Tech Support Forum - View Single Post

mihan77 · 07-08-2007, 07:31 PM

Here are the logs requested:

Combofix:

"Michael" - 2007-07-08 6:51:39 - ComboFix 07-07-07.4 - Service Pack 2
Command switches used :: E:\Documents and Settings\Michael\Desktop\cfscript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

E:\Program Files\Enigma Software Group
E:\Program Files\Enigma Software Group\SpyHunter\def.dat
E:\Program Files\Enigma Software Group\SpyHunter\EnigmaUpdater.dll
E:\Program Files\Enigma Software Group\SpyHunter\esgi_md5h.dll
E:\Program Files\Enigma Software Group\SpyHunter\Esgiutl1.dll
E:\Program Files\Enigma Software Group\SpyHunter\exclusions.dat
E:\Program Files\Enigma Software Group\SpyHunter\ExtendedScript.dat
E:\Program Files\Enigma Software Group\SpyHunter\INSTALL.LOG
E:\Program Files\Enigma Software Group\SpyHunter\LSPFix.dll
E:\Program Files\Enigma Software Group\SpyHunter\purl.dat
E:\Program Files\Enigma Software Group\SpyHunter\settings.ini
E:\Program Files\Enigma Software Group\SpyHunter\SHSched.dll
E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.chm
E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
E:\Program Files\Enigma Software Group\SpyHunter\support.log
E:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe

((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))

2007-07-07 13:35 51,200 --a------ E:\WINDOWS\nircmd.exe
2007-07-06 20:37 <DIR> d-------- E:\Program Files\Lavasoft
2007-07-06 20:36 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-06 20:25 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard
2007-07-05 22:10 626,688 --a------ E:\WINDOWS\system32\msvcr80.dll
2007-07-05 22:02 <DIR> d-------- E:\WINDOWS\McAfee.com

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 11:54:24 -------- d-----w E:\Program Files\Weather Watcher
2007-07-07 01:27:47 -------- d-----w E:\DOCUME~1\Michael\APPLIC~1\Lavasoft
2007-06-10 19:11:47 -------- d-----w E:\Program Files\iTunes
2007-06-10 19:11:37 -------- d-----w E:\Program Files\iPod
2007-06-04 20:18:48 9,344 ----a-w E:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w E:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w E:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll
2007-05-12 00:40:51 -------- d-----w E:\Program Files\Design Science
2007-05-12 00:40:40 -------- d-----w E:\Program Files\MathType
2007-04-25 14:21:15 144,896 ----a-w E:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w E:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w E:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w E:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w E:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w E:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w E:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w E:\WINDOWS\system32\muweb.dll
2007-04-13 20:19:52 7,680 ----a-w E:\WINDOWS\system32\lsdelete.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69A87B7D-DE56-4136-9655-716BA50C19C7}]
2006-06-28 15:21 237568 --a------ E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-12-15 03:23 440056 --a------ E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ e:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-05 21:06 325048 --a------ E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="E:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-01-09 21:46]
"SynTPEnh"="E:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-01-09 21:45]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 E:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 21:00]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 15:21]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"CARPService"="carpserv.exe" [2003-01-27 18:22 E:\WINDOWS\system32\carpserv.exe]
"HP Component Manager"="E:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 15:25]
"DeviceDiscovery"="E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"ISUSPM Startup"="E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 05:03]
"ISUSScheduler"="E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03]
"HP Software Update"="E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QuickTime Task"="C:\program files\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-06 20:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" []
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"WeatherWatcher"="E:\Program Files\Weather Watcher\ww.exe" [2007-03-12 19:32]
"updateMgr"="E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 21:06]
"RssReader"="C:\Program Files\RssReader\RssReader.exe" []
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{8FA550F4-888F-457F-B5B4-3805D0605737}"="E:\WINDOWS\msole.dll" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

Contents of the 'Scheduled Tasks' folder
2007-06-24 18:14:02 E:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 06:55:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-08 6:56:25
E:\ComboFix-quarantined-files.txt ... 2007-07-08 06:56
E:\ComboFix2.txt ... 2007-07-07 13:42

--- E O F ---

Kapersky scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 08, 2007 8:23:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 9/07/2007
Kaspersky Anti-Virus database records: 359775
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 74555
Number of viruses found: 5
Number of infected objects: 26
Number of suspicious objects: 0
Duration of the scan process: 02:07:59

Infected Object Name / Virus Name / Last Action
C:\hpcmerr.log Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP477\change.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Temp\~DFB73F.tmp Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
E:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Michael\My Documents\my music\iTunes\iTunes Library.itl Object is locked skipped
E:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\EnigmaUpdater.dll.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\Esgiutl1.dll.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\esgi_md5h.dll.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\SHSched.dll.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\QooBox\Quarantine\E\WINDOWS\ddesupport.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
E:\QooBox\Quarantine\E\WINDOWS\msdde.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
E:\QooBox\Quarantine\E\WINDOWS\msole.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
E:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144013.exe/stream/data0003 Infected: Trojan-Downloader.Win32.Agent.bjc skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144013.exe/stream Infected: Trojan-Downloader.Win32.Agent.bjc skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144013.exe NSIS: infected - 2 skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe WiseSFX: infected - 3 skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe WiseSFX Dropper: infected - 3 skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144018.exe Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP471\A0144095.exe Object is locked skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP472\A0144217.OCX Infected: Trojan.Win32.Agent.ahq skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP472\A0144268.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP472\A0144269.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP472\A0144270.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144374.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144375.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144376.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144379.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144380.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP477\change.log Object is locked skipped
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
E:\WINDOWS\Sti_Trace.log Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\default.LOG Object is locked skipped
E:\WINDOWS\system32\config\Internet.evt Object is locked skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\software.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\system.LOG Object is locked skipped
E:\WINDOWS\system32\h323log.txt Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
E:\WINDOWS\wiadebug.log Object is locked skipped
E:\WINDOWS\wiaservc.log Object is locked skipped
E:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP477\change.log Object is locked skipped
H:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP477\change.log Object is locked skipped

Scan process completed.

and Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 8:25:55 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
E:\WINDOWS\system32\carpserv.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Weather Watcher\ww.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
E:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
E:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
E:\Program Files\iTunes\iTunes.exe
E:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {9566395f-43d2-4c64-b525-b501ffa276e2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherWatcher] E:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [updateMgr] "E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = E:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125857738735
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138310783832
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sd...ie06041001.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...68/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msole - {8FA550F4-888F-457F-B5B4-3805D0605737} - E:\WINDOWS\msole.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

07-08-2007, 07:31 PM	#11 (permalink)
mihan77 Registered User Join Date: Jul 2007 Posts: 6 OS: Win XP Professional	Done as requested Here are the logs requested: Combofix: "Michael" - 2007-07-08 6:51:39 - ComboFix 07-07-07.4 - Service Pack 2 Command switches used :: E:\Documents and Settings\Michael\Desktop\cfscript.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) E:\Program Files\Enigma Software Group E:\Program Files\Enigma Software Group\SpyHunter\def.dat E:\Program Files\Enigma Software Group\SpyHunter\EnigmaUpdater.dll E:\Program Files\Enigma Software Group\SpyHunter\esgi_md5h.dll E:\Program Files\Enigma Software Group\SpyHunter\Esgiutl1.dll E:\Program Files\Enigma Software Group\SpyHunter\exclusions.dat E:\Program Files\Enigma Software Group\SpyHunter\ExtendedScript.dat E:\Program Files\Enigma Software Group\SpyHunter\INSTALL.LOG E:\Program Files\Enigma Software Group\SpyHunter\LSPFix.dll E:\Program Files\Enigma Software Group\SpyHunter\purl.dat E:\Program Files\Enigma Software Group\SpyHunter\settings.ini E:\Program Files\Enigma Software Group\SpyHunter\SHSched.dll E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.chm E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe E:\Program Files\Enigma Software Group\SpyHunter\support.log E:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 ))))))))))))))))))))))))))))))) 2007-07-07 13:35 51,200 --a------ E:\WINDOWS\nircmd.exe 2007-07-06 20:37 <DIR> d-------- E:\Program Files\Lavasoft 2007-07-06 20:36 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-06 20:25 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard 2007-07-05 22:10 626,688 --a------ E:\WINDOWS\system32\msvcr80.dll 2007-07-05 22:02 <DIR> d-------- E:\WINDOWS\McAfee.com (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-08 11:54:24 -------- d-----w E:\Program Files\Weather Watcher 2007-07-07 01:27:47 -------- d-----w E:\DOCUME~1\Michael\APPLIC~1\Lavasoft 2007-06-10 19:11:47 -------- d-----w E:\Program Files\iTunes 2007-06-10 19:11:37 -------- d-----w E:\Program Files\iPod 2007-06-04 20:18:48 9,344 ----a-w E:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 20:17:02 8,320 ----a-w E:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 20:14:56 6,272 ----a-w E:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-16 15:12:02 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll 2007-05-12 00:40:51 -------- d-----w E:\Program Files\Design Science 2007-05-12 00:40:40 -------- d-----w E:\Program Files\MathType 2007-04-25 14:21:15 144,896 ----a-w E:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w E:\WINDOWS\system32\msi.dll 2007-04-17 03:47:36 33,624 ----a-w E:\WINDOWS\system32\wups.dll 2007-04-17 03:45:54 1,710,936 ----a-w E:\WINDOWS\system32\wuaueng.dll 2007-04-17 03:45:48 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll 2007-04-17 03:45:42 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll 2007-04-17 03:45:36 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll 2007-04-17 03:45:28 92,504 ----a-w E:\WINDOWS\system32\cdm.dll 2007-04-17 03:45:20 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe 2007-04-17 03:45:20 43,352 ----a-w E:\WINDOWS\system32\wups2.dll 2007-04-17 03:44:20 271,224 ----a-w E:\WINDOWS\system32\mucltui.dll 2007-04-17 03:44:18 208,248 ----a-w E:\WINDOWS\system32\muweb.dll 2007-04-13 20:19:52 7,680 ----a-w E:\WINDOWS\system32\lsdelete.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69A87B7D-DE56-4136-9655-716BA50C19C7}] 2006-06-28 15:21 237568 --a------ E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-12-15 03:23 440056 --a------ E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-01-20 00:55 2403392 -ra------ e:\program files\google\googletoolbar3.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] 2007-06-05 21:06 325048 --a------ E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="E:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-01-09 21:46] "SynTPEnh"="E:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-01-09 21:45] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 E:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 21:00] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23] "GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 15:21] "Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46] "CARPService"="carpserv.exe" [2003-01-27 18:22 E:\WINDOWS\system32\carpserv.exe] "HP Component Manager"="E:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 15:25] "DeviceDiscovery"="E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37] "ISUSPM Startup"="E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 05:03] "ISUSScheduler"="E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03] "HP Software Update"="E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "QuickTime Task"="C:\program files\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-06 20:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW4"="E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [] "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] "WeatherWatcher"="E:\Program Files\Weather Watcher\ww.exe" [2007-03-12 19:32] "updateMgr"="E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 21:06] "RssReader"="C:\Program Files\RssReader\RssReader.exe" [] "WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{8FA550F4-888F-457F-B5B4-3805D0605737}"="E:\WINDOWS\msole.dll" [] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] Contents of the 'Scheduled Tasks' folder 2007-06-24 18:14:02 E:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************ catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-08 06:55:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-07-08 6:56:25 E:\ComboFix-quarantined-files.txt ... 2007-07-08 06:56 E:\ComboFix2.txt ... 2007-07-07 13:42 --- E O F --- Kapersky scan: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, July 08, 2007 8:23:04 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 9/07/2007 Kaspersky Anti-Virus database records: 359775 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 74555 Number of viruses found: 5 Number of infected objects: 26 Number of suspicious objects: 0 Duration of the scan process: 02:07:59 Infected Object Name / Virus Name / Last Action C:\hpcmerr.log Object is locked skipped C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP477\change.log Object is locked skipped E:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped E:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped E:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped E:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped E:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Temp\~DFB73F.tmp Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped E:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped E:\Documents and Settings\Michael\My Documents\my music\iTunes\iTunes Library.itl Object is locked skipped E:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped E:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\EnigmaUpdater.dll.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\Esgiutl1.dll.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\esgi_md5h.dll.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\SHSched.dll.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\QooBox\Quarantine\E\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe.vir Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\QooBox\Quarantine\E\WINDOWS\ddesupport.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bn skipped E:\QooBox\Quarantine\E\WINDOWS\msdde.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bn skipped E:\QooBox\Quarantine\E\WINDOWS\msole.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bn skipped E:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144013.exe/stream/data0003 Infected: Trojan-Downloader.Win32.Agent.bjc skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144013.exe/stream Infected: Trojan-Downloader.Win32.Agent.bjc skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144013.exe NSIS: infected - 2 skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Softomate.j skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe WiseSFX: infected - 3 skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144015.exe WiseSFX Dropper: infected - 3 skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP469\A0144018.exe Infected: not-a-virus:AdWare.Win32.Agent.bn skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP471\A0144095.exe Object is locked skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP472\A0144217.OCX Infected: Trojan.Win32.Agent.ahq skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP472\A0144268.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP472\A0144269.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP472\A0144270.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144374.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144375.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144376.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144379.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP473\A0144380.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped E:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP477\change.log Object is locked skipped E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped E:\WINDOWS\SchedLgU.Txt Object is locked skipped E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped E:\WINDOWS\Sti_Trace.log Object is locked skipped E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped E:\WINDOWS\system32\config\default Object is locked skipped E:\WINDOWS\system32\config\default.LOG Object is locked skipped E:\WINDOWS\system32\config\Internet.evt Object is locked skipped E:\WINDOWS\system32\config\SAM Object is locked skipped E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped E:\WINDOWS\system32\config\SECURITY Object is locked skipped E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped E:\WINDOWS\system32\config\software Object is locked skipped E:\WINDOWS\system32\config\software.LOG Object is locked skipped E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped E:\WINDOWS\system32\config\system Object is locked skipped E:\WINDOWS\system32\config\system.LOG Object is locked skipped E:\WINDOWS\system32\h323log.txt Object is locked skipped E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped E:\WINDOWS\wiadebug.log Object is locked skipped E:\WINDOWS\wiaservc.log Object is locked skipped E:\WINDOWS\WindowsUpdate.log Object is locked skipped G:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP477\change.log Object is locked skipped H:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped H:\System Volume Information\_restore{C2146161-6534-4B49-9143-447F7749B850}\RP477\change.log Object is locked skipped Scan process completed. and Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 8:25:55 PM, on 7/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Synaptics\SynTP\SynTPLpr.exe E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe E:\WINDOWS\system32\carpserv.exe E:\Program Files\HP\hpcoretech\hpcmpmgr.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe E:\Program Files\iTunes\iTunesHelper.exe E:\PROGRA~1\Grisoft\AVG7\avgcc.exe E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Weather Watcher\ww.exe E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe E:\Program Files\NETGEAR\WG511v2\wlancfg5.exe C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe E:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE E:\Program Files\iPod\bin\iPodService.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Google\Web Accelerator\googlewebaccclient.exe E:\Program Files\iTunes\iTunes.exe E:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: (no name) - {9566395f-43d2-4c64-b525-b501ffa276e2} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SynTPLpr] E:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] E:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [DW4] "E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WeatherWatcher] E:\Program Files\Weather Watcher\ww.exe O4 - HKCU\..\Run: [updateMgr] "E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ? O4 - Global Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE O4 - Global Startup: Run Google Web Accelerator.lnk = E:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125857738735 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138310783832 O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sd...ie06041001.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...68/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: msole - {8FA550F4-888F-457F-B5B4-3805D0605737} - E:\WINDOWS\msole.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe