Tech Support Forum - View Single Post - need some help

Dan53 · 07-05-2007, 03:47 PM

Alright did all of that. The panda scan took all day. The only one in the add\remove program list is Norton AntiVirus 2005(Symantec Corporation) and when I try to remove it nothing happens. Also I have a program called iMeshBar in the add\remove list that when I try to remove says "error loading C:\PROGRA~1\iMeshBar\bar\1.bin\iMeshBar.dll The specified module could not be found."

Thanks for all your help!

"Dan Pearson" - 2007-07-05 6:45:08 - ComboFix 07-07-04.4 - Service Pack 2
Command switches used :: C:\Documents and Settings\Dan Pearson\Desktop\CFScript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\DANPEA~1\Desktop.\internet explorer.lnk

((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))

2007-07-04 12:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 23:03 <DIR> d-------- C:\Deckard
2007-07-03 15:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-06-25 15:34 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-06-07 22:50 59,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys
2007-06-07 22:49 53,760 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2007-06-07 22:49 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2007-06-07 22:47 490,272 --a------ C:\WINDOWS\SYSTEM32\LVUI2.dll
2007-06-07 22:47 465,696 --a------ C:\WINDOWS\SYSTEM32\LVUI2RC.dll
2007-06-07 22:47 416,544 --a------ C:\WINDOWS\SYSTEM32\lvcodec2.dll
2007-06-07 22:47 41,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys
2007-06-07 22:47 3,580,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys
2007-06-07 22:47 22,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys
2007-06-07 22:47 195,360 --a------ C:\WINDOWS\SYSTEM32\lvci1100.dll
2007-06-07 22:47 15,558 --a------ C:\WINDOWS\SYSTEM32\Repository.reg
2007-06-07 22:47 1,921,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys
2007-06-07 22:42 <DIR> d-------- C:\Program Files\Logitech
2007-06-07 22:42 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-06-07 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-06-07 22:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 18:13:15 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\Skype
2007-07-04 17:34:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-04 17:34:08 -------- d-----w C:\Program Files\Symantec
2007-07-04 00:25:21 -------- d-----w C:\Program Files\Microsoft Works
2007-07-03 23:37:42 -------- d-----r C:\Program Files\Messenger
2007-07-03 23:29:34 -------- d-----w C:\Program Files\Google
2007-06-08 03:32:31 -------- d-----w C:\Program Files\iPod
2007-06-04 09:43:17 -------- d-sh--w C:\Program Files\outlook
2007-05-24 00:57:41 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\U3
2007-05-24 00:47:31 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-24 00:29:58 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\Lavasoft
2007-05-24 00:29:48 -------- d-----w C:\Program Files\Lavasoft
2007-05-24 00:27:58 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-20 19:35:36 -------- d-----w C:\Program Files\TurboTax
2007-05-17 15:25:18 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 03:12:00 -------- d-----w C:\Program Files\QuickTime
2007-05-13 03:05:19 -------- d-----w C:\Program Files\Apple Software Update
2007-05-11 22:30:16 25,888 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-05-11 22:29:54 2,142,752 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-05-11 22:27:58 2,107,808 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-05-03 01:35:58 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-04-28 03:18:40 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2004-05-12 02:03 744960 --a------ E:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-08-08 15:00]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 15:00]
"nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\SYSTEM32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 10:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-26 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 12:01]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-09-25 18:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 16:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
backup=C:\WINDOWS\pss\NkVwMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-06-02 01:05:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 06:58:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-05 7:00:24
C:\ComboFix-quarantined-files.txt ... 2007-07-05 06:59
C:\ComboFix2.txt ... 2007-07-04 12:58

--- E O F ---

Panda ActiveScan

Incident Status Location

Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.zedo.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.overture.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.com.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/79599383]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/79599383]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/7895639]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.go.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.revenue.net/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan Pearson\Cookies\dan_pearson@atwola[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dan Pearson\Cookies\dan_pearson@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.overture.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@247realmedia[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@apmebf[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@go[2].txt
Adware:Adware/Mirar Not disinfected C:\QooBox\Quarantine\C\WINDOWS\876056.exe.vir
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32drei.exe

Logfile of HijackThis v1.99.1
Scan saved at 4:30:19 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
E:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

07-05-2007, 03:47 PM	#5 (permalink)
Dan53 Registered User Join Date: Jul 2007 Location: Illinois Posts: 29 OS: XP	Re: need some help - computer running very slow Alright did all of that. The panda scan took all day. The only one in the add\remove program list is Norton AntiVirus 2005(Symantec Corporation) and when I try to remove it nothing happens. Also I have a program called iMeshBar in the add\remove list that when I try to remove says "error loading C:\PROGRA~1\iMeshBar\bar\1.bin\iMeshBar.dll The specified module could not be found." Thanks for all your help! "Dan Pearson" - 2007-07-05 6:45:08 - ComboFix 07-07-04.4 - Service Pack 2 Command switches used :: C:\Documents and Settings\Dan Pearson\Desktop\CFScript.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\DANPEA~1\Desktop.\internet explorer.lnk ((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 ))))))))))))))))))))))))))))))) 2007-07-04 12:37 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-03 23:03 <DIR> d-------- C:\Deckard 2007-07-03 15:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-06-25 15:34 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2007-06-07 22:50 59,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys 2007-06-07 22:49 53,760 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll 2007-06-07 22:49 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys 2007-06-07 22:47 490,272 --a------ C:\WINDOWS\SYSTEM32\LVUI2.dll 2007-06-07 22:47 465,696 --a------ C:\WINDOWS\SYSTEM32\LVUI2RC.dll 2007-06-07 22:47 416,544 --a------ C:\WINDOWS\SYSTEM32\lvcodec2.dll 2007-06-07 22:47 41,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys 2007-06-07 22:47 3,580,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys 2007-06-07 22:47 22,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys 2007-06-07 22:47 195,360 --a------ C:\WINDOWS\SYSTEM32\lvci1100.dll 2007-06-07 22:47 15,558 --a------ C:\WINDOWS\SYSTEM32\Repository.reg 2007-06-07 22:47 1,921,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys 2007-06-07 22:42 <DIR> d-------- C:\Program Files\Logitech 2007-06-07 22:42 <DIR> d-------- C:\Program Files\Common Files\LogiShrd 2007-06-07 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech 2007-06-07 22:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-04 18:13:15 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\Skype 2007-07-04 17:34:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-07-04 17:34:08 -------- d-----w C:\Program Files\Symantec 2007-07-04 00:25:21 -------- d-----w C:\Program Files\Microsoft Works 2007-07-03 23:37:42 -------- d-----r C:\Program Files\Messenger 2007-07-03 23:29:34 -------- d-----w C:\Program Files\Google 2007-06-08 03:32:31 -------- d-----w C:\Program Files\iPod 2007-06-04 09:43:17 -------- d-sh--w C:\Program Files\outlook 2007-05-24 00:57:41 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\U3 2007-05-24 00:47:31 -------- d--h--w C:\Program Files\WindowsUpdate 2007-05-24 00:29:58 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\Lavasoft 2007-05-24 00:29:48 -------- d-----w C:\Program Files\Lavasoft 2007-05-24 00:27:58 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-20 19:35:36 -------- d-----w C:\Program Files\TurboTax 2007-05-17 15:25:18 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-13 03:12:00 -------- d-----w C:\Program Files\QuickTime 2007-05-13 03:05:19 -------- d-----w C:\Program Files\Apple Software Update 2007-05-11 22:30:16 25,888 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys 2007-05-11 22:29:54 2,142,752 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys 2007-05-11 22:27:58 2,107,808 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys 2007-05-03 01:35:58 77,312 ----a-w C:\WINDOWS\ua2.dll 2007-04-28 03:18:40 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2004-05-12 02:03 744960 --a------ E:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-08-08 15:00] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 15:00] "nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\SYSTEM32\nwiz.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 10:05] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-26 18:58] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 12:01] "iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-09-25 18:50] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 16:49] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk] backup=C:\WINDOWS\pss\NkVwMon.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe Newly Created Service - CATCHME Contents of the 'Scheduled Tasks' folder 2007-06-02 01:05:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************ catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-05 06:58:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ Completion time: 2007-07-05 7:00:24 C:\ComboFix-quarantined-files.txt ... 2007-07-05 06:59 C:\ComboFix2.txt ... 2007-07-04 12:58 --- E O F --- Panda ActiveScan Incident Status Location Adware:adware/sqwire Not disinfected Windows Registry Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.ad.yieldmanager.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.zedo.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.overture.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.atwola.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.com.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/79599383] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/79599383] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.clickbank.net/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.advertising.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/7895639] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.go.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.apmebf.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.qksrv.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.apmebf.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.qksrv.net/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.realmedia.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.revenue.net/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.sexlist.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.xiti.com/] Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bfast.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan Pearson\Cookies\dan_pearson@atwola[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dan Pearson\Cookies\dan_pearson@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.atwola.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.2o7.net/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.atdmt.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.bfast.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.overture.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.go.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@247realmedia[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@apmebf[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@go[2].txt Adware:Adware/Mirar Not disinfected C:\QooBox\Quarantine\C\WINDOWS\876056.exe.vir Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32drei.exe Logfile of HijackThis v1.99.1 Scan saved at 4:30:19 PM, on 7/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe E:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe E:\PROGRA~1\Grisoft\AVG7\avgcc.exe E:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe E:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe