CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 940
Comments: 25
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

[IN PROGRESS]winvsnet.exe and corrupt file?? in external hard drive
Goto page 1, 2  Next
 
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
camlto

Trooper
Trooper


Joined: Oct 25, 2006
Posts: 15
Location: USA
PostPosted: Mon Jun 30, 2008 1:16 am    Post subject: winvsnet.exe and corrupt file?? in external hard drive
Reply with quote

i'm getting all kinds of b.s. with this.

winvsnet.com sometimes pops-up in about 7 or 8 windows.

i've gotten a pop-up telling me there is a corrupt file on my external harddrive and when i run chkdsk half of the info disappears but the drive still accounts for the files in the total hard drive space being used. some files i can't delete.


here's my HJT log...thanks for the help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:26 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Christopher Barbour\Desktop\WLinstaller.exe
C:\Program Files\Windows Live\installer\Dashboard.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6724 bytes
Back to top
View users profile Send private message
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17403

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Mon Jun 30, 2008 3:17 pm    Post subject:
Reply with quote

You're Ready for cleaning. Thumbs Up

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17403

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Wed Jul 09, 2008 3:05 am    Post subject:
Reply with quote

Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).


**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
camlto

Trooper
Trooper


Joined: Oct 25, 2006
Posts: 15
Location: USA
PostPosted: Fri Jul 11, 2008 9:17 pm    Post subject:
Reply with quote

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:01 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6727 bytes


thanks!!
Back to top
View users profile Send private message
markamus

1st Responder
Premium Member

Joined: May 06, 2004
Posts: 955

1st Responders Premium Team F@H

PostPosted: Sat Jul 19, 2008 8:15 pm    Post subject:
Reply with quote

Hi camlto,

We apologize for the delay. As you can see, our helpers have been quite busy.

If you still need assistance, please post back with a fresh HijackThis log. A lot can happen in a few days so we need to see what the current log shows.

Thanks,

markamus


_________________
Proud UNITE and ASAP member
Back to top
View users profile Send private message AIM Address Yahoo Messenger MSN Messenger
camlto

Trooper
Trooper


Joined: Oct 25, 2006
Posts: 15
Location: USA
PostPosted: Mon Jul 28, 2008 11:44 am    Post subject:
Reply with quote

sorry for the troubles you guys are having.

here's the newest log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:27 AM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6759 bytes
Back to top
View users profile Send private message
markamus

1st Responder
Premium Member

Joined: May 06, 2004
Posts: 955

1st Responders Premium Team F@H

PostPosted: Mon Jul 28, 2008 2:11 pm    Post subject:
Reply with quote

Let's look a bit deeper.

Go HERE and download File Lister.

    Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.


_________________
Proud UNITE and ASAP member
Back to top
View users profile Send private message AIM Address Yahoo Messenger MSN Messenger
camlto

Trooper
Trooper


Joined: Oct 25, 2006
Posts: 15
Location: USA
PostPosted: Mon Jul 28, 2008 6:42 pm    Post subject:
Reply with quote

+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.3
+
+ By bamajim@bamajim.com
+
+++++++++++++++++++++++++++++++++

Report ran on --->>> 7/28/2008 2:41:02 PM

=== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy4\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


=== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"


=== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

7/28/2008 2:41:02 PM 0 32 C:\Files.txt
7/18/2008 3:38:50 PM 1749947 C:\WINDOWS\$NtUninstallKB951748$
7/18/2008 3:38:50 PM 631483 C:\WINDOWS\$NtUninstallKB951748$\spuninst
7/11/2008 5:08:15 PM 0 32 C:\WINDOWS\0.log
7/18/2008 3:39:02 PM 2020 32 C:\WINDOWS\comsetup.log
7/18/2008 3:39:00 PM 6159 32 C:\WINDOWS\FaxSetup.log
7/18/2008 3:39:01 PM 986 32 C:\WINDOWS\iis6.log
7/18/2008 3:39:03 PM 1374 32 C:\WINDOWS\imsins.log
7/2/2008 4:22:03 PM 737280 32 C:\WINDOWS\iun6002.exe
7/16/2008 3:33:01 PM 17074 32 C:\WINDOWS\KB951748.log
7/18/2008 3:39:03 PM 309 32 C:\WINDOWS\msgsocm.log
7/18/2008 3:39:02 PM 1229 32 C:\WINDOWS\ntdtcsetup.log
7/18/2008 3:39:00 PM 2916 32 C:\WINDOWS\ocgen.log
7/18/2008 3:39:03 PM 342 32 C:\WINDOWS\ocmsn.log
7/18/2008 3:39:02 PM 0 32 C:\WINDOWS\setupact.log
7/18/2008 3:39:04 PM 1478 32 C:\WINDOWS\setupapi.log
7/18/2008 3:39:02 PM 0 32 C:\WINDOWS\setuperr.log
7/18/2008 3:39:03 PM 2359 32 C:\WINDOWS\tsoc.log
7/18/2008 3:38:54 PM 1883 32 C:\WINDOWS\updspapi.log
7/12/2008 3:11:14 AM 1341 32 C:\WINDOWS\wmsetup.log
7/11/2008 5:05:12 PM 4958588 32 C:\WINDOWS\{00000001-00000000-00000002-00001102-00000008-10211102}.BAK
6/30/2008 6:32:04 AM 271224 32 C:\WINDOWS\SYSTEM32\mucltui.dll
6/30/2008 6:32:04 AM 30072 32 C:\WINDOWS\SYSTEM32\mucltui.dll.mui
6/30/2008 6:32:04 AM 207736 32 C:\WINDOWS\SYSTEM32\muweb.dll

=== Files under "\Administrator\Startup" Last 30 Days======


=== Files under "\All Users\Startup" Last 30 Days======


=== Folders under "\Program Files" Last 30 Days======

7/2/2008 4:22:02 PM 3155697 C:\Program Files\AndreaMosaic
6/29/2008 4:03:50 PM 11690864 C:\Program Files\ConvertHelper
6/29/2008 4:03:51 PM 213504 C:\Program Files\ConvertHelper\imlib2
6/29/2008 4:03:51 PM 26624 C:\Program Files\ConvertHelper\imlib2\filters
6/29/2008 4:03:51 PM 186880 C:\Program Files\ConvertHelper\imlib2\loaders
6/29/2008 4:03:51 PM 214523 C:\Program Files\ConvertHelper\vhook
6/29/2008 7:17:06 PM 112815463 C:\Program Files\Panda Security
6/29/2008 7:17:06 PM 112117596 C:\Program Files\Panda Security\ActiveScan 2.0
6/29/2008 7:17:29 PM 697867 C:\Program Files\Panda Security\NanoScan
6/29/2008 7:17:29 PM 697867 C:\Program Files\Panda Security\NanoScan\Engine
6/29/2008 9:06:00 PM 33132543 C:\Program Files\Windows Live
6/29/2008 9:06:00 PM 2237634 C:\Program Files\Windows Live\installer
6/29/2008 9:17:33 PM 30894909 C:\Program Files\Windows Live\Messenger
6/29/2008 9:17:33 PM 3478161 C:\Program Files\Windows Live\Messenger\Device Manager
6/29/2008 9:17:33 PM 1417648 C:\Program Files\Windows Live\Messenger\Device Manager\Loc
6/29/2008 9:17:33 PM 75664 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\10
6/29/2008 9:17:33 PM 71568 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\1028
6/29/2008 9:17:33 PM 75664 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\1046
6/29/2008 9:17:33 PM 75152 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\11
6/29/2008 9:17:33 PM 75664 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\12
6/29/2008 9:17:34 PM 75152 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\16
6/29/2008 9:17:33 PM 72592 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\17
6/29/2008 9:17:33 PM 72592 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\18
6/29/2008 9:17:34 PM 75152 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\19
6/29/2008 9:17:34 PM 74640 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\20
6/29/2008 9:17:34 PM 75664 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\22
6/29/2008 9:17:33 PM 74640 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\25
6/29/2008 9:17:34 PM 75152 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\29
6/29/2008 9:17:34 PM 74640 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\31
6/29/2008 9:17:33 PM 71568 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\4
6/29/2008 9:17:34 PM 75152 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\6
6/29/2008 9:17:33 PM 75664 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\7
6/29/2008 9:17:33 PM 76688 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\8
6/29/2008 9:17:34 PM 74640 C:\Program Files\Windows Live\Messenger\Device Manager\Loc\9

=== Files under "\System32\Drivers" Last 30 Days======


=== Files under "\User\Local Settings\Temp" Last 30 Days======

7/28/2008 9:50:36 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\0n5916.tmp
7/16/2008 9:03:36 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\1i9404.tmp
7/17/2008 9:21:38 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\2qrD6.tmp
7/28/2008 12:09:43 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\6tl9C3.tmp
7/17/2008 7:27:13 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\6ujB5.tmp
7/16/2008 8:57:19 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\7v03F3.tmp
7/15/2008 3:14:03 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\9qf31B.tmp
7/15/2008 6:04:38 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\az132C.tmp
7/16/2008 2:13:09 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\az24DA.tmp
7/28/2008 1:27:53 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\bttA1B.tmp
7/18/2008 10:54:42 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\c1z2C1.tmp
7/14/2008 3:14:36 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\cbk206.tmp
7/17/2008 9:21:32 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\d5mD5.tmp
7/8/2008 2:34:51 PM 127 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\D653F3EC.TMP
7/15/2008 3:10:36 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\ect307.tmp
7/17/2008 4:46:28 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\eks276.tmp
7/18/2008 10:19:42 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\g402A5.tmp
7/28/2008 11:40:17 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\gfo9B6.tmp
7/14/2008 10:24:18 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\h12E0.tmp
7/16/2008 3:32:48 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\h357.tmp
7/17/2008 9:32:11 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\hexEA.tmp
7/17/2008 2:19:34 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\hfo217.tmp
7/28/2008 12:15:30 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\j409CD.tmp
7/17/2008 12:48:50 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\jdz1D5.tmp
7/16/2008 8:07:44 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\kxa3B1.tmp
7/15/2008 7:19:47 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\lid35F.tmp
7/17/2008 10:05:18 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\ltuFA.tmp
7/17/2008 2:19:39 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\m1t218.tmp
7/11/2008 10:34:33 AM 1862 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\MSId0508.LOG
7/17/2008 8:08:56 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\mugCB.tmp
7/14/2008 10:24:11 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\oevDF.tmp
7/17/2008 1:13:15 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\pur1DE.tmp
7/17/2008 6:26:02 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\q1y6C.tmp
7/15/2008 3:11:51 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\s8u308.tmp
7/28/2008 11:35:58 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\w1o9B1.tmp
7/15/2008 8:05:44 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\xqa217.tmp
7/16/2008 4:31:22 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\xug37.tmp
7/15/2008 3:14:16 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\ypr31C.tmp
7/17/2008 10:05:16 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\zksF9.tmp
7/15/2008 2:01:54 PM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\zkz306.tmp
7/17/2008 8:08:11 AM 0 32 C:\Documents and Settings\Christopher Barbour\Local Settings\Temp\zm8CA.tmp

=== Files and Folders under "All Users\Application Data" Last 30 Days======

6/29/2008 9:05:56 PM 205096 C:\Documents and Settings\All Users\Application Data\WLInstaller

=== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

=== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}


=== Services ( Services that are Whitelisted are not shown ======

CyberLink Background Capture Service (CBCS) (CLCapSvc) "C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe" - Disabled

CyberLink Task Scheduler (CTS) (CLSched) "C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe" - Disabled

CyberLink Media Library Service (CyberLink Media Library Service) "C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe" - Disabled

MSCamSvc (MSCamSvc) "C:\Program Files\Microsoft LifeCam\MSCamS32.exe" - Disabled

Intel NCS NetService (NetSvc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe - Manual


=== Running Processes ======

System Idle Process [0]
System [4]
SMSS.EXE [612] \SystemRoot\System32\smss.exe
CSRSS.EXE [676]
WINLOGON.EXE [704] winlogon.exe
SERVICES.EXE [748] C:\WINDOWS\system32\services.exe
LSASS.EXE [760] C:\WINDOWS\system32\lsass.exe
ati2evxx.exe [924] C:\WINDOWS\system32\Ati2evxx.exe
SVCHOST.EXE [940] C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE [1020]
SVCHOST.EXE [1116] C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE [1148] C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE [1244]
SVCHOST.EXE [1308]
aawservice.exe [1508] "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
LEXBCES.EXE [1620] C:\WINDOWS\system32\LEXBCES.EXE
spoolsv.exe [1644] C:\WINDOWS\system32\spoolsv.exe
guard.exe [1756] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
MpfService.exe [1876] C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
SVCHOST.EXE [168] C:\WINDOWS\system32\svchost.exe -k imgsvc
SVCHOST.EXE [432] C:\WINDOWS\system32\svchost.exe -k netsvcs
ALG.EXE [1300]
WSCNTFY.EXE [2884] C:\WINDOWS\system32\wscntfy.exe
ati2evxx.exe [3072] Ati2evxx.exe -Client
explorer.exe [3976] C:\WINDOWS\Explorer.EXE
MpfTray.exe [3108] "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe"
mcagent.exe [2704] "c:\program files\mcafee.com\agent\mcagent.exe" /nosplash
hkcmd.exe [3104] "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe [3116] "C:\WINDOWS\system32\igfxpers.exe"
DLLML.exe [2084] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
CTHELPER.EXE [192] "C:\WINDOWS\CTHELPER.EXE"
type32.exe [2188] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
MpfAgent.exe [740] C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding
CTDVDDET.exe [3000] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
CTSysVol.exe [2712] "C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" /r
CTFMON.EXE [2136] "C:\WINDOWS\system32\ctfmon.exe"
usnsvc.exe [3192] "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
firefox.exe [1676] "C:\Program Files\Mozilla Firefox\firefox.exe"
MSIMN.EXE [2176] "C:\Program Files\Outlook Express\MSIMN.EXE"
msmsgs.exe [2168] "C:\Program Files\Messenger\msmsgs.exe" -Embedding
WSCRIPT.EXE [3088] "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Christopher Barbour\Desktop\FileLister.vbe"
WMIPRVSE.EXE [2928]
WMIPRVSE.EXE [1448]

=== Uninstall List From Registry ======

Panda ActiveScan 2.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
ATI - Software Uninstall Utility
AnalogX POW!
AndreaMosaic 3.22
ATI Display Driver
AV DVD Player Morpher
AVG Anti-Spyware 7.5
Canon Utilities PhotoStitch 3.1
CCleaner (remove only)
CDex extraction audio
Dell Digital Jukebox Driver
Dell Photo Printer 720
Dell Support 5.0.0 (630)
ffdshow (remove only)
Free Easy Burner V 3.8
Free Mp3 Wma Converter V 1.5.1
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
DAO
ATI Decoder
Intel(R) 537EP V9x DF PCI Modem
IrfanView (remove only)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB915865)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee SecurityCenter
Microsoft .NET Framework 1.1
mkw Audio Compression Toolkit
Mozilla Firefox (2.0.0.14)
Microsoft Compression Client Pack 1.0 for Windows XP
Nimo Lite Pack v1.0 (Remove Only)
Microsoft National Language Support Downlevel APIs
Panda ActiveScan
Canon PhotoRecord
PowerISO
Canon Digital Camera RS-232C TWAIN Driver
Intel(R) PRO Network Adapters and Drivers
RealPlayer
RevConnect
Samsung ML-1710 Seriess
SkyCaddie Desktop
CP2101 USB to UART Bridge Controller
SoulSeek Client 156c
Spybot - Search & Destroy 1.5.2.20
Learn2 Player (Uninstall Only)
Creative System Information
Viewpoint Media Player
McAfee VirusScan
VideoLAN VLC media player 0.8.6
WinAce Archiver
Winamp
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
XviD Media Codec 1.0.2
XviD MPEG-4 Video Codec
Yahoo! Messenger
Yahoo! Install Manager
Canon Utilities ZoomBrowser EX
Microsoft LifeCam
QuickTime
ATI HYDRAVISION
MSXML 6.0 Parser (KB933579)
ATI Control Panel
PC Inspector File Recovery
Microsoft Plus! Photo Story 2 LE
Intel(R) PROSet for Wired Connections
Catalyst Media Center
ConvertHelper 2.1
Data Lifeguard Tools
Windows Media Player 10
WebFldrs XP
Internet Explorer Default Page
MSXML 4.0 SP2 (KB927978)
Modem On Hold
Sansa Connect Device Recovery
Banctec Service Agreement
Windows Live Messenger
Dell Driver Reset Tool
Microsoft IntelliType Pro 5.2
Movica
PowerDVD 5.3
Microsoft Plus! Digital Media Edition Installer
Java 2 Runtime Environment, SE v1.4.2_03
Apple Software Update
Modem Event Monitor
Sansa Media Converter
Modem Helper
Jasc Paint Shop Pro 8 Dell Edition
Intel(R) Extreme Graphics 2 Driver
Microsoft Office XP Professional with FrontPage
Microsoft Office Standard Edition 2003
Windows Live installer
Sound Blaster Audigy 4
Adobe Reader 8.1.2
WordPerfect Office 12
Windows Live Sign-in Assistant
Spybot - Search & Destroy
Microsoft .NET Framework 2.0 Service Pack 1
MSXML 4.0 SP2 (KB936181)
DAO
Microsoft .NET Framework 1.1
Jasc Paint Shop Photo Album
SUPERAntiSpyware Free Edition
Ad-Aware
Windows Media Encoder 9 Series
ATI Catalyst Control Center
ATI Decoder
SoundMAX
Sansa Media Converter
Catalyst Media Center DVD Authoring Module
iTunes
Back to top
View users profile Send private message
markamus

1st Responder
Premium Member

Joined: May 06, 2004
Posts: 955

1st Responders Premium Team F@H

PostPosted: Mon Jul 28, 2008 7:04 pm    Post subject:
Reply with quote

Open HJT by navigating to your HijackThis folder and double clicking on HijackThis.exe. Select the second button entitled "Do a system scan only".
Now select the followng entries by placing a tick in the left hand check box


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Once you have selected all entries, close all running programs then click once on the "fix checked" button to clear the entries from your log.
----------------------------------------------------------------------------------------------

Please download a free version of CCleaner from here.


To install:


  • Select a language.
  • Click Next.
  • Click I Agree.
  • Select your Destination Folder and click Next. The default is set to C:\Program Files\CCleaner. This is OK to use, unless you would prefer it installed to another permanent folder.
  • Choose your Install Options.
  • Click Install.
  • Click Finish when prompted.



To run:

  • Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Then select the items you wish to clean up. (See note below)

In the Windows Tab:

  • Clean all entries in the "Internet Explorer". If you prefer to keep your cookies, uncheck the Cookies entry. Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:

  • Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
  • Then click the "Run Cleaner" button and it will scan and clean your system.
  • Click exit.

----------------------------------------------------------------------------------------------

Run an online virus scan called Kaspersky from HERE.

    1. At the main page. Press on "Accept". After reading the contents.
    2. At the next window Select Update. Allow the Database to update.
    Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
    3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
    4. Select Scan Report.
    5. If any threats were found they will appear in the report
    6. Select "Save error report as"
    Then in the file name just type in kaspersky
    Under "save as type" select text .txt
    Save it to your Desktop.


Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well

In your next reply, please include the following:
  1. The Kaspersky Online scan log
  2. A fresh HijackThis log
  3. An update on how the PC is running

Thanks,

markamus


_________________
Proud UNITE and ASAP member
Back to top
View users profile Send private message AIM Address Yahoo Messenger MSN Messenger
camlto

Trooper
Trooper


Joined: Oct 25, 2006
Posts: 15
Location: USA
PostPosted: Tue Jul 29, 2008 1:13 pm    Post subject:
Reply with quote

the kaspersky came back clean but as soon as it started running, a chkdsk prompt came up for my external hard drive (where i think the problem may be). whenever i run the checkdisk, i lose a majority of the files but when i check the amount of drive space i have, it reads as though the files are still there. as well, some files will not play or delete.

could it be a corrupt restore point?


KASPERSKY ONLINE SCANNER 7 REPORT
Monday, July 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 28, 2008 20:24:40
Records in database: 1017477
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
H:\
Scan statistics
Files scanned 78506
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 03:58:06

No malware has been detected. The scan area is clean.
The selected area was scanned.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:44 AM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file -