Peter66

Members
 View Profile  See their activity

  • Content Count

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by Peter66

  1. Yscbbmqx.dll[INACTIVE]

    in Malware Removal

    Posted

    Hi MoNsTeReNeRgY22 :)

    as instructed here is the ComboFix log

    one of the symptoms is a v. slow internet connection to popular sits like goggle .... it seems like the computer stops for 10-30s w/o loading the page or w/o me being able to stop loading or sometimes to control the window.

    I run the combofix and Malwarebytes few days ago and thought it all was fixed as the redirections have disappeared, but within 2 days the total system slow down started... I hope you can help. how are u going about and analyzing the logs, what are u looking for? ( if the subject is not too complex to discuss here)

    Thanks Again

    Peter

    ComboFix_log_03_14_08.txt

    hijackthis03_14_08_log.txt

  2. Yscbbmqx.dll[INACTIVE]

    in Malware Removal

    Posted

    my Hijack this gives me this line

    O4 - HKLM\..\Run: [bMab9a0b17] Rundll32.exe "C:\WINDOWS\system32\yscbbmqx.dll",s

    I came blank on web serch for

    yscbbmqx.dll

    I have been getting recurrent infection, I run Malwarebytes and seems to clear most rederection than it comes back up within few days

    can this be a virus and should i take it out?

    Thanks

    Peter <_<

  3. I Have Been Hijacked[RESOLVED]

    in Malware Removal

    Posted

    That's good. Run MBAM as I posted before, and let's see if it picks anything up.

    -Ryan

    Hi Ryan :)

    Sorry for the delay, I had a repeat of the previous issue, but after running the process again all seems to run fine

    Thank you Again for your help

    and thank you all the Techs for spending your time making our life easier :)

    Peter

    :thumbsup::D

  4. I Have Been Hijacked[RESOLVED]

    in Malware Removal

    Posted

    Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System.

    Download the file & save it as it's originally named, next to ComboFix.exe.

    Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    -Ryan

    Hi Ryan :)

    Thank you for help. here is the log

    ps After I run the COmbofix prog first time ( just b4 my first post) the re-directions/popups have virtualy disapeared... just thought that might be important bit of info for you

    anyway here is the log from a minute ago

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

  5. I Have Been Hijacked[RESOLVED]

    in Malware Removal

    Posted

    I get redirected to different websits also it stalls and turns off my explore.exe Process. I run multiple scan: AVG, NOrton online, Winferno Spyware Scan Powered by McAfee, AdWare SpyWare Removal.. non of those was able to find the coprate

    so plz help :):blush:

    I am running XP SP2

    origin of problem ???

    here are log files for hijack this and combofix

    ComboFix 08-02-20.2 - pet 2008-02-20 11:32:39.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1347 [GMT -8:00]

    Running from: D:\bit comet DL's\ComboFix.exe

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\system32\fccawuu.dll

    C:\WINDOWS\system32\vtsqp.dll

    C:\Program Files\Common Files\{38A93~1

    C:\Program Files\Common Files\{38A93~1\toolbardll.lzma

    C:\Program Files\Common Files\asks~1

    C:\Temp\isgTi19

    C:\WINDOWS\system32\fccawuu.dll

    C:\WINDOWS\system32\nGpxx01

    C:\WINDOWS\system32\pac.txt

    C:\WINDOWS\system32\pqstv.ini

    C:\WINDOWS\system32\pqstv.ini2

    C:\WINDOWS\system32\racle~1

    C:\WINDOWS\system32\racle~1\?racle\

    C:\WINDOWS\system32\uninstall.exe

    C:\WINDOWS\system32\unsvchosts.lzma

    C:\WINDOWS\system32\vtsqp.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\LEGACY_CLIENT_IP-IPX

    -------\Client IP-IPX

    ((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))

    .

    2008-02-19 21:24 . 2008-02-19 21:25 <DIR> d-------- C:\Program Files\AdWare SpyWare Removal

    2008-02-18 20:40 . 2008-02-18 20:40 <DIR> d-------- C:\WINDOWS\McAfee.com

    2008-02-18 20:38 . 2008-02-18 20:38 <DIR> d-------- C:\Program Files\Winferno

    2008-02-18 20:38 . 2008-02-18 20:38 <DIR> d-------- C:\Program Files\Common Files\Winferno

    2008-02-18 20:38 . 2006-10-09 13:28 835,584 --a------ C:\WINDOWS\system32\WINCTL4.OCX

    2008-02-18 20:38 . 2006-10-09 14:06 495,616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL

    2008-02-18 20:38 . 2006-05-17 09:40 393,216 --a------ C:\WINDOWS\system32\WINLCTL5.DLL

    2008-02-17 23:37 . 2008-02-17 23:37 <DIR> d-------- C:\Documents and Settings\pet\Application Data\MSN6

    2008-02-17 23:37 . 2008-02-17 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6

    2008-02-10 02:01 . 2008-02-14 22:25 <DIR> d-------- C:\Program Files\FLT

    2008-02-09 19:29 . 2008-02-09 19:29 <DIR> d-------- C:\Documents and Settings\pet\Application Data\Sibelius Software

    2008-02-09 19:28 . 2008-02-09 19:28 <DIR> d-------- C:\Program Files\Sibelius Software

    2008-02-04 13:16 . 2008-02-04 13:16 <DIR> d-------- C:\Program Files\RAR Password Cracker

    2008-01-29 08:30 . 2008-01-29 08:30 <DIR> d-------- C:\Program Files\Encore Software

    2008-01-20 17:54 . 2008-01-20 17:54 <DIR> d-------- C:\Program Files\Brighter Child

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-02-20 19:44 --------- d-----w C:\Documents and Settings\pet\Application Data\AVG7

    2008-02-20 17:41 --------- d-----w C:\Program Files\Trend Micro

    2008-02-10 17:03 --------- d-----w C:\Documents and Settings\pet\Application Data\dvdcss

    2008-02-10 09:54 --------- d-----w C:\Program Files\Microsoft ActiveSync

    2008-02-03 07:47 --------- d-----w C:\Program Files\Barbie

    2008-01-29 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2008-01-26 03:27 --------- d-----w C:\Program Files\Creative

    2008-01-21 00:43 --------- d-----w C:\Program Files\The Learning Company

    2008-01-17 07:17 --------- d-----w C:\Program Files\Common Files\LizardTech Shared

    2008-01-17 07:05 --------- d-----w C:\Program Files\Common Files\AVSMedia

    2008-01-17 07:03 --------- d-----w C:\Documents and Settings\pet\Application Data\AVSMedia

    2008-01-14 01:05 --------- d-----w C:\Program Files\Guitar Pro 5

    2008-01-13 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative

    2008-01-11 06:36 --------- d-----w C:\Documents and Settings\pet\Application Data\Creative

    2008-01-11 04:52 --------- d-----w C:\Program Files\Audible

    2008-01-11 04:50 --------- d--h--w C:\Program Files\Creative Installation Information

    2007-12-25 21:30 --------- d-----w C:\Program Files\BitComet

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]

    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 14:43 413775]

    "Exact Mouse"="C:\Program Files\Exact Mouse\ExactMouse.exe" [2004-02-01 22:05 402432]

    "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-04-18 12:27 1724416]

    "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2005 version 7\monitor.exe" [2005-06-04 21:02 1064448]

    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]

    "NWEReboot"="" []

    "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 23:26 406016]

    "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 15:56 33280 C:\WINDOWS\system32\rundll32.exe]

    "PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-22 19:09 40960]

    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-19 10:01 579072]

    "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 15:56 33280 C:\WINDOWS\system32\rundll32.exe]

    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-27 18:33 57344]

    "MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 03:45 53248]

    "SoundMan"="SOUNDMAN.EXE" [2003-02-09 23:59 47104 C:\WINDOWS\SOUNDMAN.EXE]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

    "WinfernoUpdate"="C:\Program Files\Common Files\Winferno\WSCUpdtr.exe" [2007-03-04 10:47 1482752]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 01:42 219136]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-03-07 23:13:28 25214]

    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 110592]

    Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-01 07:33:41 118784]

    Directrec Configuration Tool.lnk - C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe [2007-10-01 07:33:42 122880]

    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

    MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [2006-12-26 22:55:16 323584]

    S3 PDEXLOCK;PDEXLOCK;C:\WINDOWS\inf\pdexlock.inf [2007-06-24 10:45]

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-02-16 23:05:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    "2008-02-20 19:43:40 C:\WINDOWS\Tasks\SpyScan.job"

    - C:\Program Files\Winferno\SpywareScan\SpyScan.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-02-20 11:44:05

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2894]

    -> C:\Program Files\Atomic Alarm Clock\Clock.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

    C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Program Files\Voicent\Gateway\bin\vgate.exe

    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

    C:\Program Files\Voicent\Gateway\bin\spengine.exe

    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    .

    **************************************************************************

    .

    Completion time: 2008-02-20 11:46:59 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-02-20 19:46:56

    ********************************************************************************

    *********************************************************************************

    *********************************************************************************

    *********************************************************************************

    *

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:08:24 PM, on 2/20/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

    C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Voicent\Gateway\bin\vgate.exe

    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

    C:\Program Files\Voicent\Gateway\bin\spengine.exe

    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

    C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\WINDOWS\system32\taskmgr.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stockcharts.com/def/servlet/SC.scan

    R3 - URLSearchHook: (no name) - {A833239E-EB03-EEA7-5527-EA1BB20212B4} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\en-us\msntb.dll

    O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\en-us\msntb.dll

    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

    O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg

    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"

    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP

    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

    O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [WinfernoUpdate] "C:\Program Files\Common Files\Winferno\WSCUpdtr.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

    O4 - HKCU\..\Run: [Exact Mouse] C:\Program Files\Exact Mouse\ExactMouse.exe

    O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2005 version 7\monitor.exe"

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

    O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe

    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra button: (no name) - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe

    O9 - Extra 'Tools' menuitem: Spyware Scan - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe

    O9 - Extra button: Spyware Scan - {C7112EF1-D5B6-421D-8F58-8FA63AB144F8} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe

    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O15 - Trusted Zone: *.mcafee.com

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab

    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147154014343

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147153990812

    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab

    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/4.2.04.18/Control/IRCSharc.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...233/mcfscan.cab

    O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://G:\CDVIEWER\CdViewer.cab

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

    O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\System32\ofps.exe

    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: Voicent Gateway (VoicentGateway) - Voicent Communications, Inc - C:\Program Files\Voicent\Gateway\bin\vgate.exe

    --

    End of file - 13024 bytes