ComboFix 08-03-30.1 - Ian 2008-04-02 14:03:13.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.456 [GMT 1:00]
Running from: C:\Documents and Settings\Ian.MAINPC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ian.MAINPC\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\eqmycdql.exe
C:\WINDOWS\system32\enhtvkvw.ini
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\uvvwa.bak2
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
.
TimedOut: progfile.dat
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.
2008-04-01 21:02 . 2008-04-01 21:02 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-31 17:00 . 2008-03-31 21:02 <DIR> d-------- C:\Program Files\Panda Security
2008-03-31 16:36 . 2008-03-31 16:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-31 16:36 . 2008-03-31 16:36 <DIR> d-------- C:\Documents and Settings\Ian.MAINPC\Application Data\Malwarebytes
2008-03-31 16:36 . 2008-03-31 16:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-03-29 15:31 . 2008-03-29 15:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-03-29 14:32 . 2008-03-29 14:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-28 20:40 . 2008-03-28 20:43 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-03-28 12:06 . 1998-11-13 13:07 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2008-03-22 09:43 . 2008-03-22 09:43 76 --a------ C:\WINDOWS\system32\Sun Clock 6.ini
2008-03-22 09:42 . 2008-03-22 09:42 <DIR> d-------- C:\Program Files\Map Maker
2008-03-21 18:55 . 2008-03-21 18:55 <DIR> d-------- C:\Program Files\PawPrint.net
2008-03-21 18:30 . 2008-03-22 09:43 <DIR> d-------- C:\Documents and Settings\Ian.MAINPC\Application Data\Map Maker
2008-03-21 18:29 . 2008-03-21 18:45 <DIR> d-------- C:\Map Maker
2008-03-21 11:49 . 2008-03-21 11:49 <DIR> d-------- C:\Program Files\Kontiki
2008-03-21 11:49 . 2008-03-21 11:49 <DIR> d-------- C:\logs3
2008-03-21 11:49 . 2008-03-29 11:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2008-03-16 18:32 . 2008-03-16 18:32 131,584 --------- C:\WINDOWS\combatfs.exe
2008-03-16 15:46 . 2008-03-16 15:46 <DIR> d-------- C:\Casper
2008-03-16 15:46 . 1996-02-14 15:01 92,208 --a------ C:\WINDOWS\system\Wing.dll
2008-03-16 15:46 . 1998-09-02 13:43 81,920 --a------ C:\WINDOWS\system32\LZSCMPRS.DLL
2008-03-16 15:46 . 1998-03-26 16:25 12,800 --a------ C:\WINDOWS\system32\Wing32.dll
2008-03-16 15:46 . 2008-03-16 15:46 183 --a------ C:\WINDOWS\compedia.ini
2008-03-16 15:43 . 2008-03-16 15:43 <DIR> d-------- C:\Documents and Settings\Ian.MAINPC\WINDOWS
2008-03-16 15:42 . 2008-03-16 15:48 <DIR> d-------- C:\Program Files\The Learning Company
2008-03-16 15:42 . 2002-09-26 13:19 274,432 --a------ C:\WINDOWS\TLCUninstall.exe
2008-03-16 15:40 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-16 15:40 . 2008-03-16 15:40 0 --a------ C:\WINDOWS\SETUP32.INI
2008-03-16 15:36 . 2008-03-16 15:40 <DIR> d-------- C:\Documents and Settings\Cian\Application Data\Teleca
2008-03-16 15:36 . 2008-03-16 15:36 <DIR> d-------- C:\Documents and Settings\Cian\Application Data\Roxio
2008-03-16 00:16 . 2008-04-01 16:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 00:16 . 2008-03-16 00:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-15 21:22 . 2006-03-03 12:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-15 19:58 . 2008-03-15 20:33 <DIR> d-------- C:\Program Files\SiteAdvisor(2)
2008-03-15 19:58 . 2008-03-15 20:17 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SiteAdvisor(2)
2008-03-15 19:58 . 2008-03-15 20:16 <DIR> d-------- C:\Documents and Settings\Ian.MAINPC\Application Data\SiteAdvisor(2)
2008-03-15 19:42 . 2008-03-16 00:15 <DIR> d-------- C:\Program Files\QuickTime
2008-03-15 19:42 . 2008-03-29 15:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 19:41 . 2008-03-15 19:41 <DIR> d-------- C:\Program Files\Smart Projects
2008-03-15 19:41 . 2008-03-15 19:41 <DIR> d-------- C:\Program Files\Free iPod Video Converter
2008-03-15 10:17 . 2008-04-01 18:55 15,010 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-09 20:19 . 2007-07-21 10:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-09 20:19 . 2007-07-24 08:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-09 20:19 . 2007-07-21 10:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-09 20:19 . 2007-07-21 10:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-09 20:19 . 2007-07-24 13:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-09 16:33 . 2008-03-09 16:33 254 --a------ C:\WINDOWS\system32\USER.SCP
2008-03-09 16:33 . 2008-03-09 16:33 254 --a------ C:\WINDOWS\system32\TEMPSCP.SCP
2008-03-09 16:21 . 2008-03-09 16:21 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
Malwarebytes' Anti-Malware 1.09
Database version: 573
Scan type: Full Scan (C:\|)
Objects scanned: 237894
Time elapsed: 1 hour(s), 47 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Thursday, April 03, 2008 7:57:17 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/04/2008
Kaspersky Anti-Virus database records: 678667
Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue
Scan TargetMy Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects202464
Number of viruses found4
Number of infected objects18
Number of suspicious objects0
Duration of the scan process04:54:42
Infected Object NameVirus NameLast Action
C:\8f2a8a4bfd6ccecad52e7de6142b3ef9\update\update.exe Object is locked
skipped
C:\8f2a8a4bfd6ccecad52e7de6142b3ef9\update\updspapi.dll Object is locked
skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\394a590e71de25264ebbffa0e2708613_24adf822-76f7-4481-b30b-ff1b40f8687f
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\fda7bb067263b2e40fdae38773d593f8_24adf822-76f7-4481-b30b-ff1b40f8687f
Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MSC\Logs\{92369E2F-5B8F-4FB6-A66E-E03DCD07EB3F}.log Object is
locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MSC\Logs\{A8F978A2-4999-4F05-A1FC-094A789CADA3}.log Object is
locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MSC\Logs\{F7A3699C-C69E-4DC9-A51E-ECD024F690B4}.log Object is
locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\MSK\SettingsDB.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\VirusScan\Data\TFR18.tmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr
Watson\drwtsn32.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Cookies\index.dat Object is locked
skipped
C:\Documents and Settings\Ian.MAINPC\Desktop\Flight Simulator Deluxe
X\Flight Simulator Deluxe X DVD1.daa Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Desktop\Flight Simulator Deluxe
X\Flight Simulator Deluxe X DVD2.daa Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Local
Settings\History\History.IE5\MSHist012008040220080403\index.dat Object is
locked skipped
C:\Documents and Settings\Ian.MAINPC\Local
Settings\Temp\hsperfdata_Ian\2400 Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Local Settings\Temp\~DF7997.tmp
Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Local Settings\Temp\~DF79C5.tmp
Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\My
Documents\Audible\Logs\Explorer_AudibleShellExt.log Object is locked
skipped
C:\Documents and Settings\Ian.MAINPC\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ian.MAINPC\ntuser.dat.LOG Object is locked
skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat
Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked
skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is
locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local
Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked
skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is
locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object
is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked
skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is
locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is
locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG
Object is locked skipped
C:\Program Files\Microsoft Games\Combat Flight Simulator\modules\FE.DLL
Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\SDFix\backups\catchme.zip.vir/jwlbqzpi.dll
Infected: Trojan-Clicker.Win32.Costrat.fb skipped
C:\QooBox\Quarantine\C\SDFix\backups\catchme.zip.vir ZIP: infected - 1
skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pourmpuv.dll.vir Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP437\A0112029.exe/xpkey.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP437\A0112029.exe/RAS.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP437\A0112029.exe
RAR: infected - 2 skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP437\A0112054.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP439\A0112116.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP441\A0113262.exe/xpkey.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP441\A0113262.exe/RAS.exe
Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP441\A0113262.exe
RAR: infected - 2 skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP443\A0114482.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP443\A0114483.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP456\A0122216.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP456\A0122395.exe
Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP460\change.log
Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked
skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{F45D5803-FD12-40D8-8F83-3CC16A1D5AC7}.crmlog
Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\Temp\mcafee_js4g58RtNtJSYyV Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Dv0mLSsmVUbeCmp Object is locked skipped
C:\WINDOWS\Temp\mcmsc_HJNTd6AbRCKq1A1 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_OHPFExnOG47z0K0 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Ok6GJb0n14dXOfN Object is locked skipped
C:\WINDOWS\Temp\mcmsc_prQUdAeVHvubs0f Object is locked skipped
C:\WINDOWS\Temp\sqlite_gzJv7hgrqtfxgOe Object is locked skipped
C:\WINDOWS\Temp\sqlite_zMrHELz5f7WzTFb Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Music & Downloads\POWERDVD\New Folder (2)\crack.exe Infected:
Trojan.Win32.Dialer.qn skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
D:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP409\A0096198.exe
Infected: Trojan.Win32.Dialer.qn skipped
D:\System Volume
Information\_restore{8204CC8A-BECA-4DE3-A03D-1361CAFCC815}\RP460\change.log
Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:39, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/iss-l ... erCtrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan ... stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2778162375
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0222031207080180) (0222031207080180mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\022203~1.EXE (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - Unknown owner - C:\Program Files\Mcafee\MWL\MwlSvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9020 bytes