnts\\Tvants.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\TVAnts\Tvants.exe:TVAnts
"C:\\Program Files\\SopCast\\SopCast.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\SopCast\SopCast.exe:SopCast Main Application
"C:\\Program Files\\SopCast\\SopCast.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\SopCast\SopCast.exe:SopCast Main Application
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Messenger\\msmsgs.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\\Program Files\\Messenger\\msmsgs.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\\Program Files\\iTunes\\iTunes.exe-UDP-Standard"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\iTunes\\iTunes.exe-TCP-Standard"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\IBP 9\\IBP.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\IBP 9\IBP.exe:Internet Business Promoter (IBP)
"C:\\Program Files\\IBP 9\\IBP.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\IBP 9\IBP.exe:Internet Business Promoter (IBP)
"C:\\Program Files\\Bonjour\\mDNSResponder.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"C:\\Program Files\\Bonjour\\mDNSResponder.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"TCP Query User{E05D58D4-6560-400F-A664-64191E7CA826}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{F9A0ED79-DB85-4E49-93DE-76DB28B2F15B}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{426FBEA7-1A5E-48A4-878C-C105CBF84334}C:\\users\\dave\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\dave\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{9F23201F-CE52-4663-8527-143BFEDF2151}C:\\users\\dave\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\dave\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{57E00588-0F89-44E0-A247-F47B6E47450C}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{53EE0EEC-A933-4A48-A748-EA10F313C919}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{C9ED7F9B-A248-42A6-89B6-9F8A9EA99E82}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{158F18F6-D29C-4530-A8D7-8B51E7149F11}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{6DB8402B-1FBB-4A49-9BB7-9FC94B1C47FE}"= UDP:H:\unreal\Binaries\UT3.exe:Unreal Tournament 3
"{CEC74C67-A518-48CA-B048-4BC42D41E89F}"= TCP:H:\unreal\Binaries\UT3.exe:Unreal Tournament 3
"{84B3973C-7D95-4A19-8F0C-F4987831704D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{36037F1D-7BDB-4820-8F36-1D10FEBCD72D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DC709908-E897-4293-BE2B-E814DFBF470B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{088112E6-BED9-432A-9468-AF9C7734FFC2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0893BA79-0B4F-4A45-9111-98D2F73DF0FF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{724B2031-4947-40EB-9317-E51AF25D4CDC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BD5A081B-EA6A-4AF8-9A13-DAF47F4C2C7C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{776D0B28-F065-4CBA-9B91-9127880D94F7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8394283E-36F2-4DB6-A825-793290C5CDD7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6038B33C-0341-4FD5-AEFD-1C214B316338}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{07DC3DAD-53D5-4315-8DEE-1251D0593271}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{E66E0EEC-6430-4BB5-AEEE-19B1D12FD79B}H:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:H:\program files\autodesk\maya2008\bin\maya.exe:Maya
"UDP Query User{60570AD3-ED4A-4904-8DD8-63C065E4231B}H:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:H:\program files\autodesk\maya2008\bin\maya.exe:Maya
"TCP Query User{B179DF4A-4D4B-42AF-BF1C-76B08DB0C129}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{AE4F3A99-B3AC-458E-A905-0BD19A468184}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{9FF7EF2A-82E6-4E65-A32E-4BB4CC926B61}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{82CC5686-BD3B-4054-B6FF-6D0769C2C4B7}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{3CB84FEF-4FCE-47DC-8161-F1CBC11799EF}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{6C78AB72-2D71-4B13-A849-A717CE5FE326}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{FC49E3C6-4DE5-46C7-A6CE-ACD488A61588}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{FF572F38-CC5B-4DB2-A2D6-F2872427FF51}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{0801D404-1A75-4A62-8F8A-5DEC132E3049}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{FD8CF48C-CE3B-435E-A297-789CC90A6FA9}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{F1DB7785-1283-4E2D-8093-9BAB773400A6}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5CC46B23-F7F5-431D-9551-7A3B8E060075}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{7C418694-2DC5-486F-8099-DBE0143E2919}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C104931C-22A9-4303-9666-41A7E498A502}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{16936F71-55E0-44AF-8C78-0B72FF4CF8B9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C0C54C3F-939F-4DB0-9B36-1A2687708F62}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D466F799-29B1-489F-BCE8-EE26F3BA4AA0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F834A401-D696-4406-9317-EB3F6D3973FF}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{04F1F59F-D018-4E8B-A273-FD8D456D3003}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0B0FDDF8-379F-4519-993C-2649EA6643AE}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5CB1894E-FC63-419D-A81A-85006A73334D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15A36052-ED44-42E0-ADBB-1F08A37FB45E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F3206ABD-6493-447A-B8E7-C3F93447D2C8}C:\\windows\\system32\\jgjiszqs.exe"= UDP:C:\windows\system32\jgjiszqs.exe:jgjiszqs
"UDP Query User{9C85A4F2-5CC9-4905-AD06-6DD9914BF5DA}C:\\windows\\system32\\jgjiszqs.exe"= TCP:C:\windows\system32\jgjiszqs.exe:jgjiszqs
"{F1DE8232-3B4B-4649-A281-AFED640388EA}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{930E6734-29D4-41F0-A99F-E32D2C35BF2D}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{A0634106-A719-439C-AB18-572D474B63C4}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{DACBE09F-6582-485A-BF49-44196A9D94FB}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{3E7A4E3A-8EC3-42ED-8D52-35FC4085EEC3}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{7826A1F6-143A-442F-A361-11281D378B4B}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{049DAC5B-5F8C-4F08-B7D2-B8FE1C3CC39F}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{EEF25ED6-EA8D-4BE6-ABDB-FA1447FC77FC}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{F2470EA9-E515-41AC-BA31-F757668039EA}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{98E37358-7C01-415E-B706-2A79739492A7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{5FC1F75C-CBF4-4AE0-B1B1-F4C323DDF218}C:\\program files\\waterproof\\phpedit\\2.12.8\\extensions\\dbg\\dbglistener.exe"= UDP:C:\program files\waterproof\phpedit\2.12.8\extensions\dbg\dbglistener.exe:Listener for php debugger DBG
"UDP Query User{2850068E-2C6E-4ED4-BC7E-E19B39C443A0}C:\\program files\\waterproof\\phpedit\\2.12.8\\extensions\\dbg\\dbglistener.exe"= TCP:C:\program files\waterproof\phpedit\2.12.8\extensions\dbg\dbglistener.exe:Listener for php debugger DBG
"TCP Query User{2CCEFD09-E466-4B23-98C3-926A35EB0F9A}C:\\program files\\waterproof\\phpedit\\2.12.8\\phpedit.exe"= UDP:C:\program files\waterproof\phpedit\2.12.8\phpedit.exe:PHPEdit - The PHP IDE
"UDP Query User{70EB3B0D-8ABA-4B91-8605-53FB9F3CCB4D}C:\\program files\\waterproof\\phpedit\\2.12.8\\phpedit.exe"= TCP:C:\program files\waterproof\phpedit\2.12.8\phpedit.exe:PHPEdit - The PHP IDE
"{EAC2F4A5-972F-4B2A-8020-BBEA49396EAE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FEB7FF30-D24D-4468-BC75-DEF48DD1D6C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0AEB14E4-9666-4AFF-BE8A-2065DA8280F9}"= UDP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{1FBA6D27-EBFC-463C-9FE4-F88D2E6C2877}"= TCP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{D7F07924-1CE7-421D-8DEC-5AFBE47C843D}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{33687362-DEC2-46FF-B7C8-CF82C69B6883}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{7117EE63-2804-4CA2-A94C-CA0D53A94991}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A07A7C15-7885-4DF6-9BE6-23DBEE3E72B8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E8FA962E-6ECA-4A9E-B42C-8F6FA830A771}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{B7640469-2281-4B6B-9EB1-65271B65A7B7}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Documents and Settings\\Dave\\Application Data\\SopCast\\adv\\SopAdver.exe"= C:\Users\Dave\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"= C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\\Program Files\\IBP 9\\IBP.exe"= C:\Program Files\IBP 9\IBP.exe:*:Enabled:Internet Business Promoter (IBP)
"C:\\Program Files\\iTunes\\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\\Program Files\\Messenger\\msmsgs.exe"= C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\\Program Files\\SopCast\\SopCast.exe"= C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\\Program Files\\TVAnts\\Tvants.exe"= C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\\utorrent\\utorrent.exe"= C:\utorrent\utorrent.exe:*:Enabled:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 15:12]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 HabuFltr;Habu Mouse;C:\Windows\system32\drivers\habu.sys [2006-08-14 11:21]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-11-05 17:27]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-06 16:03]
S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 12:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup    REG_MULTI_SZ    WUDFSvc
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ    hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ    BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 16:17:20 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-11 11:45:01 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-02 15:00:00 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-05-11 13:17:31
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************
.
Completion time: 2008-05-11 13:24:34

Pre-Run: 49,773,588,480 bytes free
Post-Run: 49,729,724,416 bytes free

417 --- E O F ---   2008-05-06 09:40:48


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:25, on 11/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Common Files\AOL\1210505470\ee\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\common files\aol\1210505470\ee\anotify.exe
C:\Users\Dave\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://uk.msn.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186512785546[/url]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url]http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F444044-83BB-4F4D-8783-7F81A1EC6162}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 10778 bytes

Edited by Reverend Jim: Fixed formatting

0

Please go to Jotti's or to virustotal and have these files scanned.



C:\Windows\System32\ouwtoigq.exe
C:\Windows\System32\tktslhpf.exe
C:\Windows\System32\qfdyscpo.exe
C:\Windows\System32\ocpzknen.exe
C:\Windows\System32\bibrraad.exe
C:\Windows\System32\owhpxbcw.exe
C:\Windows\System32\wmtxpecx.exe
C:\Windows\System32\wdkrmssf.exe
C:\Windows\System32\vsyjsbyc.exe
C:\Windows\System32\roalqllh.exe
C:\Windows\System32\pzkedbbw.exe
C:\Windows\System32\egvqfboc.exe
C:\Windows\System32\bspyjwxp.exe
C:\Windows\System32\bpkahlqa.exe
C:\Windows\System32\axbrvpte.exe
C:\Windows\System32\bkmcgiyf.exe
C:\Windows\System32\cfuctank.exe
C:\Windows\System32\cgqyeyds.exe
C:\Windows\System32\dzllsxef.exe
C:\Windows\System32\ggjckaht.exe
C:\Windows\System32\jgjiszqs.exe
C:\Windows\System32\jvajkmuy.exe
C:\Windows\System32\jxhqhuhs.exe
C:\Windows\System32\lgnmodzc.exe
C:\Windows\System32\lilsxriu.exe
C:\Windows\System32\ljyzrhfe.exe
C:\Windows\System32\mdmidzgf.exe
C:\Windows\System32\mwmampqr.exe
C:\Windows\System32\oscurynf.exe
C:\Windows\System32\othbkolp.exe
C:\Windows\System32\pawyvbrt.exe
C:\Windows\System32\qehkqzer.exe
C:\Windows\System32\qphbmnie.exe
C:\Windows\System32\qsuyoyot.exe
C:\Windows\System32\rlygipjw.exe
C:\Windows\System32\tgarjdgg.exe
C:\Windows\System32\thgqejpc.exe
C:\Windows\System32\tpkupwon.exe
C:\Windows\System32\twawbche.exe
C:\Windows\System32\vjerjsog.exe
C:\Windows\System32\wbvoermp.exe
C:\Windows\System32\xhrxfcrk.exe
C:\Windows\System32\yhsjfvtv.exe
C:\Windows\System32\ynsnpvzp.exe
C:\Windows\System32\yzzdjyvy.exe
C:\Windows\System32\zrpkyvow.exe



=======

If they come back bad as I suspect they will, do the following;


==

1. Pleaseopen Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
KillAll::

File::
C:\Windows\System32\ouwtoigq.exe
C:\Windows\System32\tktslhpf.exe
C:\Windows\System32\qfdyscpo.exe
C:\Windows\System32\ocpzknen.exe
C:\Windows\System32\bibrraad.exe
C:\Windows\System32\owhpxbcw.exe
C:\Windows\System32\wmtxpecx.exe
C:\Windows\System32\wdkrmssf.exe
C:\Windows\System32\vsyjsbyc.exe
C:\Windows\System32\roalqllh.exe
C:\Windows\System32\pzkedbbw.exe
C:\Windows\System32\egvqfboc.exe
C:\Windows\System32\bspyjwxp.exe
C:\Windows\System32\bpkahlqa.exe
C:\Windows\System32\axbrvpte.exe
C:\Windows\System32\bkmcgiyf.exe
C:\Windows\System32\cfuctank.exe
C:\Windows\System32\cgqyeyds.exe
C:\Windows\System32\dzllsxef.exe
C:\Windows\System32\ggjckaht.exe
C:\Windows\System32\jgjiszqs.exe
C:\Windows\System32\jvajkmuy.exe
C:\Windows\System32\jxhqhuhs.exe
C:\Windows\System32\lgnmodzc.exe
C:\Windows\System32\lilsxriu.exe
C:\Windows\System32\ljyzrhfe.exe
C:\Windows\System32\mdmidzgf.exe
C:\Windows\System32\mwmampqr.exe
C:\Windows\System32\oscurynf.exe
C:\Windows\System32\othbkolp.exe
C:\Windows\System32\pawyvbrt.exe
C:\Windows\System32\qehkqzer.exe
C:\Windows\System32\qphbmnie.exe
C:\Windows\System32\qsuyoyot.exe
C:\Windows\System32\rlygipjw.exe
C:\Windows\System32\tgarjdgg.exe
C:\Windows\System32\thgqejpc.exe
C:\Windows\System32\tpkupwon.exe
C:\Windows\System32\twawbche.exe
C:\Windows\System32\vjerjsog.exe
C:\Windows\System32\wbvoermp.exe
C:\Windows\System32\xhrxfcrk.exe
C:\Windows\System32\yhsjfvtv.exe
C:\Windows\System32\ynsnpvzp.exe
C:\Windows\System32\yzzdjyvy.exe
C:\Windows\System32\zrpkyvow.exeNote: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments th_CFScript.gif 27.09 KB
0

Hmmmm im once i have dragged the CFSscript.txt file into combofix its just saying trying to create a system restore point for 10 mins and does nothing. am i being impatient or is something wrong?

0

sorry didnt see this post(thought i was subscribed to the thread but apparently not)
There have been a few more detections of the virus so i uess i need to give yu new logs for a new script. Sorry.

Cfixer.
ComboFix 08-05-09.1 - Dave 2008-05-14  8:39:10.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6000.0.1252.1.1033.18.1092 [GMT 1:00]
Running from: C:\Users\Dave\Desktop\ComboFix.exe
.
    /wow section not completed

(((((((((((((((((((((((((   Files Created from 2008-04-14 to 2008-05-14  )))))))))))))))))))))))))))))))
.

2008-05-14 08:38 . 2008-05-14 08:38 <DIR>    d--------   C:\327882R2FWJFW
2008-05-13 13:41 . 2008-05-13 13:41 0   --ah-----   C:\Windows\SwSys2.bmp
2008-05-13 13:41 . 2008-05-13 13:41 0   --ah-----   C:\Windows\SwSys1.bmp
2008-05-13 13:40 . 2008-05-13 13:40 <DIR>    d--------   C:\Program Files\Game_Maker7
2008-05-12 21:08 . 2008-05-12 21:08 678,408 --a------   C:\Windows\System32\gpprefcl.dll
2008-05-12 11:51 . 2008-05-13 11:11 54,156  --ah-----   C:\Windows\QTFont.qfn
2008-05-12 11:51 . 2008-05-12 11:51 1,409   --a------   C:\Windows\QTFont.for
2008-05-11 14:15 . 2008-05-11 14:47 1,583   --a------   C:\Users\Dave\CFScript.txt
2008-05-11 13:02 . 2008-05-14 08:31 4,958,588   --a------   C:\Windows\{00000004-00000000-00000004-00001102-00000004-20021102}.BAK
2008-05-11 12:48 . 2008-05-11 13:01 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\AOL
2008-05-11 12:48 . 2008-05-11 12:48 855 --a------   C:\Windows\aolback.exe.lnk
2008-05-11 12:46 . 2008-05-11 12:46 <DIR>    d--------   C:\Users\All Users\Viewpoint
2008-05-11 12:46 . 2008-05-11 12:46 <DIR>    d--------   C:\ProgramData\Viewpoint
2008-05-11 12:46 . 2008-05-11 12:27 54,832  --a------   C:\Windows\System32\AOLParconLink.exe
2008-05-11 12:31 . 2008-05-11 13:36 <DIR>    d--------   C:\Users\All Users\AOL
2008-05-11 12:31 . 2008-05-11 13:36 <DIR>    d--------   C:\ProgramData\AOL
2008-05-11 12:31 . 2008-05-11 12:47 <DIR>    d--------   C:\Program Files\Common Files\aolshare
2008-05-11 12:31 . 2008-05-11 13:33 <DIR>    d--------   C:\Program Files\AOL 9.0
2008-05-11 12:31 . 2006-11-29 23:24 33,588  --a------   C:\Windows\System32\drivers\wanatw4.sys
2008-05-11 11:51 . 2008-05-13 09:59 270,218,657 --a------   C:\Windows\MEMORY.DMP
2008-05-11 11:43 . 2005-01-14 04:41 11,254  --a------   C:\Windows\System32\locate.com
2008-05-11 11:41 . 2008-05-11 11:47 <DIR>    d--------   C:\MGtools
2008-05-11 11:41 . 2008-05-11 11:47 71,275  --a------   C:\MGlogs.zip
2008-05-11 11:17 . 2008-05-11 11:17 <DIR>    d--------   C:\cf
2008-05-11 10:26 . 2008-05-11 10:30 1,238,055   --a------   C:\MGtools.exe
2008-05-11 10:14 . 2008-05-11 10:14 335 --a------   C:\Windows\nsreg.dat
2008-05-07 12:58 . 2008-05-07 12:58 <DIR>    d--------   C:\Users\All Users\Yahoo! Companion
2008-05-07 12:58 . 2008-05-07 12:58 <DIR>    d--------   C:\ProgramData\Yahoo! Companion
2008-05-06 16:03 . 2008-05-06 16:03 354,560 --a------   C:\Windows\System32\TuneUpDefragService.exe
2008-05-06 16:03 . 2008-04-04 14:51 28,416  --a------   C:\Windows\System32\uxtuneup.dll
2008-05-06 16:03 . 2008-04-04 14:51 16,640  --a------   C:\Windows\System32\authuitu.dll
2008-05-06 10:39 . 2008-05-06 10:39 944,184 --a------   C:\Windows\System32\winload.exe
2008-05-06 10:39 . 2008-05-06 10:39 620,088 --a------   C:\Windows\System32\ci.dll
2008-05-06 10:39 . 2008-05-06 10:39 371,712 --a------   C:\Windows\System32\srcore.dll
2008-05-06 10:39 . 2008-05-06 10:39 313,856 --a------   C:\Windows\System32\rstrui.exe
2008-05-06 10:39 . 2008-05-06 10:39 40,960  --a------   C:\Windows\System32\srclient.dll
2008-05-06 10:39 . 2008-05-06 10:39 19,000  --a------   C:\Windows\System32\kd1394.dll
2008-05-06 10:39 . 2008-05-06 10:39 16,384  --a------   C:\Windows\System32\srdelayed.exe
2008-05-06 10:39 . 2008-05-06 10:39 7,168   --a------   C:\Windows\System32\f3ahvoas.dll
2008-05-06 10:39 . 2008-05-06 10:39 6,656   --a------   C:\Windows\System32\kbd106n.dll
2008-05-06 10:38 . 2008-05-06 10:38 2,027,008   --a------   C:\Windows\System32\win32k.sys
2008-05-06 10:38 . 2008-05-06 10:38 296,448 --a------   C:\Windows\System32\gdi32.dll
2008-05-03 15:34 . 2008-05-03 15:34 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\WaterProof
2008-05-03 15:33 . 2008-05-03 15:33 <DIR>    d--------   C:\Program Files\WaterProof
2008-05-03 15:28 . 2008-05-03 15:28 765 --a------   C:\Windows\wininit.ini
2008-05-03 14:46 . 2008-05-03 14:46 401,720 --a------   C:\Users\Dave\HiJackThis.exe
2008-05-03 12:15 . 2008-05-03 12:15 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\ActiveState
2008-05-03 11:44 . 2008-05-03 11:44 83,968  --a------   C:\Windows\System32\dnsrslvr.dll
2008-05-03 11:44 . 2008-05-03 11:44 24,576  --a------   C:\Windows\System32\dnscacheugc.exe
2008-05-03 11:41 . 2008-05-03 11:41 99,840  --a------   C:\Windows\System32\poqexec.exe
2008-05-03 11:03 . 2008-05-03 11:03 <DIR>    d--------   C:\Program Files\Yahoo!
2008-05-03 10:59 . 2008-05-03 11:15 <DIR>    d--------   C:\Program Files\ScanSpyware v3.8
2008-05-03 10:56 . 2008-05-03 10:57 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\AdwareAlert
2008-05-03 10:53 . 2008-05-03 10:53 <DIR>    dr-------   C:\Windows\System32\config\systemprofile\Documents
2008-05-03 10:52 . 2008-05-03 10:49 691,545 --a------   C:\Windows\unins000.exe
2008-05-03 10:52 . 2008-05-03 10:52 2,538   --a------   C:\Windows\unins000.dat
2008-05-02 14:42 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\bibrraad.exe
2008-05-02 13:17 . 2008-05-02 13:17 <DIR>    d--------   C:\Program Files\Discreet e-Learning
2008-05-02 13:16 . 2000-10-31 02:11 98,304  --a------   C:\Windows\System32\tsccvid.dll
2008-04-27 18:56 . 2008-04-27 18:56 <DIR>    d--------   C:\Program Files\Lavasoft
2008-04-27 18:50 . 2008-04-27 18:50 <DIR>    d--------   C:\Users\Dave\AppData\Roaming\TuneUp Software
2008-04-27 18:49 . 2008-04-27 18:49 <DIR>    d--------   C:\Users\All Users\TuneUp Software
2008-04-27 18:49 . 2008-04-27 18:49 <DIR>    d--------   C:\ProgramData\TuneUp Software
2008-04-27 18:49 . 2008-05-06 16:03 <DIR>    d--------   C:\Program Files\TuneUp Utilities 2008
2008-04-20 11:23 . 2008-04-20 11:24 <DIR>    d--h-----   C:\Program Files\Zero G Registry
2008-04-20 11:18 . 2008-04-20 11:18 <DIR>    d--h-----   C:\Users\Dave\InstallAnywhere
2008-04-18 13:25 . 2007-11-14 17:52 765,952 -r-hs----   C:\Windows\System32\bspyjwxp.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 07:33    ---------   d-----w C:\Users\Dave\AppData\Roaming\WTablet
2008-05-14 06:52    ---------   d-----w C:\Users\Dave\AppData\Roaming\uTorrent
2008-05-13 21:21    ---------   d-----w C:\ProgramData\Google Updater
2008-05-11 11:53    ---------   d-----w C:\Program Files\Common Files\AOL
2008-05-11 10:57    ---------   d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-08 10:44    ---------   d-----w C:\Users\Dave\AppData\Roaming\CoreFTP
2008-05-07 14:19    ---------   d-----w C:\Users\Dave\AppData\Roaming\OpenOffice.org2
2008-05-07 13:38    ---------   d-----w C:\Program Files\PartyGaming
2008-05-06 15:09    ---------   d-----w C:\Program Files\Windows Mail
2008-05-06 09:40    ---------   d-----w C:\ProgramData\Microsoft Help
2008-05-05 09:50    ---------   d-----w C:\Program Files\iTunes
2008-05-05 09:50    ---------   d-----w C:\Program Files\iPod
2008-05-05 09:48    ---------   d-----w C:\Program Files\QuickTime
2008-05-05 09:40    ---------   d-----w C:\Program Files\Apple Software Update
2008-05-05 08:42    ---------   d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-03 11:18    ---------   d-----w C:\Program Files\Developers Pad
2008-05-03 10:42    826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-03 10:42    56,320  ----a-w C:\Windows\System32\iesetup.dll
2008-05-03 10:42    52,736  ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-03 10:42    26,624  ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-03 09:42    ---------   d-----w C:\Program Files\Opera
2008-05-03 09:37    ---------   d---a-w C:\ProgramData\TEMP
2008-04-27 18:08    ---------   d-----w C:\Program Files\Windows Media Connect 2
2008-04-27 17:53    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 10:26    ---------   d-----w C:\Users\Dave\AppData\Roaming\Sports Interactive
2008-04-20 10:23    ---------   d-----w C:\Program Files\Sports Interactive
2008-04-11 16:23    38,400  ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-05 14:08    ---------   d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-04 16:01    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 16:01    ---------   d-----w C:\Program Files\Dark Basic Software
2008-03-30 21:28    ---------   d-----w C:\Program Files\VideoLAN
2008-03-26 11:58    ---------   d-----w C:\ProgramData\Avira
2008-03-26 11:58    ---------   d-----w C:\Program Files\Avira
2008-03-26 11:13    ---------   d-----w C:\ProgramData\iolo
2008-03-26 11:13    ---------   d-----w C:\Program Files\iolo
2008-03-25 18:16    ---------   d-----w C:\Users\Dave\AppData\Roaming\iolo
2008-03-25 17:04    74,703  ----a-w C:\Windows\System32\mfc45.dll
2008-03-24 19:28    ---------   d-----w C:\ProgramData\Joy coal mpeg heck
2008-03-24 11:36    102,664 ----a-w C:\Windows\system32\drivers\tmcomm.sys
2008-03-19 20:55    ---------   d-----w C:\Program Files\Java
2008-03-19 12:28    ---------   d-----w C:\Program Files\ActiveState Komodo Edit 4
2008-03-17 12:31    ---------   d-----w C:\Program Files\CoreFTP
2008-03-16 18:14    ---------   d-----w C:\Program Files\MSN Messenger
2008-03-16 18:13    ---------   d-----w C:\Program Files\Windows Live
2008-03-16 18:12    ---------   d-----w C:\ProgramData\WLInstaller
2008-02-29 17:53    669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-02-29 17:53    66,872  ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-29 17:53    22,328  ----a-w C:\Users\Dave\AppData\Roaming\PnkBstrK.sys
2008-02-29 17:53    103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-17 10:48    613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-17 10:48    224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-17 10:48    194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 10:48    19,456  ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-17 10:45    3,504,696   ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 10:45    3,470,392   ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 10:44    537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 10:44    449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 10:44    4,247,552   ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 10:44    24,064  ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 10:44    22,016  ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 10:44    2,560   ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-17 10:44    2,144,256   ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 10:44    173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 10:44    167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 10:44    1,686,528   ----a-w C:\Windows\System32\gameux.dll
2008-02-17 10:40    1,244,672   ----a-w C:\Windows\System32\mcmde.dll
2007-11-05 20:02    174 --sha-w C:\Program Files\desktop.ini
2006-10-20 11:09    278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2005-09-20 12:07    52  ----a-w C:\Program Files\Save Windows and Programs (No Data or Documents).BDF
2005-09-20 12:07    52  ----a-w C:\Program Files\Save Data and Documents Only.BDF
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\axbrvpte.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\bibrraad.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\bspyjwxp.exe
2007-11-14 16:52    765,952 --sh--r C:\Windows\System32\cfuctank.exe
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((   snapshot@2008-05-11_13.23.01.70   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 12:04:33   67,584  --s-a-w C:\Windows\bootstat.dat
+ 2008-05-14 07:33:10   67,584  --s-a-w C:\Windows\bootstat.dat
+ 2004-07-15 01:49:16   258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_aspnet_isapi.dll
+ 2004-07-15 00:32:22   81,920  ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_CORPerfMonExt.dll
+ 2004-07-15 00:24:30   282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_fusion.dll
+ 2004-07-15 00:25:06   315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorjit.dll
+ 2004-07-15 14:29:02   2,138,112   ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorlib.dll
+ 2003-02-20 19:09:18   77,824  ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorsn.dll
+ 2004-07-15 00:26:52   2,510,848   ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorsvr.dll
+ 2004-07-15 00:28:34   2,502,656   ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorwks.dll
+ 2003-02-21 04:42:22   348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_msvcr71.dll
+ 2004-07-15 00:34:50   94,208  ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_PerfCounter.dll
+ 2004-07-15 01:49:16   258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_aspnet_isapi.dll
+ 2004-07-15 00:32:22   81,920  ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_CORPerfMonExt.dll
+ 2004-07-15 00:24:30   282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_fusion.dll
+ 2004-07-15 00:25:06   315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorjit.dll
+ 2004-07-15 14:29:02   2,138,112   ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorlib.dll
+ 2003-02-20 19:09:18   77,824  ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorsn.dll
+ 2004-07-15 00:26:52   2,510,848   ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorsvr.dll
+ 2004-07-15 00:28:34   2,502,656   ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorwks.dll
+ 2003-02-21 04:42:22   348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_msvcr71.dll
+ 2004-07-15 00:34:50   94,208  ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_PerfCounter.dll
- 2008-05-11 12:04:34   2,048   --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-14 07:33:11   2,048   --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-11 12:04:34   2,048   --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-14 07:33:11   2,048   --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-11 12:06:14   262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-14 01:24:37   262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-11 12:10:08   1,310,720   --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-14 07:34:40   1,310,720   --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-11 12:07:43   262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-14 01:32:35   262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-11 12:17:09   1,310,720   --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-14 07:39:27   1,310,720   --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-11 12:14:03   32,768  --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-13 21:21:38   32,768  --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-11 12:14:03   49,152  --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-13 21:21:38   49,152  --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-11 12:14:03   32,768  --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-13 21:21:38   32,768  --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-11 12:10:52   117,292 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-13 10:15:45   117,292 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-11 12:10:52   128,134 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-13 10:15:45   128,134 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-11 12:10:52   643,670 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-13 10:15:45   643,670 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-11 12:10:53   689,746 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-13 10:15:45   689,746 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-11 12:02:53   6,553,600   ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-12 22:54:59   6,553,600   ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-11 12:11:11   11,306  ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1078081533-1500820517-839522115-1004_UserData.bin
+ 2008-05-14 07:34:59   11,580  ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1078081533-1500820517-839522115-1004_UserData.bin
- 2008-05-11 12:11:10   63,038  ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 07:34:59   63,716  ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-11 12:11:08   53,788  ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 07:34:58   54,984  ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-12 20:08:46   678,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-g..ppolicy-policymaker_31bf3856ad364e35_6.0.6001.18034_none_372cc6574910ad11\gpprefcl.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 10:45 8704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-05 19:31 1006264]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-11-02 10:44 989696 C:\Windows\System32\bthprops.cpl]
"RAMDef"="C:\Program Files\RAM Def\ramdef.exe" [2002-10-28 13:39 122040]
"CTHelper"="CTHELPER.EXE" [2007-02-12 20:47 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 20:47 19968 C:\Windows\System32\CTXFIHLP.EXE]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 12:58 176128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-03 10:40 262401]
"HostManager"="C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-07-11 13:15:13 132656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\utorrent\\utorrent.exe-UDP-Standard"= TCP:Profile=Public|C:\utorrent\utorrent.exe:µTorrent
"C:\\utorrent\\utorrent.exe-TCP-Standard"= UDP:Profile=Public|C:\utorrent\utorrent.exe:µTorrent
"C:\\Program Files\\TVAnts\\Tvants.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\TVAnts\Tvants.exe:TVAnts
"C:\\Program Files\\TVAnts\\Tvants.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\TVAnts\Tvants.exe:TVAnts
"C:\\Program Files\\SopCast\\SopCast.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\SopCast\SopCast.exe:SopCast Main Application
"C:\\Program Files\\SopCast\\SopCast.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\SopCast\SopCast.exe:SopCast Main Application
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Messenger\\msmsgs.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\\Program Files\\Messenger\\msmsgs.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\\Program Files\\iTunes\\iTunes.exe-UDP-Standard"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\iTunes\\iTunes.exe-TCP-Standard"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\IBP 9\\IBP.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\IBP 9\IBP.exe:Internet Business Promoter (IBP)
"C:\\Program Files\\IBP 9\\IBP.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\IBP 9\IBP.exe:Internet Business Promoter (IBP)
"C:\\Program Files\\Bonjour\\mDNSResponder.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"C:\\Program Files\\Bonjour\\mDNSResponder.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"TCP Query User{E05D58D4-6560-400F-A664-64191E7CA826}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{F9A0ED79-DB85-4E49-93DE-76DB28B2F15B}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{426FBEA7-1A5E-48A4-878C-C105CBF84334}C:\\users\\dave\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\dave\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{9F23201F-CE52-4663-8527-143BFEDF2151}C:\\users\\dave\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\dave\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{57E00588-0F89-44E0-A247-F47B6E47450C}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{53EE0EEC-A933-4A48-A748-EA10F313C919}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{C9ED7F9B-A248-42A6-89B6-9F8A9EA99E82}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{158F18F6-D29C-4530-A8D7-8B51E7149F11}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{6DB8402B-1FBB-4A49-9BB7-9FC94B1C47FE}"= UDP:H:\unreal\Binaries\UT3.exe:Unreal Tournament 3
"{CEC74C67-A518-48CA-B048-4BC42D41E89F}"= TCP:H:\unreal\Binaries\UT3.exe:Unreal Tournament 3
"{84B3973C-7D95-4A19-8F0C-F4987831704D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{36037F1D-7BDB-4820-8F36-1D10FEBCD72D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DC709908-E897-4293-BE2B-E814DFBF470B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{088112E6-BED9-432A-9468-AF9C7734FFC2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0893BA79-0B4F-4A45-9111-98D2F73DF0FF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{724B2031-4947-40EB-9317-E51AF25D4CDC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BD5A081B-EA6A-4AF8-9A13-DAF47F4C2C7C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{776D0B28-F065-4CBA-9B91-9127880D94F7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8394283E-36F2-4DB6-A825-793290C5CDD7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6038B33C-0341-4FD5-AEFD-1C214B316338}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{07DC3DAD-53D5-4315-8DEE-1251D0593271}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{E66E0EEC-6430-4BB5-AEEE-19B1D12FD79B}H:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:H:\program files\autodesk\maya2008\bin\maya.exe:Maya
"UDP Query User{60570AD3-ED4A-4904-8DD8-63C065E4231B}H:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:H:\program files\autodesk\maya2008\bin\maya.exe:Maya
"TCP Query User{B179DF4A-4D4B-42AF-BF1C-76B08DB0C129}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{AE4F3A99-B3AC-458E-A905-0BD19A468184}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{9FF7EF2A-82E6-4E65-A32E-4BB4CC926B61}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{82CC5686-BD3B-4054-B6FF-6D0769C2C4B7}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{3CB84FEF-4FCE-47DC-8161-F1CBC11799EF}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{6C78AB72-2D71-4B13-A849-A717CE5FE326}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{FC49E3C6-4DE5-46C7-A6CE-ACD488A61588}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{FF572F38-CC5B-4DB2-A2D6-F2872427FF51}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{0801D404-1A75-4A62-8F8A-5DEC132E3049}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{FD8CF48C-CE3B-435E-A297-789CC90A6FA9}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{F1DB7785-1283-4E2D-8093-9BAB773400A6}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5CC46B23-F7F5-431D-9551-7A3B8E060075}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{7C418694-2DC5-486F-8099-DBE0143E2919}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C104931C-22A9-4303-9666-41A7E498A502}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{16936F71-55E0-44AF-8C78-0B72FF4CF8B9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C0C54C3F-939F-4DB0-9B36-1A2687708F62}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D466F799-29B1-489F-BCE8-EE26F3BA4AA0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F834A401-D696-4406-9317-EB3F6D3973FF}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{04F1F59F-D018-4E8B-A273-FD8D456D3003}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0B0FDDF8-379F-4519-993C-2649EA6643AE}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5CB1894E-FC63-419D-A81A-85006A73334D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15A36052-ED44-42E0-ADBB-1F08A37FB45E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F3206ABD-6493-447A-B8E7-C3F93447D2C8}C:\\windows\\system32\\jgjiszqs.exe"= UDP:C:\windows\system32\jgjiszqs.exe:jgjiszqs
"UDP Query User{9C85A4F2-5CC9-4905-AD06-6DD9914BF5DA}C:\\windows\\system32\\jgjiszqs.exe"= TCP:C:\windows\system32\jgjiszqs.exe:jgjiszqs
"{F1DE8232-3B4B-4649-A281-AFED640388EA}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{930E6734-29D4-41F0-A99F-E32D2C35BF2D}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{A0634106-A719-439C-AB18-572D474B63C4}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{DACBE09F-6582-485A-BF49-44196A9D94FB}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{3E7A4E3A-8EC3-42ED-8D52-35FC4085EEC3}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{7826A1F6-143A-442F-A361-11281D378B4B}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{049DAC5B-5F8C-4F08-B7D2-B8FE1C3CC39F}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{EEF25ED6-EA8D-4BE6-ABDB-FA1447FC77FC}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{F2470EA9-E515-41AC-BA31-F757668039EA}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{98E37358-7C01-415E-B706-2A79739492A7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{5FC1F75C-CBF4-4AE0-B1B1-F4C323DDF218}C:\\program files\\waterproof\\phpedit\\2.12.8\\extensions\\dbg\\dbglistener.exe"= UDP:C:\program files\waterproof\phpedit\2.12.8\extensions\dbg\dbglistener.exe:Listener for php debugger DBG
"UDP Query User{2850068E-2C6E-4ED4-BC7E-E19B39C443A0}C:\\program files\\waterproof\\phpedit\\2.12.8\\extensions\\dbg\\dbglistener.exe"= TCP:C:\program files\waterproof\phpedit\2.12.8\extensions\dbg\dbglistener.exe:Listener for php debugger DBG
"TCP Query User{2CCEFD09-E466-4B23-98C3-926A35EB0F9A}C:\\program files\\waterproof\\phpedit\\2.12.8\\phpedit.exe"= UDP:C:\program files\waterproof\phpedit\2.12.8\phpedit.exe:PHPEdit - The PHP IDE
"UDP Query User{70EB3B0D-8ABA-4B91-8605-53FB9F3CCB4D}C:\\program files\\waterproof\\phpedit\\2.12.8\\phpedit.exe"= TCP:C:\program files\waterproof\phpedit\2.12.8\phpedit.exe:PHPEdit - The PHP IDE
"{EAC2F4A5-972F-4B2A-8020-BBEA49396EAE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FEB7FF30-D24D-4468-BC75-DEF48DD1D6C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0AEB14E4-9666-4AFF-BE8A-2065DA8280F9}"= UDP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{1FBA6D27-EBFC-463C-9FE4-F88D2E6C2877}"= TCP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{D7F07924-1CE7-421D-8DEC-5AFBE47C843D}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{33687362-DEC2-46FF-B7C8-CF82C69B6883}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{7117EE63-2804-4CA2-A94C-CA0D53A94991}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A07A7C15-7885-4DF6-9BE6-23DBEE3E72B8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E8FA962E-6ECA-4A9E-B42C-8F6FA830A771}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{B7640469-2281-4B6B-9EB1-65271B65A7B7}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"TCP Query User{81EF36C0-ACB9-43A4-8C9B-8FA7DEE989EE}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{D7F5EB55-DBA6-4F38-82ED-FFD3993F1C23}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{FE3077FE-4EBF-4731-A155-14D220403746}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C837819B-E698-44F6-8A79-5D8037888028}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F51F1490-A682-4300-A5B5-63D437890317}H:\\emule\\emule.exe"= UDP:H:\emule\emule.exe:eMule
"UDP Query User{C3BA1B0B-AC44-4237-998E-9523D8872E90}H:\\emule\\emule.exe"= TCP:H:\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Documents and Settings\\Dave\\Application Data\\SopCast\\adv\\SopAdver.exe"= C:\Users\Dave\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"= C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\\Program Files\\IBP 9\\IBP.exe"= C:\Program Files\IBP 9\IBP.exe:*:Enabled:Internet Business Promoter (IBP)
"C:\\Program Files\\iTunes\\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\\Program Files\\Messenger\\msmsgs.exe"= C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\\Program Files\\SopCast\\SopCast.exe"= C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\\Program Files\\TVAnts\\Tvants.exe"= C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\\utorrent\\utorrent.exe"= C:\utorrent\utorrent.exe:*:Enabled:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 15:12]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 HabuFltr;Habu Mouse;C:\Windows\system32\drivers\habu.sys [2006-08-14 11:21]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-11-05 17:27]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-06 16:03]
S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 12:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup    REG_MULTI_SZ    WUDFSvc
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ    hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ    BthServ
GPSvcGroup  REG_MULTI_SZ    GPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 16:17:20 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-14 07:45:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-02 15:00:00 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-05-14 08:39:48
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************
.
Completion time: 2008-05-14  8:47:38
ComboFix2.txt  2008-05-11 12:24:37

Pre-Run: 59,170,770,944 bytes free
Post-Run: 59,159,396,352 bytes free

441 --- E O F ---   2008-05-12 20:08:55

Hijack this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:18, on 14/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Dave\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://uk.msn.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [url]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186512785546[/url]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url]http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 10300 bytes

Edited by mike_2000_17: Fixed formatting

0

1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\Windows\System32\axbrvpte.exe
C:\Windows\System32\bibrraad.exe
C:\Windows\System32\bspyjwxp.exe
C:\Windows\System32\cfuctank.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt
  • A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

still cant get combofix to do anything with that script even in safe mode. what else you got?

0

Download Avenger by Swandog and unzip it to your Desktop.

Note: This program must be run from an account with Administrator privileges.


[*]Open the Avenger folder and double click Avenger.exe to launch the programme.
[*]Copy the text in the code box below and Paste it into the Input script here: box.

Files to delete:
C:\Windows\System32\axbrvpte.exe
C:\Windows\System32\bibrraad.exe
C:\Windows\System32\bspyjwxp.exe
C:\Windows\System32\cfuctank.exe
  • Note: the above code was created specifically for this user. If you are not this user, do

NOT follow these directions as they could damage the workings of your system.


[*]Ensure the following:

  • Scan for Rootkits is checked.
  • Automatically disable any rootkits found is Unchecked.

[*]Press the Execute key.
[*]Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
[*]Post the log back here please. (it can also be found at C:\avenger.txt)


Post a new hijackthis log too.

0

avanger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\Windows\System32\axbrvpte.exe" not found!
Deletion of file "C:\Windows\System32\axbrvpte.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Windows\System32\bibrraad.exe" not found!
Deletion of file "C:\Windows\System32\bibrraad.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Windows\System32\bspyjwxp.exe" not found!
Deletion of file "C:\Windows\System32\bspyjwxp.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Windows\System32\cfuctank.exe" not found!
Deletion of file "C:\Windows\System32\cfuctank.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

hi jack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35, on 2008-05-24
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\AOL\1210505470\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Dave\HiJackThis.exe
C:\Windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186512785546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0325B00-A242-4239-894B-1D4C338FE448}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - H:\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SGDLLTXUOF - Sysinternals - www.sysinternals.com - C:\Users\Dave\AppData\Local\Temp\SGDLLTXUOF.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 10691 bytes
0

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O13 - Gopher Prefix:


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\PartyGaming

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

still got problems. now getting a worm pykse.m.1 for an added bonus

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01, on 2008-05-26
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\AOL\1210505470\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Dave\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186512785546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7360A776-BF9B-4F08-8140-54CBEA1018B7}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - H:\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SGDLLTXUOF - Sysinternals - www.sysinternals.com - C:\Users\Dave\AppData\Local\Temp\SGDLLTXUOF.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 10919 bytes
0

Download Malwarebytes' Anti-Malware ( http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html ) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new Hijackthis log.

==

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.Once the files are downloaded click on Next
Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases


Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on:Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Attachments Kas-SaveReport-1.gif 40.15 KB Kas-Savetxt.gif 2.56 KB
0
Malwarebytes' Anti-Malware 1.12
Database version: 788

Scan type: Full Scan (C:\|F:\|H:\|)
Objects scanned: 499202
Time elapsed: 3 hour(s), 0 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Dave\AppData\Roaming\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Roaming\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Roaming\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Dave\AppData\Roaming\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Roaming\AdwareAlert\Log\2008 May 03 - 10_56_40 AM_440.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Roaming\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

and my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53, on 2008-05-26
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\AOL\1210505470\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Users\Dave\HiJackThis.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\partypoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\partypoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186512785546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - H:\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SGDLLTXUOF - Sysinternals - www.sysinternals.com - C:\Users\Dave\AppData\Local\Temp\SGDLLTXUOF.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 10905 bytes
0

Yeah it was still running. Here it is

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Tuesday, May 27, 2008 12:11:31 AM
 Operating System: Microsoft Windows Vista Professional,  (Build 6000)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 26/05/2008
 Kaspersky Anti-Virus database records: 801040
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	J:\

Scan Statistics:
	Total number of scanned objects: 412375
	Number of viruses found: 5
	Number of infected objects: 15
	Number of suspicious objects: 0
	Duration of the scan process: 03:02:52

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD	Object is locked	skipped
C:\Boot\BCD.LOG	Object is locked	skipped
C:\MySQL Datafiles\ibdata1	Object is locked	skipped
C:\NTDETECT.COM	Object is locked	skipped
C:\ntldr	Object is locked	skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\DEVIANT.err	Object is locked	skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0	Object is locked	skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1	Object is locked	skipped
C:\Program Files\Orange\OBar\orange3setup.exe/data0000.cab/orange3.dll	Infected: not-a-virus:AdWare.Win32.BHO.ahy	skipped
C:\Program Files\Orange\OBar\orange3setup.exe/data0000.cab	Infected: not-a-virus:AdWare.Win32.BHO.ahy	skipped
C:\Program Files\Orange\OBar\orange3setup.exe	Rsrc-Package: infected - 2	skipped
C:\Program Files\Orange\setup\Orange_icons.EXE/WISE0005.BIN/data0000.cab/orange3.dll	Infected: not-a-virus:AdWare.Win32.BHO.ahy	skipped
C:\Program Files\Orange\setup\Orange_icons.EXE/WISE0005.BIN/data0000.cab	Infected: not-a-virus:AdWare.Win32.BHO.ahy	skipped
C:\Program Files\Orange\setup\Orange_icons.EXE/WISE0005.BIN	Infected: not-a-virus:AdWare.Win32.BHO.ahy	skipped
C:\Program Files\Orange\setup\Orange_icons.EXE	WiseSFX: infected - 3	skipped
C:\Program Files\orange3\orange3.dll	Infected: not-a-virus:AdWare.Win32.BHO.ahy	skipped
C:\ProgramData\AOL\ACS\1.0\ph	Object is locked	skipped
C:\ProgramData\AOL\ACS\1.0\variable	Object is locked	skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\640438d768ad79621f31335e6bcce39c_1d554014-8fa1-4209-be8b-21c9fc45d7f2	Object is locked	skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp	Object is locked	skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds	Object is locked	skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-26_Log.ALUSchedulerSvc.LiveUpdate	Object is locked	skipped
C:\Users\Dave\.housecall6.6\Quarantine\A0049130.exe.bac_a04160	Infected: not-a-virus:AdWare.Win32.SaveNow.az	skipped
C:\Users\Dave\.housecall6.6\Quarantine\A0049131.exe.bac_a04160	Infected: not-a-virus:AdTool.Win32.WhenU.c	skipped
C:\Users\Dave\.housecall6.6\Quarantine\A0049132.dll.bac_a04160	Infected: not-a-virus:AdTool.Win32.WhenU.c	skipped
C:\Users\Dave\.housecall6.6\Quarantine\A0049141.dll.bac_a04160	Infected: not-a-virus:AdTool.Win32.WhenU.r	skipped
C:\Users\Dave\.housecall6.6\Quarantine\backups.zip.bac_a04160/backups/lExplore.exe	Infected: Backdoor.Win32.Rbot.fyh	skipped
C:\Users\Dave\.housecall6.6\Quarantine\backups.zip.bac_a04160	ZIP: infected - 1	skipped
C:\Users\Dave\.housecall6.6\Quarantine\backups.zip.bac_a04160	CryptFF.b: infected - 1	skipped
C:\Users\Dave\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\InputPersonalization\edb.log	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\InputPersonalization\tmp.edb	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat{c0f7f5cd-8bb2-11dc-a4ca-0015588a1997}.TM.blf	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat{c0f7f5cd-8bb2-11dc-a4ca-0015588a1997}.TMContainer00000000000000000001.regtrans-ms	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\UsrClass.dat{c0f7f5cd-8bb2-11dc-a4ca-0015588a1997}.TMContainer00000000000000000002.regtrans-ms	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows\WindowsUpdate.log	Object is locked	skipped
C:\Users\Dave\AppData\Local\Microsoft\Windows Defender\FileTracker\{1A046978-3E65-4B5A-BDDA-E13CF873974F}	Object is locked	skipped
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt	Object is locked	skipped
C:\Users\Dave\AppData\Roaming\Microsoft\MSNLiveFav\LiveFavorites.xml	Object is locked	skipped
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\index.dat	Object is locked	skipped
C:\Users\Dave\Music\Ministry Of Sound - Chilled 1991-2008 (2008) [EAC @ 320 MP3](oan)\Artwork - 2008-25 (May)\Booklet-9-10.jpg	Object is locked	skipped
C:\Users\Dave\Music\Ministry Of Sound - Chilled 1991-2008 (2008) [EAC @ 320 MP3](oan)\Artwork - 2008-25 (May)\Disc 1.jpg	Object is locked	skipped
C:\Users\Dave\Music\Ministry Of Sound - Chilled 1991-2008 (2008) [EAC @ 320 MP3](oan)\Chilled 1991-2008 Disc 1 mp3\18 - Underworld - Second Hand.mp3	Object is locked	skipped
C:\Users\Dave\Music\Ministry Of Sound - Chilled 1991-2008 (2008) [EAC @ 320 MP3](oan)\Chilled 1991-2008 Disc 2 mp3\07 - Bent - I Love My Man.mp3	Object is locked	skipped
C:\Users\Dave\Music\Ministry Of Sound - Chilled 1991-2008 (2008) [EAC @ 320 MP3](oan)\Chilled 1991-2008 Disc 2 mp3\08 - The Avalanches - Since I Left You.mp3	Object is locked	skipped
C:\Users\Dave\Music\Ministry Of Sound - Chilled 1991-2008 (2008) [EAC @ 320 MP3](oan)\Chilled 1991-2008 Disc 2 mp3\09 - Jamiroquai - Corner Of The Earth.mp3	Object is locked	skipped
C:\Users\Dave\Music\Ministry Of Sound - Chilled 1991-2008 (2008) [EAC @ 320 MP3](oan)\Chilled 1991-2008 Disc 3 mp3\06 - Julien Jabre - Swimming Places.mp3	Object is locked	skipped
C:\Users\Dave\NTUSER.DAT	Object is locked	skipped
C:\Users\Dave\ntuser.dat.LOG1	Object is locked	skipped
C:\Users\Dave\ntuser.dat.LOG2	Object is locked	skipped
C:\Users\Dave\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf	Object is locked	skipped
C:\Users\Dave\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms	Object is locked	skipped
C:\Users\Dave\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms	Object is locked	skipped
C:\Users\Public\Documents\Config\desktop2.idf	Object is locked	skipped
C:\Users\Public\Documents\Fonts\SwUniNew.tff	Object is locked	skipped
C:\Windows\bthservsdp.dat	Object is locked	skipped
C:\Windows\Debug\PASSWD.LOG	Object is locked	skipped
C:\Windows\Debug\sam.log	Object is locked	skipped
C:\Windows\Debug\WIA\wiatrace.log	Object is locked	skipped
C:\Windows\Logs\CBS\CBS.log	Object is locked	skipped
C:\Windows\Logs\CBS\CBS.persist.log	Object is locked	skipped
C:\Windows\Logs\DPX\setupact.log	Object is locked	skipped
C:\Windows\Logs\DPX\setuperr.log	Object is locked	skipped
C:\Windows\MEMORY.DMP	Object is locked	skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config	Object is locked	skipped
C:\Windows\Panther\catalogs\OfflineUpgradeStore.dat	Object is locked	skipped
C:\Windows\Panther\catalogs\OnlineEnvStore.dat	Object is locked	skipped
C:\Windows\Panther\catalogs\OnlineMigStore.dat	Object is locked	skipped
C:\Windows\Panther\catalogs\OnlineUpgradeStore.dat	Object is locked	skipped
C:\Windows\Panther\UnattendGC\diagerr.xml	Object is locked	skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml	Object is locked	skipped
C:\Windows\Panther\UnattendGC\setupact.log	Object is locked	skipped
C:\Windows\Panther\UnattendGC\setuperr.log	Object is locked	skipped
C:\Windows\SchedLgU.Txt	Object is locked	skipped
C:\Windows\security\database\secedit.sdb	Object is locked	skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0	Object is locked	skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0	Object is locked	skipped
C:\Windows\System32\catroot2\edb.log	Object is locked	skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb	Object is locked	skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb	Object is locked	skipped
C:\Windows\System32\config\COMPONENTS	Object is locked	skipped
C:\Windows\System32\config\COMPONENTS.LOG1	Object is locked	skipped
C:\Windows\System32\config\COMPONENTS.LOG2	Object is locked	skipped
C:\Windows\System32\config\DEFAULT	Object is locked	skipped
C:\Windows\System32\config\DEFAULT.LOG1	Object is locked	skipped
C:\Windows\System32\config\DEFAULT.LOG2	Object is locked	skipped
C:\Windows\System32\config\SAM	Object is locked	skipped
C:\Windows\System32\config\SAM.LOG1	Object is locked	skipped
C:\Windows\System32\config\SAM.LOG2	Object is locked	skipped
C:\Windows\System32\config\SECURITY	Object is locked	skipped
C:\Windows\System32\config\SECURITY.LOG1	Object is locked	skipped
C:\Windows\System32\config\SECURITY.LOG2	Object is locked	skipped
C:\Windows\System32\config\SOFTWARE	Object is locked	skipped
C:\Windows\System32\config\SOFTWARE.LOG1	Object is locked	skipped
C:\Windows\System32\config\SOFTWARE.LOG2	Object is locked	skipped
C:\Windows\System32\config\SYSTEM	Object is locked	skipped
C:\Windows\System32\config\SYSTEM.LOG1	Object is locked	skipped
C:\Windows\System32\config\SYSTEM.LOG2	Object is locked	skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf	Object is locked	skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000005.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000006.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{b321e65e-fb15-11dc-8947-806e6f6e6963}.TxR.0.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{b321e65e-fb15-11dc-8947-806e6f6e6963}.TxR.1.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{b321e65e-fb15-11dc-8947-806e6f6e6963}.TxR.2.regtrans-ms	Object is locked	skipped
C:\Windows\System32\config\TxR\{b321e65e-fb15-11dc-8947-806e6f6e6963}.TxR.blf	Object is locked	skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM	Object is locked	skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl	Object is locked	skipped
C:\Windows\System32\restore\MachineGuid.txt	Object is locked	skipped
C:\Windows\System32\spool\SpoolerETW.etl	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\0309255AB46E3D6CAE2056340225DDA9.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\0EA772F1A1EDFC2AEE10CC4E22899FA7.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\1641F982282E8CA70B0D93F1F2BB145B.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\20916DA71EC75FCC409872C3207D9C60.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\2131A60D40501A974386B9E42E4FC201.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\33B9B81C996ACC2B2000070519028F72.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\38F922911FA0CAE637E5D1EB1013D0F1.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\39C2F82384C755EF218F0F19FE619F80.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\43A7EEE279F15546EE900076CA8CC2C8.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\4BE9D6CB921FE137B78AE9960CDD98B0.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\4EF05404F86FAFD7EDAB80262970585E.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\5DFFB5C73CF04EE22E19BB74127846D8.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\5F037A89915D44B8819F9FCFDE0B489E.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\66B28EEE188E29399051A60BAF92D333.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\674888C18C2BA74E9DE8F74501330DC0.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\6CE4D05BA5B97F5FAAA40312E14F0E81.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\6DADEFFF2FCEDD93F8CEF59036FEF4B9.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\757421178679BC54A733A7C4F3DAA07B.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\7950D68C8C6F669B94D3E488F0B6BEAB.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\7DD87359B51EDB79AC235F97E726EF5A.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\7FAC187A43CA71A854CA4653D8E075B5.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\818B866A009B1338C5AC103B2D8E2372.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\868B5F1DDD5C341C50C0D359CD22F37B.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\930C5E176BA9A3D78B730BC00CDDF64E.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\95CF8C2673B156E93407C44DA1171F14.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\A46C038124134B1482949A1DF8ABB385.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\B471CD3F6DA41643CF1F5221FE3E4CF9.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\B8870014FB74FB540F3C31EA907A2AE7.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\BD818313E410FD46A9F63786A32AEE23.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\C1A41FBCA25E3E6CC4CD22064882728F.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\D566F9B651B60AE7D0B5DEBF57A90E35.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\D6E15C5FE0484F1B1192CEC9DD7DCE6A.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\DA27AF57C09E80A784709AD6239EA23B.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\ECDFB9E4F5941EF63DFB007D02610E24.mof	Object is locked	skipped
C:\Windows\System32\wbem\AutoRecover\F5BEE99426566AD5FD433DAB46B991C2.mof	Object is locked	skipped
C:\Windows\System32\wbem\Logs\WMITracing.log	Object is locked	skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR	Object is locked	skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP	Object is locked	skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP	Object is locked	skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Application.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\OSession.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Security.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\Setup.evtx	Object is locked	skipped
C:\Windows\System32\winevt\Logs\System.evtx	Object is locked	skipped
C:\Windows\System32\wpa.bak	Object is locked	skipped
C:\Windows\Tasks\1-Click Maintenance.job	Object is locked	skipped
C:\Windows\Tasks\desktop.ini	Object is locked	skipped
C:\Windows\WindowsUpdate.log	Object is locked	skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd	Object is locked	skipped
C:\Windows\{00000004-00000000-00000004-00001102-00000004-20021102}.CDF	Object is locked	skipped

Scan process completed.
0

I deleted that 013 gopher thingy and party poker but reinstalled party poker from thier website. Should i take it off again?

0

I don't understand why you put it back on :icon_rolleyes: .
Ministry Of Sound's pretty cool, hey :).

Run the Avenger again and this time input the following;

Folders to delete::
C:\Program Files\Orange

Post it's log and another hijackthis log please.

0

I put it back on beacuse i play a hell of a lot of online poker. and dunno its still entirely legally downloading!

0

Hmmm intresting. It leaves a few back doors does it? Anything i can do to keep the utility but close the backdoors on the party poker software? I make a fair bit opf money from that site!

avenger log.

Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6000)
Tue May 27 11:14:42 2008

11:14:42: Error: Invalid script.  A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Program Files\Orange" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50, on 2008-05-27
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\AOL\1210505470\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Dave\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\partypoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - H:\partypoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186512785546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C348C2A-CB29-43AB-97BF-6BA38ED487C1}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - H:\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SGDLLTXUOF - Sysinternals - www.sysinternals.com - C:\Users\Dave\AppData\Local\Temp\SGDLLTXUOF.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 11368 bytes
0

Hmmm intresting. It leaves a few back doors does it? Anything i can do to keep the utility but close the backdoors on the party poker software?

Not that I know of.
How is the PC now?

0

who knows? This virus tends to disapper for a few days and then comes back all of a sudden. and to be honest if the virus checker didnt flag it up i wouldnt even notice any slow down or anything.

No extra RAM has been freed up but other then that i couldn't say.

cheers for all the help and sorry for being long doing anything after you've posted im sure that didnt help.

0

It got through a spybot scan without falling ove which it hasnt done for a long time, think its sorted.

cheers again

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.