[evilfantasy]

Everything should be good to go now.

Hopefully............

[guccijana]

oh noo.. i just ran spybot to make sure there is nothing and smitfraud-c.msvps comes up in the registry??

[guccijana]

ugh this must be some powerful smitfraud--

[evilfantasy]

Download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad.
• Post that log back here.

Be sure to restart the computer.

[guccijana]

when i click the scan botton i get an error message run-time error "9" subscript out of range.. :(

[evilfantasy]

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard).
• Finally add the contents of the Report.txt in your next post.

----------

PLEASE READ ALL OF THESE INSTRUCTIONS FIRST BEFORE DOING ANYTHING. Ask any questions that you may have before starting.

Download SmitfraudFix (by S!Ri) to your Desktop.

• Extract all the files to your Destop.
• A folder named SmitfraudFix will be created on your Desktop.

You may want print out these instructions or copy and paste them to notepad and save it to the desktop as you will not be able to see this page in safe mode

• Please reboot your computer in Safe Mode by tapping the F8 key just before Windows starts to load and selecting Safe Mode.

• Open the SmitfraudFix Folder on your Desktop, then double-click smitfraudfix.cmd file to start the tool.

• Select option #2 - Clean by typing 2 and press Enter.

• The program will start cleaning your computer and go through a series of cleanup processes. Wait for the tool to complete and disk cleanup to finish.
  • This process can take some time depending on your computer, so please be patient.
• When it is complete, it will close automatically and you should continue with next step.

• You will be prompted: "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.

• The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file.
• Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Suggested Step:

• To restore Trusted and Restricted site zone, select 3 and hit Enter.

• You will be prompted: Restore Trusted Zone? answer Y (yes) and hit Enter to delete trusted zone.

• Now reboot into normal mode and post this new rapport.txt in the next post.

• WARNING Running this option on a non infected computer will remove the desktop background. So only run it once!

----------

Post those two logs and then run DSS and post the logs it produces.

Download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open
  • main.txt <- this one will be maximized
  • and extra.txt <- this one will be minimized
• Add the contents of main.txt in your post.
• Also add extra.txt to your post.

• The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

What DSS will do:

• Create a new System Restore point in Windows XP and Vista.
• Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

[guccijana]

okayyy, here they are

[guccijana]

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.09 MiB / 571.62 MiB
Pagefile Memory (total/avail): 1949.01 MiB / 1525.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.3 MiB

C: is Fixed (NTFS) - 145.49 GiB total, 19.62 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
L: is Removable (No Media)
N: is Removable (No Media)
P: is Fixed (NTFS) - 9.77 GiB total, 8.72 GiB free.
V: is Fixed (NTFS) - 195.31 GiB total, 65.7 GiB free.
Z: is Fixed (NTFS) - 93.01 GiB total, 10.2 GiB free.

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 145.49 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB

\\.\PHYSICALDRIVE1 - WDC WD3200JD-00KLB0 - 298.09 GiB - 3 partitions
\PARTITION0 - Installable File System - 195.31 GiB - V:
\PARTITION1 - Installable File System - 9.77 GiB - P:
\PARTITION2 - Installable File System - 93.01 GiB - Z:

\\.\PHYSICALDRIVE7 - EPSON Stylus Storage USB Device

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE6 - Generic STORAGE DEVICE USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080129-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tatjana Blazevic\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DCW9RX51
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tatjana Blazevic
LOGONSERVER=\\DCW9RX51
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TATJAN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TATJAN~1\LOCALS~1\Temp
USERDOMAIN=DCW9RX51
USERNAME=Tatjana Blazevic
USERPROFILE=C:\Documents and Settings\Tatjana Blazevic
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tatjana Blazevic (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL3.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Photoshop Elements 4.0 --> msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Premiere Elements 1.0 --> msiexec /I {6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}
Adobe Premiere Elements 2.0 --> msiexec /I {11C98E1A-EC91-4B38-B44C-C562292D8453}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 -removeonly
avast! Antivirus --> rundll32 C:\PROGRA~1\AVAST4~1\Avast4\Setup\setiface.dll,Run Setup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Brother 1440 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Brother\BRHL1440\DeIsL1.isu" -cbrunin144.dll
Brownie --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Brownie\Uninst.isu"
Canon S520 --> C:\WINDOWS\system32\CNMCP3M.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\DeIsL1.isu" -pCanon S520-c"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\bjinst.dll
CDisplay 1.8 --> K:\Software\CDisplay\unins000.exe
CleanUp! --> C:\Program Files\CleanUp!2\uninstall.exe
Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ --> C:\WINDOWS\system32\ClubboxUninstall.exe
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Cyclope Internet Filtering Proxy 2.1 build 127 --> "C:\Program Files\CIFPFiltering\unins000.exe"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DeriveIt Web Content Filter --> C:\PROGRA~1\DeriveIt\CONTEN~1\CustomUninstall.exe C:\PROGRA~1\DeriveIt\CONTEN~1\INSTALL.LOG
DivX --> K:\divxplayer\DivXCodecUninstall.exe /CODEC
DivX Player --> K:\divxplayer\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> K:\divxplayer\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}

[guccijana]

extra.txt continued


DTC Library --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DTC Library\Uninst.isu"
eMCrypt 3.0 --> MsiExec.exe /I{7F78B83E-E57C-4A89-9D30-BEADD47B6D61}
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDAT E.EXE /R
EPSON SPR340 User's Guide --> C:\Program Files\epson\guide\spr340_e\uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E6696A8C-C55A-405C-AFEB-F3880A8BAA45} /l1033
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.8.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Macromedia Flash 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Generator 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Macromedia\Generator 2\Uninst.isu" -c"C:\Program Files\Macromedia\Generator 2\bin\uninstall.dll"
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Netscape (7.2) --> C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
NTI CD & DVD-Maker 6.5 Platinum --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
Pen Tablet --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{5AFDA63F-D659-4991-81B1-57B4311E5C82} /l1033
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Projects & Plans For Woodworking Hobbyist --> MsiExec.exe /I{20BC23F8-9C9F-4FFE-BC7E-363163D6FFE8}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Real Alternative 1.48 --> "C:\Program Files\Real Alternativeplayer\unins000.exe"
SBC Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
SBC Yahoo! DSL Activation --> C:\PROGRA~1\Yahoo!\Common\undsldlk.exe
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Live! 24-bit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SureThing CD Labeler 4 SE --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Premier 2004 --> C:\Program Files\TurboTax\Premier 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2004\Uninstall.log" -NoGui
Uninstall DreamSuite Bonus --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\DreamSuite Bonus\DreamSuite Bonus Uninstall.log
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\setup.exe" -l0x9 -eliminate
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type6316 / Success
Event Submitted/Written: 01/29/2008 09:32:03 PM
Event ID/Source: 2570 / Adobe Active File Monitor 4.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type6315 / Success
Event Submitted/Written: 01/29/2008 09:32:02 PM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type6306 / Success
Event Submitted/Written: 01/29/2008 09:09:25 PM
Event ID/Source: 2570 / Adobe Active File Monitor 4.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type6305 / Success
Event Submitted/Written: 01/29/2008 09:09:24 PM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type6295 / Success
Event Submitted/Written: 01/29/2008 07:44:04 PM
Event ID/Source: 2570 / Adobe Active File Monitor 4.0
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1532 / Error
Event Submitted/Written: 01/29/2008 09:32:45 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type1508 / Error
Event Submitted/Written: 01/29/2008 09:31:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type1507 / Error
Event Submitted/Written: 01/29/2008 09:27:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type1506 / Error
Event Submitted/Written: 01/29/2008 09:24:30 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
aswTdi
AVG Anti-Spyware Driver
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Event Record #/Type1505 / Error
Event Submitted/Written: 01/29/2008 09:24:30 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-01-29 21:39:37 ------------

[guccijana]

main.txt

Deckard's System Scanner v20071014.68
Run by Tatjana Blazevic on 2008-01-29 21:36:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-01-30 02:36:42 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-01-30 00:45:23 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 19.62 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-29 21:38:55
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Avast4Software\Avast4\aswUpdSv.exe
C:\Program Files\Avast4Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CIFPFiltering\CIFPLogAggregator.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\CIFPFiltering\FilterService.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIA JA.EXE
C:\Program Files\Avast4Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avast4Software\Avast4\ashMaiSv.exe
C:\Program Files\Avast4Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\Tatjana Blazevic\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI AJA.EXE" /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe....vex/hcImpl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\SYSTEM32\BRSVC01A.EXE
O23 - Service: CIFPLogAggregator - Unknown owner - C:\Program Files\CIFPFiltering\CIFPLogAggregator.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: CyclopeInternetFilter - Unknown owner - C:\Program Files\CIFPFiltering\FilterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\SYSTEM32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe