Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Infested [RESOLVED]


  • This topic is locked This topic is locked

#1
polling

polling

    Member

  • Member
  • PipPipPip
  • 303 posts
I googled an error i got when i tried to open up Spybot


The error i got was "Unable to execute file CreateProcess failed code 193 %1 is not a valid Win32 application

I got this error message when i attempted to open up Spybot, SpywareBlaster, AVG and AFT Cleaner

I also was not able to do a PandaScan I kept getting an error at the bottom of the page


I also got the same message when i originally attempted to open HijackThis


I ended up going to Safe Mode and downloading Hijack from trend


So heres my log Thanks in advance




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:41 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://remote.dteen...n0Mq32,CT=java
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://utilitypeerpa...vey/fpspr60.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://remote.dteen...=java dwa7W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello polling

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Main Txt

Deckard's System Scanner v20071014.68
Run by frank on 2008-03-14 15:07:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
108: 2008-03-14 19:07:40 UTC - RP967 - Deckard's System Scanner Restore Point
107: 2008-03-14 08:06:56 UTC - RP966 - System Checkpoint
106: 2008-03-13 07:12:59 UTC - RP965 - System Checkpoint
105: 2008-03-12 07:00:34 UTC - RP964 - Software Distribution Service 3.0
104: 2008-03-11 22:33:56 UTC - RP963 - System Checkpoint


-- First Restore Point --
1: 2007-12-17 08:56:01 UTC - RP860 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-14 15:09:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\frank\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe -logon
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} () - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://remote.dteen...n0Mq32,CT=java
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} () - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://utilitypeerpa...vey/fpspr60.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} () - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} () - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} () - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://download.game...aploader_v6.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://remote.dteen...=java dwa7W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\AVGUPSVC.EXE
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\EWIDOCTRL.EXE
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe


--
End of file - 12518 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>

S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S4 ewido security suite driver - c:\program files\ewido\security suite\guard.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe

S4 ewido security suite guard - c:\program files\ewido\security suite\ewidoguard.exe <Not Verified; ewido networks; guard>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-02-14 and 2008-03-14 -----------------------------

2008-03-12 18:02:55 0 dr-h----- C:\Documents and Settings\frank\Recent
2008-03-12 11:48:43 0 d-------- C:\Program Files\MP3 WAV Converter
2008-03-10 18:20:35 0 d-------- C:\Program Files\SpywareBlaster
2008-03-10 17:30:17 0 d-------- C:\Program Files\SpywareBlaster(2)
2008-03-10 16:56:11 319488 --a------ C:\WINDOWS\esellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-03-10 00:22:04 0 d-------- C:\Program Files\YASAMP4Converter
2008-03-09 07:02:41 0 d-------- C:\Program Files\Common Files\Elecard
2008-03-09 07:02:40 0 d-------- C:\Program Files\Elecard MPEG2 Decoder Package 2.0
2008-03-09 06:57:40 130048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-09 06:40:35 0 d-------- C:\Program Files\Orban
2008-03-09 06:23:48 71684 --a------ C:\WINDOWS\system32\mdelk.exe
2008-03-08 18:57:29 0 d-------- C:\Program Files\Chapura
2008-03-08 17:31:43 0 d-------- C:\Program Files\Desktop
2008-03-08 13:46:51 0 d-------- C:\Documents and Settings\danyelle willis\Application Data\HotSync
2008-03-03 21:56:45 0 d-------- C:\Documents and Settings\danyelle willis\Application Data\Orbit
2008-03-03 15:54:56 0 d-------- C:\Documents and Settings\frank\Application Data\Orbit
2008-03-03 15:54:52 0 d-------- C:\Program Files\Orbitdownloader
2008-02-22 19:59:38 0 d-------- C:\WINDOWS\ASTULogTemp
2008-02-22 19:11:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-14 00:41:25 0 d-------- C:\Program Files\Common Files\DataViz
2008-02-14 00:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2008-02-14 00:40:49 0 d-------- C:\Program Files\Documents To Go


-- Find3M Report ---------------------------------------------------------------

2008-03-14 11:10:41 0 d-------- C:\Program Files\eMule
2008-03-10 23:17:29 0 d-------- C:\Program Files\Trend Micro
2008-03-10 23:10:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 17:37:56 0 d-------- C:\Documents and Settings\frank\Application Data\Vso
2008-03-10 17:37:56 34 --a------ C:\Documents and Settings\frank\Application Data\pcouffin.log
2008-03-09 07:02:41 0 d-------- C:\Program Files\Common Files
2008-03-09 06:36:56 0 d-------- C:\Program Files\ffdshow
2008-03-08 19:03:19 0 d-------- C:\Program Files\Palm
2008-03-08 17:31:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 00:14:53 0 d-------- C:\Documents and Settings\frank\Application Data\AVG7
2008-02-22 19:15:01 2528 --a------ C:\Documents and Settings\frank\Application Data\$_hpcst$.hpc
2008-02-13 23:46:38 0 d-------- C:\Program Files\Sprint music manager
2008-02-10 23:43:20 0 d-------- C:\Documents and Settings\frank\Application Data\Arcsoft
2008-02-10 17:40:46 0 d-------- C:\Documents and Settings\frank\Application Data\HotSync
2008-02-10 13:24:58 0 d-------- C:\Program Files\Google
2008-01-29 10:26:19 0 d-------- C:\Program Files\Snapshot Viewer
2008-01-29 10:25:46 0 d-------- C:\Program Files\microsoft frontpage
2008-01-20 09:55:27 0 d-------- C:\Documents and Settings\frank\Application Data\AdobeUM
2008-01-16 07:25:04 19022 --a------ C:\WINDOWS\mozver.dat
2007-12-19 01:59:03 47360 --a------ C:\Documents and Settings\frank\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-19 01:59:03 1144 --a------ C:\Documents and Settings\frank\Application Data\pcouffin.inf
2007-12-19 01:59:03 7887 --a------ C:\Documents and Settings\frank\Application Data\pcouffin.cat
2007-12-18 20:28:50 83 ---hs---- C:\Documents and Settings\frank\Application Data\.zreglib


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe" [06/04/2003 11:01 AM C:\WINDOWS\zHotkey.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [03/04/2004 10:29 AM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [03/14/2008 03:09 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/13/2008 02:10 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [11/20/2007 05:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [09/17/2005 05:08 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/25/2007 02:40 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [03/10/2008 05:13 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\frank\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [2/13/2008 11:46:23 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/1/2004 2:09:15 PM]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2/14/2008 12:41:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/01/2007 04:36 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\system3

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
sstray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\eMachines Bay Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\support.com\bin\tgcmd.exe" /server

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2008-03-14 15:10:37 ------------

















Extra Txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 447.48 MiB / 101.18 MiB
Pagefile Memory (total/avail): 1057.25 MiB / 687.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.82 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 27.75 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-00FTA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE1 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE2 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE3 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE4 - eM Bay Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\frank\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWNER-84J1T8A8N
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\frank
LOGONSERVER=\\OWNER-84J1T8A8N
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\frank\LOCALS~1\Temp
TMP=C:\DOCUME~1\frank\LOCALS~1\Temp
USERDOMAIN=OWNER-84J1T8A8N
USERNAME=frank
USERPROFILE=C:\Documents and Settings\frank
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

danyelle willis (admin)
frank (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
1Click DVD Copy 5.0.2.6 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
1Click DVD Copy Pro 2.4.1.6 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
burnatonce --> "C:\Program Files\burnatonce\unins000.exe"
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
CompuServe --> C:\Program Files\Common Files\csshare\csunins_us.exe
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go --> MsiExec.exe /X{0DC00F90-E7E7-4B19-959A-0A53032DA52C}
DVD43 v4.0.0 --> "C:\Program Files\dvd43\unins000.exe"
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
eMule --> "C:\Program Files\eMule\Uninstall.exe"
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
ewido security suite --> C:\Program Files\ewido\security suite\Uninstall.exe
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest --> "C:\Program Files\Jewel Quest\unins000.exe"
Juniper Networks Secure Application Manager --> C:\Program Files\Juniper Networks\Secure Application Manager\UninstallSAM.exe
Kodak EasyShare printer dock --> MsiExec.exe /I{ECD092C2-9B78-40E8-90BC-922A16E1101B}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_10009_27b344\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Photo Premium 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 WAV Converter 3.30 --> C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape 6 (6.2.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.2.1 (en)"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Ethernet Driver --> C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA nForce Drivers --> C:\WINDOWS\System32\NVUninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Orbit Downloader --> "C:\Program Files\Orbitdownloader\unins000.exe"
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Palm --> MsiExec.exe /X{32EF6F81-583E-4127-918D-D3768A8957C4}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCHealth --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SA23xx Device Manager --> C:\Program Files\InstallShield Installation Information\{144B4BF4-16CA-4FD3-A547-8A8107EF40D7}\DM_Setup.exe -runfromtemp -l0x0009 -removeonly
Sansa Updater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe" -l0x9 -removeonly
SCRABBLE --> C:\PROGRA~1\YAHOO!~1\Scrabble\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\Scrabble\INSTALL.LOG
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Sprint music manager --> C:\PROGRA~1\SPRINT~1\Setup.exe /remove /q0
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
TweakNow RegCleaner --> "C:\Program Files\TweakNow RegCleaner\unins000.exe"
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"
WinRAR archiver --> C:\Documents and Settings\frank\Desktop\uninstall.exe
Word Slinger --> C:\PROGRA~1\YAHOO!~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\WORDSL~1\INSTALL.LOG
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type9301 / Error
Event Submitted/Written: 03/13/2008 08:27:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.20121, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type9300 / Error
Event Submitted/Written: 03/13/2008 01:16:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module xpcom_core.dll, version 1.8.20080.20121, fault address 0x000017dd.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type9299 / Error
Event Submitted/Written: 03/13/2008 01:29:21 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module xpcom_core.dll, version 1.8.20080.20121, fault address 0x000017dd.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type9296 / Error
Event Submitted/Written: 03/11/2008 03:43:10 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module xpcom_core.dll, version 1.8.20080.20121, fault address 0x000017dd.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type9292 / Error
Event Submitted/Written: 03/10/2008 06:27:37 PM
Event ID/Source: 3001 / LoadPerf
Event Description:
The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 4570, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type121718 / Warning
Event Submitted/Written: 03/14/2008 07:01:01 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type121717 / Warning
Event Submitted/Written: 03/13/2008 03:16:56 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type121716 / Warning
Event Submitted/Written: 03/13/2008 07:51:52 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type121715 / Warning
Event Submitted/Written: 03/13/2008 05:09:26 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type121714 / Warning
Event Submitted/Written: 03/13/2008 00:22:46 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-03-14 15:10:37 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#5
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Combo Fix :


ComboFix 08-03-14.4 - frank 2008-03-14 21:28:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.176 [GMT -4:00]
Running from: C:\Documents and Settings\frank\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\frank\Application Data\inst.exe
C:\Documents and Settings\frank\Application Data\ultra
C:\Documents and Settings\frank\Application Data\ultra\uninstall.bat
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\102383375.exe
C:\WINDOWS\system32\drivers\down\102384234.exe
C:\WINDOWS\system32\drivers\down\102389656.exe
C:\WINDOWS\system32\drivers\down\102390546.exe
C:\WINDOWS\system32\drivers\down\102394796.exe
C:\WINDOWS\system32\drivers\down\102430578.exe
C:\WINDOWS\system32\drivers\down\102440625.exe
C:\WINDOWS\system32\drivers\down\102443718.exe
C:\WINDOWS\system32\drivers\down\102447421.exe
C:\WINDOWS\system32\drivers\down\102449734.exe
C:\WINDOWS\system32\drivers\down\102466062.exe
C:\WINDOWS\system32\drivers\down\102467937.exe
C:\WINDOWS\system32\drivers\down\102468593.exe
C:\WINDOWS\system32\drivers\down\102471578.exe
C:\WINDOWS\system32\drivers\down\102519078.exe
C:\WINDOWS\system32\drivers\down\102529515.exe
C:\WINDOWS\system32\drivers\down\103199015.exe
C:\WINDOWS\system32\drivers\down\103200546.exe
C:\WINDOWS\system32\drivers\down\103209781.exe
C:\WINDOWS\system32\drivers\down\103210750.exe
C:\WINDOWS\system32\drivers\down\103213140.exe
C:\WINDOWS\system32\drivers\down\103235796.exe
C:\WINDOWS\system32\drivers\down\103242671.exe
C:\WINDOWS\system32\drivers\down\103245078.exe
C:\WINDOWS\system32\drivers\down\103248078.exe
C:\WINDOWS\system32\drivers\down\103382468.exe
C:\WINDOWS\system32\drivers\down\103389656.exe
C:\WINDOWS\system32\drivers\down\103401000.exe
C:\WINDOWS\system32\drivers\down\103403593.exe
C:\WINDOWS\system32\drivers\down\103445562.exe
C:\WINDOWS\system32\drivers\down\103454390.exe
C:\WINDOWS\system32\drivers\down\105421.exe
C:\WINDOWS\system32\drivers\down\106406.exe
C:\WINDOWS\system32\drivers\down\111500.exe
C:\WINDOWS\system32\drivers\down\111937.exe
C:\WINDOWS\system32\drivers\down\114328.exe
C:\WINDOWS\system32\drivers\down\116944125.exe
C:\WINDOWS\system32\drivers\down\116946281.exe
C:\WINDOWS\system32\drivers\down\116960687.exe
C:\WINDOWS\system32\drivers\down\116962968.exe
C:\WINDOWS\system32\drivers\down\116965609.exe
C:\WINDOWS\system32\drivers\down\116997046.exe
C:\WINDOWS\system32\drivers\down\117002796.exe
C:\WINDOWS\system32\drivers\down\117005656.exe
C:\WINDOWS\system32\drivers\down\117008906.exe
C:\WINDOWS\system32\drivers\down\117011546.exe
C:\WINDOWS\system32\drivers\down\117029546.exe
C:\WINDOWS\system32\drivers\down\117031812.exe
C:\WINDOWS\system32\drivers\down\117034125.exe
C:\WINDOWS\system32\drivers\down\117037531.exe
C:\WINDOWS\system32\drivers\down\117077953.exe
C:\WINDOWS\system32\drivers\down\117084234.exe
C:\WINDOWS\system32\drivers\down\117876343.exe
C:\WINDOWS\system32\drivers\down\117877765.exe
C:\WINDOWS\system32\drivers\down\117880546.exe
C:\WINDOWS\system32\drivers\down\117881125.exe
C:\WINDOWS\system32\drivers\down\117884312.exe
C:\WINDOWS\system32\drivers\down\117919250.exe
C:\WINDOWS\system32\drivers\down\117930171.exe
C:\WINDOWS\system32\drivers\down\117932500.exe
C:\WINDOWS\system32\drivers\down\117956125.exe
C:\WINDOWS\system32\drivers\down\117972718.exe
C:\WINDOWS\system32\drivers\down\117974859.exe
C:\WINDOWS\system32\drivers\down\117976781.exe
C:\WINDOWS\system32\drivers\down\117980812.exe
C:\WINDOWS\system32\drivers\down\118014953.exe
C:\WINDOWS\system32\drivers\down\118019234.exe
C:\WINDOWS\system32\drivers\down\123843.exe
C:\WINDOWS\system32\drivers\down\128375.exe
C:\WINDOWS\system32\drivers\down\131505125.exe
C:\WINDOWS\system32\drivers\down\131507625.exe
C:\WINDOWS\system32\drivers\down\131518375.exe
C:\WINDOWS\system32\drivers\down\131518906.exe
C:\WINDOWS\system32\drivers\down\131520906.exe
C:\WINDOWS\system32\drivers\down\131531.exe
C:\WINDOWS\system32\drivers\down\131568734.exe
C:\WINDOWS\system32\drivers\down\131581750.exe
C:\WINDOWS\system32\drivers\down\131584343.exe
C:\WINDOWS\system32\drivers\down\131595687.exe
C:\WINDOWS\system32\drivers\down\131598156.exe
C:\WINDOWS\system32\drivers\down\131633359.exe
C:\WINDOWS\system32\drivers\down\131638703.exe
C:\WINDOWS\system32\drivers\down\131639328.exe
C:\WINDOWS\system32\drivers\down\131644296.exe
C:\WINDOWS\system32\drivers\down\131694796.exe
C:\WINDOWS\system32\drivers\down\131700312.exe
C:\WINDOWS\system32\drivers\down\132438687.exe
C:\WINDOWS\system32\drivers\down\132439750.exe
C:\WINDOWS\system32\drivers\down\132451609.exe
C:\WINDOWS\system32\drivers\down\132453703.exe
C:\WINDOWS\system32\drivers\down\132459625.exe
C:\WINDOWS\system32\drivers\down\132484843.exe
C:\WINDOWS\system32\drivers\down\132497562.exe
C:\WINDOWS\system32\drivers\down\132505031.exe
C:\WINDOWS\system32\drivers\down\132531890.exe
C:\WINDOWS\system32\drivers\down\132550125.exe
C:\WINDOWS\system32\drivers\down\132554109.exe
C:\WINDOWS\system32\drivers\down\132561859.exe
C:\WINDOWS\system32\drivers\down\132576546.exe
C:\WINDOWS\system32\drivers\down\132628140.exe
C:\WINDOWS\system32\drivers\down\132637046.exe
C:\WINDOWS\system32\drivers\down\146117484.exe
C:\WINDOWS\system32\drivers\down\146119296.exe
C:\WINDOWS\system32\drivers\down\146130671.exe
C:\WINDOWS\system32\drivers\down\146131890.exe
C:\WINDOWS\system32\drivers\down\146144890.exe
C:\WINDOWS\system32\drivers\down\146149406.exe
C:\WINDOWS\system32\drivers\down\146180109.exe
C:\WINDOWS\system32\drivers\down\146196718.exe
C:\WINDOWS\system32\drivers\down\146200500.exe
C:\WINDOWS\system32\drivers\down\146206406.exe
C:\WINDOWS\system32\drivers\down\146210312.exe
C:\WINDOWS\system32\drivers\down\146225125.exe
C:\WINDOWS\system32\drivers\down\146227000.exe
C:\WINDOWS\system32\drivers\down\146228906.exe
C:\WINDOWS\system32\drivers\down\146235531.exe
C:\WINDOWS\system32\drivers\down\146275890.exe
C:\WINDOWS\system32\drivers\down\146282312.exe
C:\WINDOWS\system32\drivers\down\14657312.exe
C:\WINDOWS\system32\drivers\down\14658765.exe
C:\WINDOWS\system32\drivers\down\14662062.exe
C:\WINDOWS\system32\drivers\down\14663781.exe
C:\WINDOWS\system32\drivers\down\14693046.exe
C:\WINDOWS\system32\drivers\down\14698265.exe
C:\WINDOWS\system32\drivers\down\14702375.exe
C:\WINDOWS\system32\drivers\down\14705375.exe
C:\WINDOWS\system32\drivers\down\147057406.exe
C:\WINDOWS\system32\drivers\down\147064312.exe
C:\WINDOWS\system32\drivers\down\14707875.exe
C:\WINDOWS\system32\drivers\down\147087218.exe
C:\WINDOWS\system32\drivers\down\147088984.exe
C:\WINDOWS\system32\drivers\down\147094875.exe
C:\WINDOWS\system32\drivers\down\147187718.exe
C:\WINDOWS\system32\drivers\down\147190921.exe
C:\WINDOWS\system32\drivers\down\147214921.exe
C:\WINDOWS\system32\drivers\down\147224687.exe
C:\WINDOWS\system32\drivers\down\147225578.exe
C:\WINDOWS\system32\drivers\down\147229171.exe
C:\WINDOWS\system32\drivers\down\147231703.exe
C:\WINDOWS\system32\drivers\down\147270453.exe
C:\WINDOWS\system32\drivers\down\147274625.exe
C:\WINDOWS\system32\drivers\down\14737484.exe
C:\WINDOWS\system32\drivers\down\14739062.exe
C:\WINDOWS\system32\drivers\down\14739687.exe
C:\WINDOWS\system32\drivers\down\14757625.exe
C:\WINDOWS\system32\drivers\down\14792421.exe
C:\WINDOWS\system32\drivers\down\14796656.exe
C:\WINDOWS\system32\drivers\down\14855843.exe
C:\WINDOWS\system32\drivers\down\14858796.exe
C:\WINDOWS\system32\drivers\down\14860765.exe
C:\WINDOWS\system32\drivers\down\15013484.exe
C:\WINDOWS\system32\drivers\down\15022296.exe
C:\WINDOWS\system32\drivers\down\15025218.exe
C:\WINDOWS\system32\drivers\down\15028531.exe
C:\WINDOWS\system32\drivers\down\15033109.exe
C:\WINDOWS\system32\drivers\down\15048687.exe
C:\WINDOWS\system32\drivers\down\15051750.exe
C:\WINDOWS\system32\drivers\down\15059328.exe
C:\WINDOWS\system32\drivers\down\15063062.exe
C:\WINDOWS\system32\drivers\down\15112531.exe
C:\WINDOWS\system32\drivers\down\15117390.exe
C:\WINDOWS\system32\drivers\down\153602250.exe
C:\WINDOWS\system32\drivers\down\153606453.exe
C:\WINDOWS\system32\drivers\down\153626375.exe
C:\WINDOWS\system32\drivers\down\153628296.exe
C:\WINDOWS\system32\drivers\down\153632828.exe
C:\WINDOWS\system32\drivers\down\153635375.exe
C:\WINDOWS\system32\drivers\down\153665343.exe
C:\WINDOWS\system32\drivers\down\153675093.exe
C:\WINDOWS\system32\drivers\down\153679703.exe
C:\WINDOWS\system32\drivers\down\153682796.exe
C:\WINDOWS\system32\drivers\down\153685578.exe
C:\WINDOWS\system32\drivers\down\153698765.exe
C:\WINDOWS\system32\drivers\down\157031.exe
C:\WINDOWS\system32\drivers\down\158343.exe
C:\WINDOWS\system32\drivers\down\160704609.exe
C:\WINDOWS\system32\drivers\down\160706718.exe
C:\WINDOWS\system32\drivers\down\160707156.exe
C:\WINDOWS\system32\drivers\down\160709421.exe
C:\WINDOWS\system32\drivers\down\160767953.exe
C:\WINDOWS\system32\drivers\down\160782656.exe
C:\WINDOWS\system32\drivers\down\160784375.exe
C:\WINDOWS\system32\drivers\down\160801156.exe
C:\WINDOWS\system32\drivers\down\160807203.exe
C:\WINDOWS\system32\drivers\down\160824031.exe
C:\WINDOWS\system32\drivers\down\160826484.exe
C:\WINDOWS\system32\drivers\down\160829312.exe
C:\WINDOWS\system32\drivers\down\160836078.exe
C:\WINDOWS\system32\drivers\down\160873109.exe
C:\WINDOWS\system32\drivers\down\160877265.exe
C:\WINDOWS\system32\drivers\down\161078.exe
C:\WINDOWS\system32\drivers\down\161682703.exe
C:\WINDOWS\system32\drivers\down\161683843.exe
C:\WINDOWS\system32\drivers\down\161685765.exe
C:\WINDOWS\system32\drivers\down\161686375.exe
C:\WINDOWS\system32\drivers\down\161688515.exe
C:\WINDOWS\system32\drivers\down\161718718.exe
C:\WINDOWS\system32\drivers\down\161723921.exe
C:\WINDOWS\system32\drivers\down\161726031.exe
C:\WINDOWS\system32\drivers\down\161731453.exe
C:\WINDOWS\system32\drivers\down\161745328.exe
C:\WINDOWS\system32\drivers\down\161747625.exe
C:\WINDOWS\system32\drivers\down\161748265.exe
C:\WINDOWS\system32\drivers\down\161750812.exe
C:\WINDOWS\system32\drivers\down\161783453.exe
C:\WINDOWS\system32\drivers\down\161787593.exe
C:\WINDOWS\system32\drivers\down\163640.exe
C:\WINDOWS\system32\drivers\down\164625.exe
C:\WINDOWS\system32\drivers\down\166406.exe
C:\WINDOWS\system32\drivers\down\166781.exe
C:\WINDOWS\system32\drivers\down\167203.exe
C:\WINDOWS\system32\drivers\down\169375.exe
C:\WINDOWS\system32\drivers\down\171000.exe
C:\WINDOWS\system32\drivers\down\172093.exe
C:\WINDOWS\system32\drivers\down\173703.exe
C:\WINDOWS\system32\drivers\down\176196781.exe
C:\WINDOWS\system32\drivers\down\176200640.exe
C:\WINDOWS\system32\drivers\down\176202718.exe
C:\WINDOWS\system32\drivers\down\176203390.exe
C:\WINDOWS\system32\drivers\down\176205937.exe
C:\WINDOWS\system32\drivers\down\176238562.exe
C:\WINDOWS\system32\drivers\down\176252000.exe
C:\WINDOWS\system32\drivers\down\176259890.exe
C:\WINDOWS\system32\drivers\down\176262125.exe
C:\WINDOWS\system32\drivers\down\176285109.exe
C:\WINDOWS\system32\drivers\down\176287218.exe
C:\WINDOWS\system32\drivers\down\176290203.exe
C:\WINDOWS\system32\drivers\down\176307968.exe
C:\WINDOWS\system32\drivers\down\176349062.exe
C:\WINDOWS\system32\drivers\down\176353656.exe
C:\WINDOWS\system32\drivers\down\179140.exe
C:\WINDOWS\system32\drivers\down\182500.exe
C:\WINDOWS\system32\drivers\down\183828.exe
C:\WINDOWS\system32\drivers\down\184406.exe
C:\WINDOWS\system32\drivers\down\184843.exe
C:\WINDOWS\system32\drivers\down\185437.exe
C:\WINDOWS\system32\drivers\down\187109.exe
C:\WINDOWS\system32\drivers\down\189953.exe
C:\WINDOWS\system32\drivers\down\193843.exe
C:\WINDOWS\system32\drivers\down\201171.exe
C:\WINDOWS\system32\drivers\down\204390.exe
C:\WINDOWS\system32\drivers\down\214671.exe
C:\WINDOWS\system32\drivers\down\214812.exe
C:\WINDOWS\system32\drivers\down\217078.exe
C:\WINDOWS\system32\drivers\down\223453.exe
C:\WINDOWS\system32\drivers\down\225562.exe
C:\WINDOWS\system32\drivers\down\226468.exe
C:\WINDOWS\system32\drivers\down\232718.exe
C:\WINDOWS\system32\drivers\down\236500.exe
C:\WINDOWS\system32\drivers\down\238937.exe
C:\WINDOWS\system32\drivers\down\252406.exe
C:\WINDOWS\system32\drivers\down\257218.exe
C:\WINDOWS\system32\drivers\down\266484.exe
C:\WINDOWS\system32\drivers\down\269562.exe
C:\WINDOWS\system32\drivers\down\275187.exe
C:\WINDOWS\system32\drivers\down\280031.exe
C:\WINDOWS\system32\drivers\down\29213703.exe
C:\WINDOWS\system32\drivers\down\29220640.exe
C:\WINDOWS\system32\drivers\down\29243046.exe
C:\WINDOWS\system32\drivers\down\29247109.exe
C:\WINDOWS\system32\drivers\down\29256546.exe
C:\WINDOWS\system32\drivers\down\29293515.exe
C:\WINDOWS\system32\drivers\down\29305656.exe
C:\WINDOWS\system32\drivers\down\29315328.exe
C:\WINDOWS\system32\drivers\down\29320343.exe
C:\WINDOWS\system32\drivers\down\29325656.exe
C:\WINDOWS\system32\drivers\down\29342453.exe
C:\WINDOWS\system32\drivers\down\29345171.exe
C:\WINDOWS\system32\drivers\down\29346171.exe
C:\WINDOWS\system32\drivers\down\29355562.exe
C:\WINDOWS\system32\drivers\down\29393890.exe
C:\WINDOWS\system32\drivers\down\29398703.exe
C:\WINDOWS\system32\drivers\down\29532062.exe
C:\WINDOWS\system32\drivers\down\29535890.exe
C:\WINDOWS\system32\drivers\down\29539984.exe
C:\WINDOWS\system32\drivers\down\29572390.exe
C:\WINDOWS\system32\drivers\down\29581515.exe
C:\WINDOWS\system32\drivers\down\29583671.exe
C:\WINDOWS\system32\drivers\down\29586843.exe
C:\WINDOWS\system32\drivers\down\29589625.exe
C:\WINDOWS\system32\drivers\down\29604546.exe
C:\WINDOWS\system32\drivers\down\29607343.exe
C:\WINDOWS\system32\drivers\down\29608953.exe
C:\WINDOWS\system32\drivers\down\29617734.exe
C:\WINDOWS\system32\drivers\down\29660546.exe
C:\WINDOWS\system32\drivers\down\29668234.exe
C:\WINDOWS\system32\drivers\down\315093.exe
C:\WINDOWS\system32\drivers\down\320968.exe
C:\WINDOWS\system32\drivers\down\326437.exe
C:\WINDOWS\system32\drivers\down\328734.exe
C:\WINDOWS\system32\drivers\down\329781.exe
C:\WINDOWS\system32\drivers\down\349828.exe
C:\WINDOWS\system32\drivers\down\357593.exe
C:\WINDOWS\system32\drivers\down\359734.exe
C:\WINDOWS\system32\drivers\down\362140.exe
C:\WINDOWS\system32\drivers\down\385218.exe
C:\WINDOWS\system32\drivers\down\392906.exe
C:\WINDOWS\system32\drivers\down\393968.exe
C:\WINDOWS\system32\drivers\down\397828.exe
C:\WINDOWS\system32\drivers\down\403156.exe
C:\WINDOWS\system32\drivers\down\43813562.exe
C:\WINDOWS\system32\drivers\down\43816953.exe
C:\WINDOWS\system32\drivers\down\43825203.exe
C:\WINDOWS\system32\drivers\down\43826375.exe
C:\WINDOWS\system32\drivers\down\43830296.exe
C:\WINDOWS\system32\drivers\down\439375.exe
C:\WINDOWS\system32\drivers\down\44081250.exe
C:\WINDOWS\system32\drivers\down\44085203.exe
C:\WINDOWS\system32\drivers\down\44085906.exe
C:\WINDOWS\system32\drivers\down\44090718.exe
C:\WINDOWS\system32\drivers\down\44121125.exe
C:\WINDOWS\system32\drivers\down\44128750.exe
C:\WINDOWS\system32\drivers\down\44131187.exe
C:\WINDOWS\system32\drivers\down\44135750.exe
C:\WINDOWS\system32\drivers\down\44139687.exe
C:\WINDOWS\system32\drivers\down\44154765.exe
C:\WINDOWS\system32\drivers\down\44156296.exe
C:\WINDOWS\system32\drivers\down\44157484.exe
C:\WINDOWS\system32\drivers\down\44161968.exe
C:\WINDOWS\system32\drivers\down\44201437.exe
C:\WINDOWS\system32\drivers\down\44207812.exe
C:\WINDOWS\system32\drivers\down\446640.exe
C:\WINDOWS\system32\drivers\down\44866265.exe
C:\WINDOWS\system32\drivers\down\44876359.exe
C:\WINDOWS\system32\drivers\down\44911250.exe
C:\WINDOWS\system32\drivers\down\44913671.exe
C:\WINDOWS\system32\drivers\down\44934062.exe
C:\WINDOWS\system32\drivers\down\44936078.exe
C:\WINDOWS\system32\drivers\down\44939687.exe
C:\WINDOWS\system32\drivers\down\44942453.exe
C:\WINDOWS\system32\drivers\down\44976578.exe
C:\WINDOWS\system32\drivers\down\44980734.exe
C:\WINDOWS\system32\drivers\down\58620390.exe
C:\WINDOWS\system32\drivers\down\58621453.exe
C:\WINDOWS\system32\drivers\down\58626500.exe
C:\WINDOWS\system32\drivers\down\58630250.exe
C:\WINDOWS\system32\drivers\down\58636515.exe
C:\WINDOWS\system32\drivers\down\58664156.exe
C:\WINDOWS\system32\drivers\down\58675187.exe
C:\WINDOWS\system32\drivers\down\58678187.exe
C:\WINDOWS\system32\drivers\down\58684500.exe
C:\WINDOWS\system32\drivers\down\58688171.exe
C:\WINDOWS\system32\drivers\down\58704421.exe
C:\WINDOWS\system32\drivers\down\58705453.exe
C:\WINDOWS\system32\drivers\down\58721718.exe
C:\WINDOWS\system32\drivers\down\58729187.exe
C:\WINDOWS\system32\drivers\down\58767828.exe
C:\WINDOWS\system32\drivers\down\58774546.exe
C:\WINDOWS\system32\drivers\down\59391031.exe
C:\WINDOWS\system32\drivers\down\59392906.exe
C:\WINDOWS\system32\drivers\down\59398515.exe
C:\WINDOWS\system32\drivers\down\59400562.exe
C:\WINDOWS\system32\drivers\down\59408531.exe
C:\WINDOWS\system32\drivers\down\59435078.exe
C:\WINDOWS\system32\drivers\down\59444328.exe
C:\WINDOWS\system32\drivers\down\59469921.exe
C:\WINDOWS\system32\drivers\down\59473625.exe
C:\WINDOWS\system32\drivers\down\59492046.exe
C:\WINDOWS\system32\drivers\down\59494750.exe
C:\WINDOWS\system32\drivers\down\59498750.exe
C:\WINDOWS\system32\drivers\down\59508000.exe
C:\WINDOWS\system32\drivers\down\59551593.exe
C:\WINDOWS\system32\drivers\down\59555812.exe
C:\WINDOWS\system32\drivers\down\73190390.exe
C:\WINDOWS\system32\drivers\down\73193375.exe
C:\WINDOWS\system32\drivers\down\73206281.exe
C:\WINDOWS\system32\drivers\down\73207390.exe
C:\WINDOWS\system32\drivers\down\73213187.exe
C:\WINDOWS\system32\drivers\down\73275359.exe
C:\WINDOWS\system32\drivers\down\73281125.exe
C:\WINDOWS\system32\drivers\down\73283171.exe
C:\WINDOWS\system32\drivers\down\73295546.exe
C:\WINDOWS\system32\drivers\down\73299046.exe
C:\WINDOWS\system32\drivers\down\73337531.exe
C:\WINDOWS\system32\drivers\down\73341687.exe
C:\WINDOWS\system32\drivers\down\73348921.exe
C:\WINDOWS\system32\drivers\down\73402125.exe
C:\WINDOWS\system32\drivers\down\73407171.exe
C:\WINDOWS\system32\drivers\down\73966000.exe
C:\WINDOWS\system32\drivers\down\73967328.exe
C:\WINDOWS\system32\drivers\down\73973781.exe
C:\WINDOWS\system32\drivers\down\73976890.exe
C:\WINDOWS\system32\drivers\down\74078234.exe
C:\WINDOWS\system32\drivers\down\74091640.exe
C:\WINDOWS\system32\drivers\down\74098140.exe
C:\WINDOWS\system32\drivers\down\74109781.exe
C:\WINDOWS\system32\drivers\down\74128234.exe
C:\WINDOWS\system32\drivers\down\74132562.exe
C:\WINDOWS\system32\drivers\down\74133218.exe
C:\WINDOWS\system32\drivers\down\74136953.exe
C:\WINDOWS\system32\drivers\down\74182562.exe
C:\WINDOWS\system32\drivers\down\74188468.exe
C:\WINDOWS\system32\drivers\down\87828562.exe
C:\WINDOWS\system32\drivers\down\87832546.exe
C:\WINDOWS\system32\drivers\down\87833078.exe
C:\WINDOWS\system32\drivers\down\87835062.exe
C:\WINDOWS\system32\drivers\down\87891093.exe
C:\WINDOWS\system32\drivers\down\87895468.exe
C:\WINDOWS\system32\drivers\down\87897484.exe
C:\WINDOWS\system32\drivers\down\87899656.exe
C:\WINDOWS\system32\drivers\down\87903390.exe
C:\WINDOWS\system32\drivers\down\87920453.exe
C:\WINDOWS\system32\drivers\down\87922609.exe
C:\WINDOWS\system32\drivers\down\87924437.exe
C:\WINDOWS\system32\drivers\down\87928093.exe
C:\WINDOWS\system32\drivers\down\87965359.exe
C:\WINDOWS\system32\drivers\down\87972234.exe
C:\WINDOWS\system32\drivers\down\88608000.exe
C:\WINDOWS\system32\drivers\down\88612718.exe
C:\WINDOWS\system32\drivers\down\88614234.exe
C:\WINDOWS\system32\drivers\down\88622625.exe
C:\WINDOWS\system32\drivers\down\88684531.exe
C:\WINDOWS\system32\drivers\down\88701546.exe
C:\WINDOWS\system32\drivers\down\88706218.exe
C:\WINDOWS\system32\drivers\down\88709578.exe
C:\WINDOWS\system32\drivers\down\88730281.exe
C:\WINDOWS\system32\drivers\down\88731328.exe
C:\WINDOWS\system32\drivers\down\88732468.exe
C:\WINDOWS\system32\drivers\down\88736125.exe
C:\WINDOWS\system32\drivers\down\88773390.exe
C:\WINDOWS\system32\drivers\down\88778734.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-13 00:37 . 2008-03-13 00:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-13 00:37 . 2008-03-13 00:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-12 11:49 . 2008-03-12 11:51 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
2008-03-12 11:48 . 2008-03-12 11:58 <DIR> d-------- C:\Program Files\MP3 WAV Converter
2008-03-10 18:27 . 3,240 C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-10 18:20 . 2008-03-10 18:20 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-10 17:30 . 2008-03-10 18:20 <DIR> d-------- C:\Program Files\SpywareBlaster(2)
2008-03-10 16:56 . 2003-04-01 09:07 319,488 --a------ C:\WINDOWS\esellerateEngine.dll
2008-03-10 00:22 . 2008-03-10 00:22 <DIR> d-------- C:\Program Files\YASAMP4Converter
2008-03-09 21:50 . 2008-03-09 21:50 23,040 --a------ C:\ISM 3630 EC Reflection #7.doc
2008-03-09 07:02 . 2008-03-09 07:02 <DIR> d-------- C:\Program Files\Elecard MPEG2 Decoder Package 2.0
2008-03-09 07:02 . 2008-03-09 07:02 <DIR> d-------- C:\Program Files\Common Files\Elecard
2008-03-09 06:57 . 2008-03-09 06:57 130,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-09 06:40 . 2008-03-09 06:40 <DIR> d-------- C:\Program Files\Orban
2008-03-08 18:57 . 2008-03-08 18:57 <DIR> d-------- C:\Program Files\Chapura
2008-03-08 17:31 . 2008-03-08 17:31 <DIR> d-------- C:\Program Files\Desktop
2008-03-08 13:46 . 2008-03-08 13:46 <DIR> d-------- C:\Documents and Settings\danyelle willis\Application Data\HotSync
2008-03-08 11:49 . 2008-03-08 11:49 1,631,790 --a------ C:\ISM 3630 EC Article #7.pdf
2008-03-04 16:09 . 2008-03-04 16:09 283,136 --a------ C:\FAI EMAIL W DAVE E.doc
2008-03-04 15:53 . 2008-03-04 16:52 345,600 --a------ C:\FAI Hot List - 3-4-08.doc
2008-03-03 22:03 . 2008-03-03 22:03 28,896 --a------ C:\FIN 3290 Quiz 2.pdf
2008-03-03 21:56 . 2008-03-10 18:20 <DIR> d-------- C:\Documents and Settings\danyelle willis\Application Data\Orbit
2008-03-03 15:54 . 2008-03-03 15:54 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-03-03 15:54 . 2008-03-10 18:21 <DIR> d-------- C:\Documents and Settings\frank\Application Data\Orbit
2008-03-02 23:34 . 2008-03-04 10:19 2,781,696 --a------ C:\ISM 3630 Group 6 Presentation.ppt
2008-03-02 15:41 . 2008-03-02 19:44 113,664 --a------ C:\FAI Flyer for Buyers.doc
2008-02-28 18:49 . 2008-02-28 18:49 250,880 --a------ C:\ISM 3630 Presentation.ppt
2008-02-22 19:59 . 2008-02-22 19:59 <DIR> d-------- C:\WINDOWS\ASTULogTemp
2008-02-22 19:59 . 2008-02-22 19:59 3,753 --a------ C:\WINDOWS\system32\ASTULog.cab
2008-02-22 19:59 . 2008-02-22 19:59 1,042 --a------ C:\WINDOWS\system32\setup.inf
2008-02-22 19:59 . 2008-02-22 19:59 283 --a------ C:\WINDOWS\system32\setup.rpt
2008-02-22 19:11 . 2008-03-07 01:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-22 10:54 . 2008-02-22 10:54 12,989 --a------ C:\ISM 3400 Chapter Reviews.pdf
2008-02-21 15:48 . 2008-02-21 15:48 23,040 --a------ C:\ISM 3630 Group Scoring Sheet.doc
2008-02-17 12:25 . 2008-02-17 13:19 23,552 --a------ C:\ISM 3630 Reflection of Lectures 4-5-6.doc
2008-02-16 13:09 . 2008-02-17 20:53 561,152 --a------ C:\ISM 3630 E-Poster Final.ppt
2008-02-16 10:23 . 2008-02-16 10:23 8,399,645 --a------ C:\ISM 3630 Slides 1.pdf
2008-02-15 15:08 . 2008-02-15 15:09 785,978 --a------ C:\ISM 3400 case 2.pdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 15:10 --------- d-----w C:\Program Files\eMule
2008-03-11 03:17 --------- d-----w C:\Program Files\Trend Micro
2008-03-11 03:10 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-11 02:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-11 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 21:37 --------- d-----w C:\Documents and Settings\frank\Application Data\Vso
2008-03-09 10:36 --------- d-----w C:\Program Files\ffdshow
2008-03-08 23:03 --------- d-----w C:\Program Files\Palm
2008-03-08 21:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 17:46 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-03-08 15:52 --------- d-----w C:\Documents and Settings\danyelle willis\Application Data\AdobeUM
2008-03-08 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-08 04:14 --------- d-----w C:\Documents and Settings\frank\Application Data\AVG7
2008-03-08 01:47 --------- d-----w C:\Documents and Settings\danyelle willis\Application Data\AVG7
2008-02-14 05:01 --------- d-----w C:\Program Files\Common Files\DataViz
2008-02-14 04:41 --------- d-----w C:\Program Files\Documents To Go
2008-02-14 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DataViz
2008-02-14 03:46 --------- d-----w C:\Program Files\Sprint music manager
2008-02-13 00:18 --------- d-----w C:\Program Files\CleanUp!
2008-02-11 03:43 --------- d-----w C:\Documents and Settings\frank\Application Data\Arcsoft
2008-02-10 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\HotSync
2008-02-10 21:40 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2008-02-10 21:40 --------- d-----w C:\Documents and Settings\frank\Application Data\HotSync
2008-02-10 17:24 --------- d-----w C:\Program Files\Google
2008-01-29 14:26 --------- d-----w C:\Program Files\Snapshot Viewer
2008-01-29 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT
2008-01-29 14:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-20 13:55 --------- d-----w C:\Documents and Settings\frank\Application Data\AdobeUM
2008-01-20 04:54 --------- d-----w C:\Documents and Settings\danyelle willis\Application Data\Juniper Networks
2007-12-19 05:59 47,360 ----a-w C:\Documents and Settings\frank\Application Data\pcouffin.sys
2007-12-17 16:45 87,608 ----a-w C:\Documents and Settings\frank\Application Data\ezpinst.exe
2005-03-26 17:38 102 ----a-w C:\Program Files\MIB2ROM.TXT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2005-09-17 05:08 651264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 02:40 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-03-10 17:13 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe" [2003-06-04 11:01 496640 C:\WINDOWS\zHotkey.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-04 10:29 2904064]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2008-03-14 21:47 2577632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-14 21:47 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 17:40 731136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-14 21:43 219136]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15 366400]

C:\Documents and Settings\frank\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [2008-02-13 23:46:23 951640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-01 16:36 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system3

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
--a------ 2003-09-03 18:25 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-03-04 10:29 2904064 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-03-04 10:29 46080 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-03-04 10:29 782336 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-07-25 21:57 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-03-12 15:18 135168 C:\Program Files\eMachines Bay Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-11-02 04:44 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

R1 NEOFLTR_550_11965;Juniper Networks TDI Filter Driver (NEOFLTR_550_11965);C:\WINDOWS\system32\Drivers\NEOFLTR_550_11965.SYS [2007-07-16 18:27]
S4 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 10:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 21:53:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
.
**************************************************************************
.
Completion time: 2008-03-14 22:04:33 - machine was rebooted [frank]
ComboFix-quarantined-files.txt 2008-03-15 02:04:30
.
2008-03-12 07:02:24 --- E O F ---



Hi Jack This :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:30 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://remote.dteen...n0Mq32,CT=java
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://utilitypeerpa...vey/fpspr60.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://remote.dteen...=java dwa7W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

--
End of file - 10001 bytes
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
===============================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=============================================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Welcome to the Kaspersky Online Scanner! Use it to scan your PC for viruses and other malware for free
Warning: if you have installed Kaspersky Online Scanner Pro, please manually uninstall it using "Add/Remove Programs" before installing this version! Otherwise this version will not function correctly.

Benefits:


Kaspersky Anti-Virus exceptional detection rates and thorough scanning
Hourly AV database updates available each time the Online Scanner is launched
Heuristic analysis to detect unknown viruses
Simple installation (just click on a link)

Requirements and limitations:


When using this service for the first time, you have to run with Administrator privileges in order to install the product. Also, you will need to download and install files about 400 KB in size followed by 9 MB of virus definitions.
However, if you use the Online Scanner again, you will only need to download the files that have been updated since your last scan.
The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner work only with MS Internet Explorer 6.0 or higher.
We cannot guarantee that the Online Scanner will function correctly if you are using any other browser or any Internet Explorer extensions (such as AvantBrowser). If you use a different browser, you can use the Kaspersky File Scanner to scan individual files.
The free Kaspersky Online Scanner does not scan boot sectors and MBRs, so it cannot detect malicious code located in these areas.
Please note: The free Kaspersky Online Scanner does not protect against malicious code, and cannot prevent future infections. It only detects malware that has already penetrated your computer. We strongly recommend that you install a full antivirus solution to protect your system.

Privacy statement:

The Kaspersky Online Scanner will collect information about the malicious programs found on your computer during the scanning process. The information will be sent to the Kaspersky Virus Lab for statistical purposes. No personal information about you or specific information about your system will be collected or transmitted to Kaspersky Lab.











Select: All, None, Suspicious Selected objects: 0




Scan settings:
Here you can configure the scanning process.

Scan using the following antivirus database:
standard - detect viruses, worms, Trojans, rootkits
extended - protect your computer from Spyware, adware, dialers and potentially dangerous software such as remote access utilities, prank programs and jokes. We do not recommend this option to beginners or inexperienced users.

Scan options:
Scan Archives - scan files inside archives
Note: affects all targets except 'A File...' scan target.
Scan Mail Bases - scan e-mails/attachments inside mail base files
Note: affects all targets except 'My Email' and 'A File...' scan targets.







Initialize Kaspersky Online Scanner
(downloading and installing Kaspersky Online Scanner ActiveX from the server into your computer)




Update Kaspersky Anti-Virus Databases [100%]:
(downloading and installing the latest Kaspersky Anti-Virus Databases)




Please wait to update the virus definitions...
Downloading from url: ftp://downloads4.kaspersky-labs.com
Downloading remote file: master.xml
Downloading remote file: kavset.xml
Downloading remote file: soft.xml
Downloading remote file: updcfg.xml
Downloading remote file: kernel.avc
Downloading remote file: krnunp.avc
Downloading remote file: krnexe.avc
Downloading remote file: krnmacro.avc
Downloading remote file: krnjava.avc
Downloading remote file: krndos.avc
Downloading remote file: krngen.avc
Downloading remote file: krnexe32.avc
Downloading remote file: krnengn.avc
Downloading remote file: krn001.avc
Downloading remote file: krn002.avc
Downloading remote file: krn003.avc
Downloading remote file: krn004.avc
Downloading remote file: krn005.avc
Downloading remote file: smart.avc
Downloading remote file: ocr.avc
Downloading remote file: chuka.avc
Downloading remote file: fa001.avc
Downloading remote file: base001c.avc
Downloading remote file: base002c.avc
Downloading remote file: base003c.avc
Downloading remote file: base004c.avc
Downloading remote file: base005c.avc
Downloading remote file: base006c.avc
Downloading remote file: base007c.avc
Downloading remote file: base008c.avc
Downloading remote file: base009c.avc
Downloading remote file: base010c.avc
Downloading remote file: base011c.avc
Downloading remote file: base012c.avc
Downloading remote file: base013c.avc
Downloading remote file: base014c.avc
Downloading remote file: base015c.avc
Downloading remote file: base016c.avc
Downloading remote file: base017c.avc
Downloading remote file: base018c.avc
Downloading remote file: base019c.avc
Downloading remote file: base020c.avc
Downloading remote file: base021c.avc
Downloading remote file: base022c.avc
Downloading remote file: base023c.avc
Downloading remote file: base024c.avc
Downloading remote file: base025c.avc
Downloading remote file: base026c.avc
Downloading remote file: base027c.avc
Downloading remote file: base028c.avc
Downloading remote file: base029c.avc
Downloading remote file: base030c.avc
Downloading remote file: base031c.avc
Downloading remote file: base032c.avc
Downloading remote file: base033c.avc
Downloading remote file: base034c.avc
Downloading remote file: base035c.avc
Downloading remote file: base036c.avc
Downloading remote file: base037c.avc
Downloading remote file: base038c.avc
Downloading remote file: base039c.avc
Downloading remote file: base040c.avc
Downloading remote file: base041c.avc
Downloading remote file: base042c.avc
Downloading remote file: base043c.avc
Downloading remote file: base044c.avc
Downloading remote file: base045c.avc
Downloading remote file: base046c.avc
Downloading remote file: base047c.avc
Downloading remote file: base048c.avc
Downloading remote file: base049c.avc
Downloading remote file: base050c.avc
Downloading remote file: base051c.avc
Downloading remote file: base052c.avc
Downloading remote file: base053c.avc
Downloading remote file: base054c.avc
Downloading remote file: base055c.avc
Downloading remote file: base056c.avc
Downloading remote file: base057c.avc
Downloading remote file: base058c.avc
Downloading remote file: base059c.avc
Downloading remote file: base060c.avc
Downloading remote file: base061c.avc
Downloading remote file: base062c.avc
Downloading remote file: base063c.avc
Downloading remote file: base064c.avc
Downloading remote file: base065c.avc
Downloading remote file: base066c.avc
Downloading remote file: base067c.avc
Downloading remote file: base068c.avc
Downloading remote file: base069c.avc
Downloading remote file: base070c.avc
Downloading remote file: base071c.avc
Downloading remote file: base072c.avc
Downloading remote file: base073c.avc
Downloading remote file: base074c.avc
Downloading remote file: base075c.avc
Downloading remote file: base076c.avc
Downloading remote file: base077c.avc
Downloading remote file: base078c.avc
Downloading remote file: base079c.avc
Downloading remote file: base080c.avc
Downloading remote file: base081c.avc
Downloading remote file: base082c.avc
Downloading remote file: base083c.avc
Downloading remote file: base084c.avc
Downloading remote file: base085c.avc
Downloading remote file: base086c.avc
Downloading remote file: base087c.avc
Downloading remote file: base088c.avc
Downloading remote file: base089c.avc
Downloading remote file: base090c.avc
Downloading remote file: base091c.avc
Downloading remote file: base092c.avc
Downloading remote file: base093c.avc
Downloading remote file: base094c.avc
Downloading remote file: base095c.avc
Downloading remote file: base096c.avc
Downloading remote file: base097c.avc
Downloading remote file: base098c.avc
Downloading remote file: base099c.avc
Downloading remote file: base100c.avc
Downloading remote file: base101c.avc
Downloading remote file: base102c.avc
Downloading remote file: base103c.avc
Downloading remote file: base104c.avc
Downloading remote file: base105c.avc
Downloading remote file: base106c.avc
Downloading remote file: base107c.avc
Downloading remote file: base108c.avc
Downloading remote file: base109c.avc
Downloading remote file: base110c.avc
Downloading remote file: base111c.avc
Downloading remote file: base112c.avc
Downloading remote file: base113c.avc
Downloading remote file: base114c.avc
Downloading remote file: base115c.avc
Downloading remote file: base116c.avc
Downloading remote file: base117c.avc
Downloading remote file: base118c.avc
Downloading remote file: base119c.avc
Downloading remote file: base120c.avc
Downloading remote file: base121c.avc
Downloading remote file: base122c.avc
Downloading remote file: base123c.avc
Downloading remote file: base124c.avc
Downloading remote file: base125c.avc
Downloading remote file: base126c.avc
Downloading remote file: base127c.avc
Downloading remote file: dailyc.avc
Downloading remote file: ext001c.avc
Downloading remote file: ext002c.avc
Downloading remote file: ext003c.avc
Downloading remote file: ext004c.avc
Downloading remote file: ext005c.avc
Downloading remote file: ext006c.avc
Downloading remote file: ext007c.avc
Downloading remote file: ext008c.avc
Downloading remote file: ext009c.avc
Downloading remote file: ext010c.avc
Downloading remote file: ext011c.avc
Downloading remote file: ext012c.avc
Downloading remote file: ext013c.avc
Downloading remote file: ext014c.avc
Downloading remote file: ext015c.avc
Downloading remote file: ext016c.avc
Downloading remote file: ext017c.avc
Downloading remote file: ext018c.avc
Downloading remote file: ext019c.avc
Downloading remote file: ext020c.avc
Downloading remote file: ext021c.avc
Downloading remote file: ext022c.avc
Downloading remote file: daily-ec.avc
Downloading remote file: base001.avc
Downloading remote file: base002.avc
Downloading remote file: base003.avc
Downloading remote file: base004.avc
Downloading remote file: base005.avc
Downloading remote file: base006.avc
Downloading remote file: base007.avc
Downloading remote file: base008.avc
Downloading remote file: base009.avc
Downloading remote file: base010.avc
Downloading remote file: base011.avc
Downloading remote file: base012.avc
Downloading remote file: base013.avc
Downloading remote file: base014.avc
Downloading remote file: base015.avc
Downloading remote file: base016.avc
Downloading remote file: base017.avc
Downloading remote file: base018.avc
Downloading remote file: base019.avc
Downloading remote file: base020.avc
Downloading remote file: base021.avc
Downloading remote file: base022.avc
Downloading remote file: base023.avc
Downloading remote file: base024.avc
Downloading remote file: base025.avc
Downloading remote file: base026.avc
Downloading remote file: base027.avc
Downloading remote file: base028.avc
Downloading remote file: base029.avc
Downloading remote file: base030.avc
Downloading remote file: base031.avc
Downloading remote file: base032.avc
Downloading remote file: base033.avc
Downloading remote file: base034.avc
Downloading remote file: base035.avc
Downloading remote file: base036.avc
Downloading remote file: base037.avc
Downloading remote file: base038.avc
Downloading remote file: base039.avc
Downloading remote file: base040.avc
Downloading remote file: base041.avc
Downloading remote file: base042.avc
Downloading remote file: base043.avc
Downloading remote file: base044.avc
Downloading remote file: base045.avc
Downloading remote file: base046.avc
Downloading remote file: base047.avc
Downloading remote file: base048.avc
Downloading remote file: base049.avc
Downloading remote file: base050.avc
Downloading remote file: base051.avc
Downloading remote file: base052.avc
Downloading remote file: base053.avc
Downloading remote file: base054.avc
Downloading remote file: base055.avc
Downloading remote file: base056.avc
Downloading remote file: base057.avc
Downloading remote file: base058.avc
Downloading remote file: base059.avc
Downloading remote file: base060.avc
Downloading remote file: base061.avc
Downloading remote file: base062.avc
Downloading remote file: base063.avc
Downloading remote file: base064.avc
Downloading remote file: base065.avc
Downloading remote file: base066.avc
Downloading remote file: base067.avc
Downloading remote file: base068.avc
Downloading remote file: base069.avc
Downloading remote file: base070.avc
Downloading remote file: base071.avc
Downloading remote file: base072.avc
Downloading remote file: base073.avc
Downloading remote file: base074.avc
Downloading remote file: base075.avc
Downloading remote file: base076.avc
Downloading remote file: base077.avc
Downloading remote file: base078.avc
Downloading remote file: base079.avc
Downloading remote file: base080.avc
Downloading remote file: base081.avc
Downloading remote file: base082.avc
Downloading remote file: base083.avc
Downloading remote file: base084.avc
Downloading remote file: base085.avc
Downloading remote file: base086.avc
Downloading remote file: base087.avc
Downloading remote file: base088.avc
Downloading remote file: base089.avc
Downloading remote file: base090.avc
Downloading remote file: base091.avc
Downloading remote file: base092.avc
Downloading remote file: base093.avc
Downloading remote file: base094.avc
Downloading remote file: base095.avc
Downloading remote file: base096.avc
Downloading remote file: base097.avc
Downloading remote file: base098.avc
Downloading remote file: base099.avc
Downloading remote file: base100.avc
Downloading remote file: base101.avc
Downloading remote file: base102.avc
Downloading remote file: base103.avc
Downloading remote file: base104.avc
Downloading remote file: base105.avc
Downloading remote file: base106.avc
Downloading remote file: base107.avc
Downloading remote file: base108.avc
Downloading remote file: base109.avc
Downloading remote file: base110.avc
Downloading remote file: base111.avc
Downloading remote file: base112.avc
Downloading remote file: base113.avc
Downloading remote file: base114.avc
Downloading remote file: base115.avc
Downloading remote file: base116.avc
Downloading remote file: base117.avc
Downloading remote file: base118.avc
Downloading remote file: base119.avc
Downloading remote file: base120.avc
Downloading remote file: base121.avc
Downloading remote file: base122.avc
Downloading remote file: base123.avc
Downloading remote file: base124.avc
Downloading remote file: base125.avc
Downloading remote file: base126.avc
Downloading remote file: base127.avc
Downloading remote file: base128.avc
Downloading remote file: base129.avc
Downloading remote file: base130.avc
Downloading remote file: base131.avc
Downloading remote file: base132.avc
Downloading remote file: base133.avc
Downloading remote file: base134.avc
Downloading remote file: base135.avc
Downloading remote file: base136.avc
Downloading remote file: base137.avc
Downloading remote file: base138.avc
Downloading remote file: base139.avc
Downloading remote file: base140.avc
Downloading remote file: base141.avc
Downloading remote file: base142.avc
Downloading remote file: base143.avc
Downloading remote file: base144.avc
Downloading remote file: base145.avc
Downloading remote file: base146.avc
Downloading remote file: base147.avc
Downloading remote file: base148.avc
Downloading remote file: base149.avc
Downloading remote file: base150.avc
Downloading remote file: base151.avc
Downloading remote file: base152.avc
Downloading remote file: base153.avc
Downloading remote file: base154.avc
Downloading remote file: base155.avc
Downloading remote file: base156.avc
Downloading remote file: base157.avc
Downloading remote file: base158.avc
Downloading remote file: base159.avc
Downloading remote file: base160.avc
Downloading remote file: base161.avc
Downloading remote file: base162.avc
Downloading remote file: base163.avc
Downloading remote file: base999.avc
Downloading remote file: unp000.avc
Downloading remote file: unp001.avc
Downloading remote file: unp002.avc
Downloading remote file: unp003.avc
Downloading remote file: unp004.avc
Downloading remote file: unp005.avc
Downloading remote file: unp006.avc
Downloading remote file: unp007.avc
Downloading remote file: unp008.avc
Downloading remote file: unp009.avc
Downloading remote file: unp010.avc
Downloading remote file: unp011.avc
Downloading remote file: unp012.avc
Downloading remote file: unp013.avc
Downloading remote file: unp014.avc
Downloading remote file: unp015.avc
Downloading remote file: unp016.avc
Downloading remote file: unp017.avc
Downloading remote file: unp018.avc
Downloading remote file: unp019.avc
Downloading remote file: unp020.avc
Downloading remote file: unp021.avc
Downloading remote file: unp022.avc
Downloading remote file: unp023.avc
Downloading remote file: unp024.avc
Downloading remote file: unp025.avc
Downloading remote file: unp026.avc
Downloading remote file: unp027.avc
Downloading remote file: unp028.avc
Downloading remote file: unp029.avc
Downloading remote file: unp030.avc
Downloading remote file: unp031.avc
Downloading remote file: unp032.avc
Downloading remote file: unp033.avc
Downloading remote file: unp034.avc
Downloading remote file: unp035.avc
Downloading remote file: unp036.avc
Downloading remote file: unp037.avc
Downloading remote file: unp038.avc
Downloading remote file: unp039.avc
Downloading remote file: daily.avc
Downloading remote file: daily-ex.avc
Downloading remote file: urgent.avc
Downloading remote file: mail.avc
Downloading remote file: ext001.avc
Downloading remote file: ext002.avc
Downloading remote file: ext003.avc
Downloading remote file: ext004.avc
Downloading remote file: ext005.avc
Downloading remote file: ext006.avc
Downloading remote file: ext007.avc
Downloading remote file: ext008.avc
Downloading remote file: ext009.avc
Downloading remote file: ext999.avc
Downloading remote file: gen001.avc
Downloading remote file: gen002.avc
Downloading remote file: gen003.avc
Downloading remote file: gen004.avc
Downloading remote file: gen005.avc
Downloading remote file: gen999.avc
Downloading remote file: ca.avc
Downloading remote file: fa.avc
Downloading remote file: eicar.avc
Downloading remote file: verdicts.ini
Downloading remote file: engine.dt
Downloading remote file: engine.cfg
Downloading remote file: avcmhk5.mhk
Downloading remote file: black.lst
Downloading remote file: avp.set
Downloading remote file: avp_ext.set
Downloading remote file: avp_x.set
Downloading remote file: avp.vnd
Downloading remote file: avp.klb
Downloading remote file: soft.ver
Update finished. Ready to scan.
Next
Please select a target to scan:
You can configure the scanning process by pressing "Scan Settings" button.



Critical Areas
scan critical areas of your hard disks
specified in %windir% and %tmp% system variables
Memory
scan disk modules of running processes
My Computer
scan all your hard and mapped disks
My Email
scan all your hard and mapped disks only for the following extensions: *.PST; *.MSG; *.OST; *.MDB; *.DBX; *.EML; *.MBS
Folders...
scan selected folders
A File...
scan a one file





Warning: The Kaspersky Online Scanner may not run successfully while any other Anti-Virus software is running. If you have Anti-Virus software installed, please disable your AV protection before running the Kaspersky Online Scanner.
Selected target: My Computer
Source: C:\; D:\; E:\; F:\; G:\; H:\; I:\;


Report is empty.
Please note: The free Kaspersky Online Scanner does not provide comprehensive protection and cannot prevent future infections. It only detects malware that has already penetrated your storage devices. We strongly recommend that you use a fully-functional antivirus solution to protect your computer at all times.

Please wait, this process may take a long time depending on the selected target. If you want to continue browsing, open a new window.

Scan Progress [99%]:





Total number of scanned objects: 94155
Number of viruses found: 10
Number of infected objects: 124
Number of suspicious objects: 0
Duration of the scan process: 01:27:46
Stop Scan








Get a Free Trial


Buy Kaspersky Anti-Virus


Help


Virus Encyclopedia


Kaspersky Lab






Product Info
You have Kaspersky Online Scanner version 5.0.98.0 installed. The current anti-virus database was released on Saturday, March 15, 2008 and contains 631660 records.

System Info
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)Please wait while the Kaspersky Online Scanner is initializing and updating...








Copyright © Kaspersky Lab 1997 - 2007
Portions Copyright © Lan Crypto
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That is not the right log I will need to see the one it produces after the scan is done.
It will give you an option to Expand report or to save the report.
  • 0

#9
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Ok i will add it as soon as it produces
  • 0

#10
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
I'm not seeing that option But i do see an Error message at the bottom of the page
  • 0

Advertisements


#11
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
do i need to click on stop scan?
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
If it is done scanning it will add those two options.
==============================
It is possible that it has not worked correctly.
Give it a few minutes and if you still cannot save the log then do the following:
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#13
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
i Keep getting this error when trying to scan with TotalScan

Sorry, updating is incomplete due to an error. Please try again. Error 1003.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#15
polling

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Incident Status Location

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dp1h1bs2.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\danyelle willis\Application Data\Mozilla\Firefox\Profiles\hhqsa76m.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.go.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.atwola.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.com.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\frank\Application Data\Mozilla\Firefox\Profiles\bc0kvb8v.default\cookies.txt[.yadro.ru/]
Virus:Trj/Agent.HCR Disinfected C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI
Virus:Generic Malware Disinfected C:\Program Files\Desktop\crackMaster.exe
Virus:Generic Trojan Disinfected C:\Program Files\eMule\Incoming\Cucusoft_MPEG-MOV-RMVB-DivX-AVI_to_DVD-VCD-SVCD_Converter_Pro_7.07.zip[Crack_untested/Cucusoft.MPEG-MOV-rmvb-DivX-AVI.to.DVD-VCD-SVCD.Converter.Pro.v7.05.Retail-UnKn0wN crack.exe]
Virus:Generic Trojan Disinfected C:\Program Files\eMule\Incoming\Cucusoft_MPEG-MOV-RMVB-DivX-AVI_to_DVD-VCD-SVCD_Convert_Pro_7.07.zip[Crack_untested/Cucusoft.MPEG-MOV-rmvb-DivX-AVI.to.DVD-VCD-SVCD.Converter.Pro.v7.05.Retail-UnKn0wN crack.exe]
Virus:Generic Trojan Disinfected C:\Program Files\eMule\Incoming\Cucusoft_MPEG-MOV-RMVB-DivX-AVI_to_DVD-VCD-SVCD_Convert_Pro_7.07.zip[Cucusoft_7.07/Crack_untested/Cucusoft.MPEG-MOV-rmvb-DivX-AVI.to.DVD-VCD-SVCD.Converter.Pro.v7.05.Retail-UnKn0wN crack.exe]
Virus:Trj/Agent.BZF Disinfected C:\Program Files\eMule\Incoming\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.zip[Setup.exe]
Virus:Generic Malware Not disinfected C:\Program Files\eMule\Incoming\Yasa Mp4 Video Converter 3.1(2).rar[setup.exe]
Virus:W32/Puce.I.worm Not disinfected C:\Program Files\eMule\Incoming\[PalmOS] Kinoma 4.1 (Parchada) + Kinoma Producer 4.0 con KeyGen(1).rar[setup.exe]
Virus:W32/Bagle.RC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102384234.exe.vir
Virus:W32/Bagle.SB.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102390546.exe.vir
Virus:W32/Bagle.RC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\103200546.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\103210750.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\111937.exe.vir
Virus:W32/Bagle.RC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\116946281.exe.vir
Virus:W32/Bagle.SB.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\116962968.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\117881125.exe.vir
Virus:W32/Bagle.RC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\131507625.exe.vir
Virus:W32/Bagle.SB.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\131518906.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\132453703.exe.vir
Virus:W32/Bagle.RC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146119296.exe.vir
Virus:W32/Bagle.SB.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146131890.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146149406.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\147088984.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\153628296.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\160707156.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\161686375.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\176203390.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\184843.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29247109.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43826375.exe.vir
Virus:W32/Bagle.SB.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\44085906.exe.vir
Virus:W32/Bagle.RC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58621453.exe.vir
Virus:W32/Bagle.SB.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\58630250.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\59400562.exe.vir
Virus:W32/Bagle.RC.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\73193375.exe.vir
Virus:W32/Bagle.SB.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87833078.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\88614234.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\catchme2008-03-14_215338.12.zip[srosa.sys]
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\catchme2008-03-14_215338.12.zip[wintems.exe]
Virus:W32/Bagle.RP.worm Disinfected C:\QooBox\Quarantine\catchme2008-03-14_215338.12.zip[mdelk.exe]
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP