Thread: Help needed in the removal of Trojan.Lmir.boy and Downloader.IFrame.ay infection
View Single Post
Old 12-05-2007, 02:14 AM   #1 (permalink)
siriushaha
Registered User
 
siriushaha's Avatar
 
Join Date: Apr 2005
Location: San Francisco Bay Area, CA
Posts: 10
OS: Windows 2000 Pro


Send a message via Yahoo to siriushaha
Help needed in the removal of Trojan.Lmir.boy and Downloader.IFrame.ay infection
My laptop was infected on 12/03/2007 by this malware as described in the attachment malware-symptom.pdf. My OS is running Windows XP SP2.
Note that as the result of this malware there are a lot of newly generated files in c:\windows and c:\windows\system32 directories as shown in the attachments windows.pdf and windows-system32.pdf.

For some reason Panda ActiveScan failed to generate a report so there is no attachment for ActiveScan log.

AVG-AntiSpyware is installed on this laptop now after this infection. The AVG scan reports that my laptop is infected with 2 trojans Downloader.IFrame.ay and Trojan.Lmir.boy as shown in the attachment AVG-scanreport.pdf.

Below is the HiJackThis log generated from running DSS.exe with extra.txt as follows:

Deckard's System Scanner v20071014.68
Run by dha on 2007-12-04 21:59:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2007-12-05 05:59:48 UTC - RP732 - Deckard's System Scanner Restore Point
27: 2007-12-04 08:37:07 UTC - RP731 - System Checkpoint
26: 2007-12-03 03:34:54 UTC - RP730 - System Checkpoint
25: 2007-12-02 03:00:11 UTC - RP729 - System Checkpoint
24: 2007-12-01 02:16:40 UTC - RP728 - System Checkpoint


-- First Restore Point --
1: 2007-11-06 05:33:27 UTC - RP705 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-04 22:09:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\berkleemusic\Digidesign\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
C:\Program Files\M-Audio\Ozone\Install\ozinst.exe
C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
C:\WINDOWS\system32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\utils\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\mafwTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Maxtor\MSS Backup\MaxBackService.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Maxtor\ManagerApp\msssort.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\berkleemusic\NTONYX\MIDI Matrix\MidiMtrx.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\DOCUME~1\dha\LOCALS~1\Temp\AutoDetect.exe
E:\Ceedo\Ceedo\Ceedo.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
E:\Download\mcafee\dss.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - E:\Ceedo\workspace\ZendStudio\toolbars\ZendIEToolbar.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\berkleemusic\Digidesign\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\721815M.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\dha\LOCALS~1\Temp\AutoDetect.exe /active
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MIDI Matrix.lnk = C:\berkleemusic\NTONYX\MIDI Matrix\MidiMtrx.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Zend Studio - Debug current page - res://e:\ceedo\workspace\ZendStudio\toolbars\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://e:\ceedo\workspace\ZendStudio\toolbars\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (file missing)
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c9...49/qboax10.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C29A0936-5E0D-4C8E-BCE4-A106B75E037B} (MyDropTarget Class) - http://www.zude.com/DropTarget.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://zend.webex.com/client/T25L/event/ieatgpc.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D9C229A1-F84B-4CE5-AEB1-8D55BBE6418E}: NameServer = 206.13.28.12,151.164.1.8
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: DD0052B1 - Unknown owner - C:\WINDOWS\system32\D9443A7A.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\berkleemusic\Digidesign\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\berkleemusic\Digidesign\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: EnterpriseDB Postgres 8.2 - Server (edb-pg-8.2) - PostgreSQL Global Development Group - E:\Ceedo\Program Files\EnterpriseDB Postgres\8.2\bin\pg_ctl.exe
O23 - Service: EnterpriseDB Postgres 8.2 - Replication (edb-pg-8.2-replication) - PostgreSQL Global Development Group - E:\Ceedo\Program Files\EnterpriseDB Postgres\8.2\bin\slon.exe
O23 - Service: EnterpriseDB Postgres 8.2 - Scheduler (edb-pg-8.2-scheduler) - Unknown owner - E:\Ceedo\Program Files\EnterpriseDB Postgres\8.2\bin\pgAgent.exe
O23 - Service: EncompassServer - Unknown owner - C:\workspace\Encompass\EncompassServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: M-Audio Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio\Ozone\Install\ozinst.exe
O23 - Service: Pantech&Curitel Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\system32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe


--
End of file - 21644 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 DigiFilter - c:\windows\system32\drivers\digifilt.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro ToolsŪ>
R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok(R)>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 DELTAFW (Service for M-Audio FW Driver (WDM)) - c:\windows\system32\drivers\deltafw.sys <Not Verified; Midiman/M-Audio; M-Audio Delta FW WDM Driver>
S3 iLokDrvr (iLok) - c:\windows\system32\drivers\ilokdrvr.sys <Not Verified; PACE Anti-Piracy, Inc.; iLok(R)>
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 ma763008 (M-Audio Ozone) - c:\windows\system32\drivers\ma763008.sys <Not Verified; M-Audio, Inc.; M-Audio Ozone>
S3 MADFU008 - c:\windows\system32\drivers\madfu008.sys <Not Verified; M-Audio; Ozone Firmware Loader>
S3 MAFWBOOT (Bootloader Service for M-Audio FW Driver (WDM)) - c:\windows\system32\drivers\mafwboot.sys <Not Verified; Midiman/M-Audio; M-Audio FW Bootloader Driver>
S3 PNDIS5 (PNDIS5 NDIS Protocol Driver) - d:\pndis5.sys (file missing)
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>
S3 S3SSavage - c:\windows\system32\drivers\s3ssavm.sys <Not Verified; S3 Graphics, Inc.; S3 Graphics SuperSavage Miniport>
S3 USB44LDR (M-Audio USB MidiSport 4x4 Loader) - c:\windows\system32\drivers\usb44ldr.sys <Not Verified; MIDIMAN; Midiman USB MidiSport 4x4 Loader>
S3 USBMN4X4 (M-Audio USB MidiSport 4x4) - c:\windows\system32\drivers\usbmn4x4.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB MidiSport 4x4 Midi Interface>
S3 USBNZ1X1 (M-Audio Ozone Midi) - c:\windows\system32\drivers\usbnz1x1.sys <Not Verified; Doug Fetter Software Wizardry; Midiman Ozone Midi Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 bmwebcfg (Bytemobile Web Configurator) - "c:\windows\system32\bmwebcfg.exe" <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R2 DigiRefresh (Digidesign MME Refresh Service) - c:\berkleemusic\digidesign\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
R2 edb-pg-8.2 (EnterpriseDB Postgres 8.2 - Server) - "e:\ceedo\program files\enterprisedb postgres\8.2\bin\pg_ctl.exe" runservice -n "edb-pg-8.2" -d "e:\ceedo\program files\enterprisedb postgres\8.2\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>
R2 IBM Rapid Restore Ultra Service - "c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe" <Not Verified; ; rrpcsb Module>
R2 OzoneInstallerService (M-Audio Ozone Installer) - c:\program files\m-audio\ozone\install\ozinst.exe <Not Verified; Nemesis; Ozone Installer Service>
R2 Pantech&Curitel Utility Service - c:\program files\utstarcom\sprint\sprint pcs connection manager\pncutilityservice.exe <Not Verified; Sprint Spectrum, L.L.C; Sprint PCS Connection Manager>
R2 QCONSVC - system32\qconsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 vtserver (Protector Suite Virtual Token) - "c:\program files\common files\virtual token\vtserver.exe" <Not Verified; UPEK Inc.; IBM fingerprint software>

S2 DD0052B1 - c:\windows\system32\d9443a7a.exe -k
S3 Bonjour Service - c:\program files\gizmo project\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
S3 digiSPTIService - "c:\berkleemusic\digidesign\digidesign\pro tools\digisptiservice.exe" <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools CD Ripping Service>
S3 edb-pg-8.2-replication (EnterpriseDB Postgres 8.2 - Replication) - "e:\ceedo\program files\enterprisedb postgres\8.2\bin\slon.exe" <Not Verified; PostgreSQL Global Development Group; Slony-I>
S3 edb-pg-8.2-scheduler (EnterpriseDB Postgres 8.2 - Scheduler) - "e:\ceedo\program files\enterprisedb postgres\8.2\bin\pgagent.exe" run "edb-pg-8.2-scheduler" hostaddr=127.0.0.1 dbname=postgres user=postgres <Not Verified; ; pgAdmin III>
S3 EncompassServer - c:\workspace\encompass\encompassserver.exe
S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: NEC PCI to USB Open Host Controller
Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_444B5143&REV_43\5&17F8B0&0&0100F0
Manufacturer: NEC
Name: NEC PCI to USB Open Host Controller
PNP Device ID: PCI\VEN_1033&DEV_0035&SUBSYS_444B5143&REV_43\5&17F8B0&0&0100F0
Service: usbohci


-- Scheduled Tasks -------------------------------------------------------------

2007-10-01 00:09:43 352 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-06-15 05:19:51 260 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2005-10-25 05:41:10 314 --a------ C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 22:04:36 15588 --a------ C:\WINDOWS\system32\k11968344808.exe
2007-12-04 22:04:31 18016 --a------ C:\WINDOWS\system32\k119683448914.exe
2007-12-04 22:04:29 16131 --a------ C:\WINDOWS\system32\k119683448813.exe
2007-12-04 22:04:27 16648 --a------ C:\WINDOWS\system32\k119683448511.exe
2007-12-04 22:04:27 16816 --a------ C:\WINDOWS\system32\k11968344764.exe
2007-12-04 22:04:25 16168 --a------ C:\WINDOWS\system32\k119683448310.exe
2007-12-04 22:04:25 17392 --a------ C:\WINDOWS\system32\k11968344829.exe
2007-12-04 22:04:21 17376 --a------ C:\WINDOWS\system32\k11968344775.exe
2007-12-04 22:04:17 16780 --a------ C:\WINDOWS\system32\k11968344743.exe
2007-12-04 22:04:15 15398 --a------ C:\WINDOWS\system32\k11968344732.exe
2007-12-04 21:45:59 0 d-------- C:\Program Files\SpywareBlaster
2007-12-04 13:33:06 16168 --a------ C:\WINDOWS\system32\k119680379610.exe
2007-12-04 13:33:05 17392 --a------ C:\WINDOWS\system32\k11968037959.exe
2007-12-04 13:33:04 16131 --a------ C:\WINDOWS\system32\k119680380013.exe
2007-12-04 13:33:03 18016 --a------ C:\WINDOWS\system32\k119680380114.exe
2007-12-04 13:33:03 15588 --a------ C:\WINDOWS\system32\k11968037948.exe
2007-12-04 13:33:03 16780 --a------ C:\WINDOWS\system32\k11968037863.exe
2007-12-04 13:33:01 16648 --a------ C:\WINDOWS\system32\k119680379811.exe
2007-12-04 13:30:22 15588 --a------ C:\WINDOWS\cnvwgf.exe
2007-12-04 13:30:20 15398 --a------ C:\WINDOWS\pxvkvl.exe
2007-12-04 13:29:32 12032 --a------ C:\WINDOWS\system32\LYLOADER.EXE
2007-12-04 13:23:20 18016 --a------ C:\WINDOWS\MsIMMs32.exE
2007-12-04 13:23:19 16648 --a------ C:\WINDOWS\msccrt.exe
2007-12-04 13:23:19 16780 --a------ C:\WINDOWS\Kvsc3.exE
2007-12-04 13:23:18 17376 --a------ C:\WINDOWS\DbgHlp32.exe
2007-12-04 13:23:17 15588 --a------ C:\WINDOWS\MsPrint32D.exe
2007-12-04 13:23:15 16816 --a------ C:\WINDOWS\AVPSrv.exE
2007-12-04 13:22:59 15398 --a------ C:\WINDOWS\GenProtect.exe
2007-12-04 13:22:56 18016 --a------ C:\WINDOWS\system32\k119680318714.exe
2007-12-04 13:22:56 16131 --a------ C:\WINDOWS\system32\k119680318613.exe
2007-12-04 13:22:56 42289 --a------ C:\WINDOWS\system32\k119680318512.exe
2007-12-04 13:22:56 16648 --a------ C:\WINDOWS\system32\k119680318411.exe
2007-12-04 13:22:56 16168 --a------ C:\WINDOWS\system32\k119680318210.exe
2007-12-04 13:22:55 17376 --a------ C:\WINDOWS\system32\k11968031756.exe
2007-12-04 13:22:55 16780 --a------ C:\WINDOWS\system32\k11968031723.exe
2007-12-04 13:22:54 17392 --a------ C:\WINDOWS\system32\k11968031799.exe
2007-12-04 13:22:48 17376 --a------ C:\WINDOWS\mppds.exe
2007-12-04 13:22:47 15588 --a------ C:\WINDOWS\system32\k11968031788.exe
2007-12-04 13:22:47 16816 --a------ C:\WINDOWS\system32\k11968031734.exe
2007-12-04 13:22:43 17376 --a------ C:\WINDOWS\system32\k11968031745.exe
2007-12-04 13:22:42 15398 --a------ C:\WINDOWS\system32\k11968031702.exe
2007-12-04 13:20:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 13:17:44 3562 --a------ C:\WINDOWS\system32\LYMANGR.DLL
2007-12-04 09:53:16 18016 --a------ C:\WINDOWS\system32\k119679061514.exe
2007-12-04 09:53:15 16131 --a------ C:\WINDOWS\system32\k119679061413.exe
2007-12-04 09:53:13 42289 --a------ C:\WINDOWS\system32\k119679061312.exe
2007-12-04 09:53:12 16648 --a------ C:\WINDOWS\system32\k119679061111.exe
2007-12-04 09:53:11 16168 --a------ C:\WINDOWS\system32\k119679061010.exe
2007-12-04 09:53:10 17392 --a------ C:\WINDOWS\system32\k11967906099.exe
2007-12-04 09:53:08 15588 --a------ C:\WINDOWS\system32\k11967906088.exe
2007-12-04 09:53:06 17376 --a------ C:\WINDOWS\system32\k11967906056.exe
2007-12-04 09:53:06 17376 --a------ C:\WINDOWS\system32\k11967906045.exe
2007-12-04 09:53:06 16816 --a------ C:\WINDOWS\system32\k11967906034.exe
2007-12-04 09:53:06 16780 --a------ C:\WINDOWS\system32\k11967906023.exe
2007-12-04 09:53:05 15398 --a------ C:\WINDOWS\system32\k11967906012.exe
2007-12-04 09:44:48 18016 --a------ C:\WINDOWS\system32\k119679010714.exe
2007-12-04 09:44:46 16131 --a------ C:\WINDOWS\system32\k119679010513.exe
2007-12-04 09:44:45 42289 --a------ C:\WINDOWS\system32\k119679010312.exe
2007-12-04 09:44:43 16648 --a------ C:\WINDOWS\system32\k119679010111.exe
2007-12-04 09:44:41 16168 --a------ C:\WINDOWS\system32\k119679010010.exe
2007-12-04 09:44:41 17392 --a------ C:\WINDOWS\system32\k11967900999.exe
2007-12-04 09:44:36 15588 --a------ C:\WINDOWS\system32\k11967900968.exe
2007-12-04 09:44:34 17376 --a------ C:\WINDOWS\system32\k11967900936.exe
2007-12-04 09:44:33 17376 --a------ C:\WINDOWS\system32\k11967900925.exe
2007-12-04 09:44:33 16816 --a------ C:\WINDOWS\system32\k11967900914.exe
2007-12-04 09:44:29 15398 --a------ C:\WINDOWS\system32\k11967900882.exe
2007-12-04 09:41:45 15429 --a------ C:\WINDOWS\oijorh.exe
2007-12-04 09:41:40 15588 --a------ C:\WINDOWS\vsqiyr.exe
2007-12-04 09:39:36 45056 --a------ C:\WINDOWS\system32\346D73A5.DLL
2007-12-04 07:47:28 16648 --a------ C:\WINDOWS\system32\k119678304211.exe
2007-12-04 07:44:41 15429 --a------ C:\WINDOWS\ikuiev.exe
2007-12-04 07:44:38 15588 --a------ C:\WINDOWS\ekuxxk.exe
2007-12-04 07:12:50 0 d-------- C:\Documents and Settings\dan\Application Data\Maxtor Quick Start
2007-12-04 07:11:43 15588 --a------ C:\WINDOWS\mwowce.exe
2007-12-04 07:11:37 16020 --a------ C:\WINDOWS\divgou.exe
2007-12-04 06:45:49 15429 --a------ C:\WINDOWS\blfjtd.exe
2007-12-04 06:45:37 15588 --a------ C:\WINDOWS\uownem.exe
2007-12-04 06:45:35 16020 --a------ C:\WINDOWS\blgdwq.exe
2007-12-04 06:36:10 15588 --a------ C:\WINDOWS\priyuy.exe
2007-12-04 06:36:10 16020 --a------ C:\WINDOWS\opxkie.exe
2007-12-03 23:08:05 44032 --a------ C:\WINDOWS\system32\SHQ.DLL
2007-12-03 23:08:01 20 --a------ C:\WINDOWS\system32\mhsha1.dat
2007-12-03 20:19:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-03 19:35:48 39424 --a------ C:\WINDOWS\zipinst.exe <Not Verified; NirSoft; ZipInstaller>
2007-12-03 19:35:47 0 d-------- C:\Program Files\ShellExView
2007-12-03 16:58:30 25088 --a------ C:\WINDOWS\system32\badqya.dll
2007-12-03 16:58:29 27648 --a------ C:\WINDOWS\system32\kagzwj.dll
2007-12-03 16:58:28 25088 --a------ C:\WINDOWS\system32\djhkuu.dll
2007-12-03 16:58:28 25088 --a------ C:\WINDOWS\system32\clgduc.dll
2007-12-03 16:58:19 26112 --a------ C:\WINDOWS\system32\txfkhi.dll
2007-12-03 16:58:18 18016 --a------ C:\WINDOWS\system32\k119672971614.exe
2007-12-03 16:58:17 42289 --a------ C:\WINDOWS\system32\k119672971312.exe
2007-12-03 16:37:01 25088 --a------ C:\WINDOWS\system32\amoins.dll
2007-12-03 16:37:00 25088 --a------ C:\WINDOWS\system32\yqcsgs.dll
2007-12-03 16:36:59 27648 --a------ C:\WINDOWS\system32\tusewo.dll
2007-12-03 16:18:33 28672 --a------ C:\WINDOWS\system32\MsIMMs32.dll
2007-12-03 16:14:24 16020 --a------ C:\WINDOWS\grzidy.exe
2007-12-03 16:14:11 15429 --a------ C:\WINDOWS\xunlbg.exe
2007-12-03 16:05:57 15588 --a------ C:\WINDOWS\cwxjwp.exe
2007-12-03 16:05:55 16020 --a------ C:\WINDOWS\yyrnew.exe
2007-12-03 16:05:50 15429 --a------ C:\WINDOWS\yfxmyi.exe
2007-12-03 15:54:12 15429 --a------ C:\WINDOWS\vuqlxc.exe
2007-12-03 15:54:12 16020 --a------ C:\WINDOWS\uzqycg.exe
2007-12-03 15:54:12 15588 --a------ C:\WINDOWS\osufcn.exe
2007-12-03 15:49:14 27136 --a------ C:\WINDOWS\system32\msccrt.dll
2007-12-03 15:49:14 27648 --a------ C:\WINDOWS\system32\cmdbcs.dll
2007-12-03 15:49:13 25088 --a------ C:\WINDOWS\system32\LotusHlp.dll
2007-12-03 15:49:08 16168 --a------ C:\WINDOWS\upxdnd.exe
2007-12-03 15:49:08 26112 --a------ C:\WINDOWS\system32\upxdnd.dll
2007-12-03 15:49:08 16131 --a------ C:\WINDOWS\LotusHlp.exe
2007-12-03 15:49:08 17392 --a------ C:\WINDOWS\cmdbcs.exe
2007-12-03 15:49:07 63574 --ahs---- C:\WINDOWS\721815MM.DLL
2007-12-03 15:49:06 25088 --a------ C:\WINDOWS\system32\NVDispDrv.dll
2007-12-03 15:49:06 25088 --a------ C:\WINDOWS\system32\MsPrint32D.dll
2007-12-03 15:49:04 16020 --a------ C:\WINDOWS\NVDispDRV.EXE
2007-12-03 15:49:02 127488 --a------ C:\WINDOWS\system32\GenProtect.dll
2007-12-03 15:49:02 28160 --a------ C:\WINDOWS\system32\DbgHlp32.dll
2007-12-03 15:48:58 28160 --a------ C:\WINDOWS\system32\mppds.dll
2007-12-03 15:48:58 26624 --a------ C:\WINDOWS\system32\Kvsc3.dll
2007-12-03 15:48:58 26624 --a------ C:\WINDOWS\system32\AVPSrv.dll
2007-12-03 15:44:35 12531 ---h----- C:\auto.exe
2007-12-03 10:22:29 12531 --a------ C:\WINDOWS\system32\D9443A7A.EXE
2007-12-01 16:12:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-01 10:05:28 0 d-------- C:\Program Files\BitTorrent
2007-11-30 15:25:51 0 d-------- C:\Documents and Settings\dha\.netbeans-derby
2007-11-30 15:25:27 0 d-------- C:\Documents and Settings\dha\.netbeans
2007-11-30 15:23:20 0 d-------- C:\Program Files\glassfish-v2-b58g
2007-11-30 14:14:15 0 d-------- C:\Documents and Settings\dha\.nbi
2007-11-15 13:25:32 0 d-------- C:\KA
2007-11-13 1543 0 d-------- C:\Program Files\iPod
2007-11-13 1539 0 d-------- C:\Program Files\iTunes
2007-11-13 15:04:59 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-11-13 15:04:33 0 d-------- C:\Program Files\Common Files\Apple
2007-11-09 16:37:03 0 d-------- C:\Program Files\Apple Software Update
2007-11-09 16:37:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2007-12-04 12:03:23 0 d-------- C:\Program Files\Common Files\Virtual Token
2007-12-04 12:01:59 0 d-------- C:\Program Files\Network Print Monitor
2007-12-04 11:59:52 0 d-------- C:\Program Files\Messenger
2007-12-04 11:59:50 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2007-12-04 11:59:37 0 d-------- C:\Program Files\Digital Line Detect
2007-12-04 11:59:19 0 d-------- C:\Program Files\No-IP
2007-12-04 11:58:20 0 d-------- C:\Program Files\Google
2007-12-04 10:07:04 0 d-------- C:\Program Files\IBM fingerprint software
2007-12-01 16:12:51 0 d-------- C:\Documents and Settings\dha\Application Data\Mozilla
2007-11-13 15:04:33 0 d-------- C:\Program Files\Common Files
2007-11-09 16:39:35 0 d-------- C:\Program Files\QuickTime
2007-11-02 18:45:58 0 d-------- C:\Program Files\Microsoft.NET
2007-10-27 07:07:38 48168 --a------ C:\Documents and Settings\dha\Application Data\GDIPFONTCACHEV1.DAT
2007-10-20 18:58:38 1140 --a------ C:\WINDOWS\mozver.dat
2007-10-17 14:24:41 0 d-------- C:\Program Files\Zend
2007-10-17 08:22:32 0 d-------- C:\Documents and Settings\dha\Application Data\WebEx
2007-10-17 08:07:55 202826 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>
2007-10-13 20:04:48 0 d-------- C:\Documents and Settings\dha\Application Data\Gtek
2007-10-10 15:04:35 0 d-------- C:\Program Files\McAfee
2007-10-05 21:57:27 0 d-------- C:\Program Files\WinHTTrack


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [10/11/2001 11:32 PM C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [06/16/2004 10:53 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/16/2004 10:53 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/04/2004 06:39 PM]
"TpShocks"="TpShocks.exe" [03/26/2004 06:16 PM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [03/03/2005 05:10 PM]
"ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" [09/24/2004 04:11 PM]
"TP4EX"="tp4ex.exe" [09/04/2002 01:05 AM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 02:04 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 12:52 PM]
"FRYMXINS"="C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" []
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [07/14/2004 04:34 PM]
"UC_SMB"="" []
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [09/02/2004 01:05 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [07/22/2004 02:01 AM]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [03/19/2004 12:12 PM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [03/18/2005 03:07 AM]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [07/29/2004 01:37 AM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [07/29/2004 01:37 AM]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [07/29/2004 01:37 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/03/2005 11:54 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [04/01/2004 10:52 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [03/26/2004 02:40 PM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [08/06/2003 04:08 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 02:43 AM]
"pdfw"="C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe" [03/24/2004 11:56 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"Gizmo Project"="C:\Program Files\Gizmo Project\Gizmo.exe" [06/15/2007 02:00 PM]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [10/18/2005 09:00 AM]
"DigidesignMMERefresh"="C:\berkleemusic\Digidesign\Digidesign\Drivers\MMERefresh.exe" [10/25/2005 10:21 PM]
"MAFWTaskbarApp"="C:\WINDOWS\system32\MAFWTray.exe" [09/20/2005 05:17 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 09:19 AM]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [01/12/2007 04:45 PM]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [01/18/2007 12:20 PM]
"@"="" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]
"MaxBackSchedule"="C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe" [06/15/2006 11:21 AM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [06/05/2006 12:00 PM]
"mssSort"="C:\Program Files\Maxtor\ManagerApp\msssort.exe" [05/25/2006 12:41 PM]
"QCTray"="C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe" [03/18/2005 03:07 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"WinSysM"="C:\WINDOWS\721815M.exe" []
"upxdnd"="C:\WINDOWS\upxdnd.exe" [12/04/2007 10:04 PM]
"cmdbcs"="C:\WINDOWS\cmdbcs.exe" [12/04/2007 10:04 PM]
"LotusHlp"="C:\WINDOWS\LotusHlp.exe" [12/04/2007 10:04 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [12/04/2007 01:07 PM]
"mppds"="C:\WINDOWS\mppds.exe" [12/04/2007 10:04 PM]
"GenProtect"="C:\WINDOWS\GenProtect.exe" [12/04/2007 10:04 PM]
"AVPSrv"="C:\WINDOWS\AVPSrv.exE" [12/04/2007 10:04 PM]
"MsPrint32D"="C:\WINDOWS\MsPrint32D.exe" [12/04/2007 10:04 PM]
"msccrt"="C:\WINDOWS\msccrt.exe" [12/04/2007 10:04 PM]
"Kvsc3"="C:\WINDOWS\Kvsc3.exE" [12/04/2007 10:04 PM]
"DbgHlp32"="C:\WINDOWS\DbgHlp32.exe" [12/04/2007 01:22 PM]
"MsIMMs32"="C:\WINDOWS\MsIMMs32.exE" [12/04/2007 10:04 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [07/22/2004 02:01 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/2007 05:16 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 01:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/30/2007 10:24 AM]
"Ceedo AutoDetect"="C:\DOCUME~1\dha\LOCALS~1\Temp\AutoDetect.exe" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 05:16 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\dha\Start Menu\Programs\Startup\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [9/29/2007 3:08:11 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/14/2005 10:50:53 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
MIDI Matrix.lnk - C:\berkleemusic\NTONYX\MIDI Matrix\MidiMtrx.exe [2/5/2006 9:37:55 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 4:23:32 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"MSDEG32"=LYLoader.exe
"MSDWG32"=LYLoadbr.exe
"MSDCG32 "=LYLeador.exe
"MSDOG32"=LYLoador.exe
"MSDSG32"=LYLoadar.exe
"MSDMG32"=LYLoadmr.exe
"MSDHG32"=LYLoadhr.exe
"MSDQG32"=LYLoadqr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 01/12/2007 04:45 PM 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\IBM fingerprint software\psfus.dll 09/24/2004 04:15 PM 108636 C:\Program Files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 03/18/2005 03:07 AM 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 08/12/2004 08:11 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8ffcb80-7a16-11da-abb4-0013ce12d19a}]
AutoRun\command- E:\JDSecure\Windows\JDSecure20.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost xampp


-- End of Deckard's System Scanner: finished at 2007-12-04 22:12:01 ------------

-----------------------------------------------------------------------

Here is also the HiJackThis log generated from Trend Micro HiJackThis 2.0.2 as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:10 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\berkleemusic\Digidesign\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
C:\Program Files\M-Audio\Ozone\Install\ozinst.exe
C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Maxtor\ManagerApp\msssort.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\berkleemusic\NTONYX\MIDI Matrix\MidiMtrx.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\No-IP\DUC20.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\DOCUME~1\dha\LOCALS~1\Temp\AutoDetect.exe
E:\ceedo\Ceedo\Ceedo.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - e:\ceedo\WORKSP~1\ZENDST~1\toolbars\ZENDIE~1.DLL
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\berkleemusic\Digidesign\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\721815M.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\dha\LOCALS~1\Temp\AutoDetect.exe /active
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MIDI Matrix.lnk = C:\berkleemusic\NTONYX\MIDI Matrix\MidiMtrx.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Zend Studio - Debug current page - res://e:\ceedo\workspace\ZendStudio\toolbars\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://e:\ceedo\workspace\ZendStudio\toolbars\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - e:\ceedo\WORKSP~1\ZENDST~1\toolbars\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - e:\ceedo\WORKSP~1\ZENDST~1\toolbars\ZENDIE~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c9...49/qboax10.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C29A0936-5E0D-4C8E-BCE4-A106B75E037B} (MyDropTarget Class) - http://www.zude.com/DropTarget.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://zend.webex.com/client/T25L/event/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C229A1-F84B-4CE5-AEB1-8D55BBE6418E}: NameServer = 206.13.28.12,151.164.1.8
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: DD0052B1 - Unknown owner - C:\WINDOWS\system32\D9443A7A.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\berkleemusic\Digidesign\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\berkleemusic\Digidesign\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: EnterpriseDB Postgres 8.2 - Server (edb-pg-8.2) - PostgreSQL Global Development Group - E:\ceedo\Program Files\EnterpriseDB Postgres\8.2\bin\pg_ctl.exe
O23 - Service: EnterpriseDB Postgres 8.2 - Replication (edb-pg-8.2-replication) - PostgreSQL Global Development Group - E:\ceedo\Program Files\EnterpriseDB Postgres\8.2\bin\slon.exe
O23 - Service: EnterpriseDB Postgres 8.2 - Scheduler (edb-pg-8.2-scheduler) - Unknown owner - E:\ceedo\Program Files\EnterpriseDB Postgres\8.2\bin\pgAgent.exe
O23 - Service: EncompassServer - - c:\workspace\encompass\encompassserver.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: M-Audio Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio\Ozone\Install\ozinst.exe
O23 - Service: Pantech&Curitel Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 20357 bytes

I hope that I provide enough information to assist me in the removal of this malware infection.

Thanks in advance.

Dan
Attached Files
File Type: pdf malware-symptom.pdf (409.5 KB, 1 views)
File Type: pdf windows.pdf (283.1 KB, 1 views)
File Type: pdf windows-system32.pdf (291.1 KB, 0 views)
File Type: pdf AVG-scanreport.pdf (44.3 KB, 1 views)
File Type: txt extra.txt (42.5 KB, 3 views)
siriushaha is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here