Thread: Computer Freezing and Pop Ups
View Single Post
Old 11-03-2006, 05:03 PM   #3 (permalink)
K'nolla
Registered User
 
Join Date: Jun 2005
Posts: 50
OS: XP


ComboFix Log

Kofo - 06-11-03 19:00:34.26 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Kofo\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\dfndrff_e46a.exe
C:\kybrdff_e46.exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\8L2V0PYN\dfndrff_e_uit[1].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\KDA30P6N\drsmartload44a[1].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\8L2V0PYN\deskbar_e[1].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\CDWRYZ61\deskbar_e[1].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\N0FN3A5T\kybrdff_e[1].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\0HMN8T2Z\MTE3NDI6ODoxNg[1].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\0HMN8T2Z\MTE3NDI6ODoxNg[2].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\8L2V0PYN\MTE3NDI6ODoxNg[1].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\KDA30P6N\nwnmff_e[1].exe
C:\Documents and Settings\Kofo\Local Settings\Temporary Internet Files\Content.IE5\N0FN3A5T\nwnmff_e[1].exe
C:\Program Files\Common Files\download
C:\Program Files\windows
C:\Program Files\Deskbar
C:\WINDOWS\S29mbw
C:\Program Files\Deskbar
C:\WINDOWS\S29mbw
C:\Program Files\Deskbar
C:\WINDOWS\S29mbw

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\Common Files\YSTEM~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\CROSOF~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\ECURIT~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-03 to 2006-11-03 ))))))))))))))))))))))))))))))))))


2006-11-03 12:48 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-03 17:17 -------- d-------- C:\Program Files\Windows NT
2006-11-03 17:17 -------- d-------- C:\Program Files\MSN
2006-11-03 12:48 -------- d-------- C:\Program Files\Grisoft
2006-11-03 12:45 -------- d-------- C:\Program Files\ewido anti-malware
2006-11-03 12:44 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-11-03 12:00 -------- d-a------ C:\Program Files\Common Files
2006-11-03 11:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-03 11:41 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-03 11:39 -------- d-------- C:\Program Files\Adobe
2006-11-03 02:08 -------- d-------- C:\Documents and Settings\Kofo\Application Data\uTorrent
2006-11-02 19:47 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-31 21:34 -------- d-------- C:\Documents and Settings\Kofo\Application Data\Macromedia
2006-10-31 17:05 -------- d-------- C:\Program Files\Google
2006-10-25 20:03 -------- d-------- C:\Program Files\Common Files\Motive
2006-10-20 18:14 -------- d-------- C:\Program Files\Macromedia
2006-10-17 18:00 -------- d---s---- C:\Documents and Settings\Kofo\Application Data\Microsoft
2006-10-17 18:00 -------- d-------- C:\Program Files\QuickTime
2006-10-17 18:00 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-27 16:12 -------- d-------- C:\Program Files\Wireless LAN Utility
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-10 17:10 -------- d-------- C:\Program Files\Goldshell
2006-09-10 17:09 -------- d-------- C:\Program Files\CNet
2006-09-06 14:05 -------- d-------- C:\Program Files\MSN Messenger
2006-08-25 15:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-16 15:53 1101904 --a------ C:\WINDOWS\vsapi32.dll
2006-08-16 11:58 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"CPQHotkeys"="hotkeysvc.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /Minimized"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"CPQHotkeys"="hotkeysvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"CPQHotkeys"="hotkeysvc.exe"
"LXBTCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBTtime.dll,_RunDLLEntry@16"
"Lexmark 5200 series"="\"C:\\Program Files\\Lexmark 5200 series\\lxbtbmgr.exe\""
"bcmwltry"="bcmwltry.exe"
"removecpl"="RemoveCpl.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"RecoverFromReboot"="C:\\WINDOWS\\Temp\\RecoverFromReboot.exe"
"workflow"="D:\\installs\\workflow.exe"
"NAV CfgWiz"="\"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""
"StartFoxie"="C:\\Program Files\\Foxie Suite\\StartFoxie.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TI WLAN"="C:\\Program Files\\Wireless LAN Utility\\TIWLANCu.exe"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQHotkeys"="hotkeysvc.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Windows NT\\pohoc.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\MSN\\mefezov.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,60,03,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-03 19:03:19.45
C:\ComboFix.txt ... 06-11-03 19:03
C:\ComboFix2.txt ... 06-11-03 12:02
C:\ComboFix3.txt ... 06-11-03 11:59


......................................................................................................

AVG Log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:49:21 03/11/2006

+ Scan result:



C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0066037.exe -> Adware.180Solutions : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0066038.exe -> Adware.180Solutions : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0066039.exe -> Adware.180Solutions : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0067532.exe -> Adware.180Solutions : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP429\A0077452.exe -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP436\A0078647.dll -> Adware.Softomate : No action taken.
C:\WINDOWS\Downloaded Program Files\slghex.dll -> Adware.SpywareStorm : No action taken.
C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\Cache\B23E4567d01 -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP428\A0077442.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
:mozilla.61:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.369:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.374:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.64:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.116:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.85:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.418:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.170:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Hypertracker : No action taken.
:mozilla.382:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.33:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.34:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.35:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.36:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.37:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.38:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Kofo\Cookies\kofo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.103:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.287:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.391:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.293:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.299:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.24:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.25:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.27:C:\Documents and Settings\Kofo\Application Data\Mozilla\Firefox\Profiles\4o9y0cnz.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Kofo\Cookies\kofo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

..................................................................................................

Hijack This List

Logfile of HijackThis v1.99.1
Scan saved at 23:57:06, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/din...2.1.0.0.53.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bar...webinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cin...nematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/chu...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
K'nolla is offline