1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] This operation has been cancelled

Discussion in 'Malware and Virus Removal Archive' started by sumpy, 2008/10/26.

  1. 2008/10/26
    sumpy

    sumpy Inactive Thread Starter

    Joined:
    2008/10/26
    Messages:
    3
    Likes Received:
    0
    Hi
    Iam having problems with internet explorer. getting the message " This operation has been cacelled due to restrictions in effect on this computer" when I select the view or add to favorites tabs.
    This occurred after I had the " About:Blank virus.
    Log attached below
    thanks in advance
    glen


    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Glen at 2008-10-26 14:20:52
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 785 MB (8%) free of 9 GB
    Total RAM: 383 MB (6% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:22:04, on 26/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    f:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\System32\svchost.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    D:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Glen\Local Settings\Temporary Internet Files\Content.IE5\RWUQ3C1F\RSIT[1].exe
    C:\Program Files\Trend Micro\HijackThis\Glen.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - f:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

    --
    End of file - 9205 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\hhhhhhhhh.job
    C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
    C:\WINDOWS\tasks\RegCure Program Check.job
    C:\WINDOWS\tasks\RegCure.job
    C:\WINDOWS\tasks\Symantec Drmc.job
    C:\WINDOWS\tasks\XoftSpySE 2.job
    C:\WINDOWS\tasks\XoftSpySE.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-18 2055960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-06-09 262144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-06-09 262144]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-18 2055960]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-09-17 52848]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]
    "nwiz "=nwiz.exe /install []
    "NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]
    "NeroFilterCheck "=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "PE2CKFNT SE "=D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [1998-07-03 25088]
    "1A:Stardock TrayMonitor "= []
    "LVCOMSX "=C:\WINDOWS\system32\LVCOMSX.EXE [2004-12-14 221184]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "ZoneAlarm Client "=E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
    "AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
    "WinPatrol "=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
    "H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2001-06-26 401493]
    "NBJ "=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-01-04 1937408]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Kodak EasyShare software.lnk - E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    Photo Express Calendar Checker SE.lnk - D:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr "=0
    "NoDispCPL "=0
    "NoDispSettingsPage "=0
    "NoDispAppearancePage "=0
    "NoDispScrSavPage "=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=0
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145
    "SpecifyDefaultButtons "=0
    "Btn_Refresh "=0
    "Btn_Search "=0
    "Btn_Media "=0
    "Btn_Favorites "=0
    "Btn_Back "=0
    "Btn_Forward "=0
    "Btn_Stop "=0
    "Btn_Home "=0
    "Btn_History "=0
    "Btn_Print "=2
    "Btn_MailNews "=2
    "NoDesktop "=0
    "NoThemesTab "=0
    "NoRun "=0
    "NoSimpleStartMenu "=0
    "NoWindowsUpdate "=0
    "StartMenuLogOff "=0
    "NoClose "=0
    "NoFolderOptions "=0
    "NoViewContextMenu "=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe "= "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "
    "E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe "= "E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager "
    "D:\Program Files\eMule\emule.exe "= "D:\Program Files\eMule\emule.exe:*:Enabled:eMule "
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application "
    "F:\Program Files\Grisoft\AVG7\avginet.exe "= "F:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe "
    "F:\Program Files\Grisoft\AVG7\avgamsvr.exe "= "F:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe "
    "F:\Program Files\Grisoft\AVG7\avgcc.exe "= "F:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
    "C:\Program Files\AVG\AVG8\avgemc.exe "= "C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "
    "C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc4293d6-d0a6-11db-bbeb-000475805b36}]
    shell\AutoRun\command - I:\LaunchU3.exe


    ======List of files/folders created in the last 3 months======

    2008-10-26 14:20:52 ----DC---- C:\rsit
    2008-10-25 17:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
    2008-10-25 17:58:43 ----D---- C:\WINDOWS\network diagnostic
    2008-10-25 17:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
    2008-10-25 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
    2008-10-25 14:04:28 ----D---- C:\Program Files\Trend Micro
    2008-10-25 11:58:50 ----D---- C:\Documents and Settings\Glen\Application Data\WinPatrol
    2008-10-25 11:50:22 ----D---- C:\Program Files\BillP Studios
    2008-10-25 09:36:42 ----D---- C:\Program Files\XoftSpySE
    2008-10-24 19:59:36 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-10-24 19:59:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-24 19:22:11 ----AH---- C:\WINDOWS\system32\rrsec2k.exe
    2008-10-24 19:22:11 ----AH---- C:\WINDOWS\system32\rrsec.dll
    2008-10-24 19:22:09 ----D---- C:\Program Files\Registrar Registry Manager
    2008-10-24 14:06:38 ----DC---- C:\Acrobat5
    2008-10-24 14:06:36 ----A---- C:\WINDOWS\GUIDWEB.INI
    2008-10-24 14:06:31 ----AC---- C:\INST_OK.TXT
    2008-10-24 14:06:31 ----A---- C:\WINDOWS\tbxpro.ini
    2008-10-24 14:06:31 ----A---- C:\WINDOWS\tbxdnld.ini
    2008-10-24 14:06:21 ----A---- C:\WINDOWS\DAE.INI
    2008-10-24 14:06:19 ----DC---- C:\TOUCH
    2008-10-24 14:06:15 ----DC---- C:\EXAWEB
    2008-10-24 14:06:15 ----AC---- C:\RUNSETUP.INI
    2008-10-24 14:06:15 ----AC---- C:\EXAMINER.EXE
    2008-10-24 14:06:13 ----A---- C:\WINDOWS\WUFSDE.INI
    2008-10-24 14:06:13 ----A---- C:\WINDOWS\WBTRV32.DLL
    2008-10-24 14:06:13 ----A---- C:\WINDOWS\WBTRTHNK.DLL
    2008-10-24 14:06:13 ----A---- C:\WINDOWS\W32MKRC.DLL
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\W32MKDE.EXE
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\TESTECU.INI
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\LINK.INI
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\IMGLIB16.DLL
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\IMGLIB.DLL
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\EXAWEB.INI
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\EXAMINER.INI
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\DAESPAWN.INI
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\CNCERR.INI
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\BTI.INI
    2008-10-24 14:06:12 ----A---- C:\WINDOWS\4BUTT.INI
    2008-10-24 14:06:10 ----DC---- C:\AGG
    2008-10-24 14:06:09 ----AC---- C:\MAPPE_OK.TXT
    2008-10-24 14:04:35 ----DC---- C:\AMVA
    2008-10-24 14:04:33 ----DC---- C:\BOLLETT
    2008-10-24 14:04:32 ----DC---- C:\DEV
    2008-10-24 14:04:32 ----DC---- C:\AVED
    2008-10-24 14:03:48 ----DC---- C:\TEMP
    2008-10-24 14:03:48 ----DC---- C:\HPDAE
    2008-10-24 14:02:43 ----AC---- C:\LINGUA.INI
    2008-10-24 14:02:41 ----DC---- C:\INST
    2008-09-30 21:15:48 ----D---- C:\Program Files\SmartDraw 2009
    2008-09-25 19:13:14 ----D---- C:\Documents and Settings\Glen\Application Data\Samsung
    2008-09-25 17:40:26 ----AH---- C:\WINDOWS\system32\framedyn.dll
    2008-09-25 16:53:39 ----HD---- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-09-11 17:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-06 16:19:13 ----HD---- C:\WINDOWS\system32\CatRoot_bak
    2008-09-03 00:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-09-03 00:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-09-03 00:35:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-09-03 00:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-09-03 00:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-09-03 00:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-19 20:17:13 ----HDC---- C:\$AVG8.VAULT$

    ======List of files/folders modified in the last 3 months======

    2008-10-26 14:22:04 ----D---- C:\WINDOWS\Temp
    2008-10-26 14:21:15 ----D---- C:\WINDOWS\Prefetch
    2008-10-26 14:11:16 ----D---- C:\WINDOWS\Internet Logs
    2008-10-26 14:10:03 ----A---- C:\WINDOWS\ULEAD32.INI
    2008-10-26 14:07:03 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-26 14:04:44 ----HD---- C:\WINDOWS\system32\CatRoot2
    2008-10-26 13:43:28 ----D---- C:\WINDOWS
    2008-10-26 13:42:58 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-26 12:56:36 ----SD---- C:\WINDOWS\Tasks
    2008-10-26 12:01:09 ----HD---- C:\WINDOWS\system32
    2008-10-26 12:01:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-25 18:47:21 ----D---- C:\Program Files\Internet Explorer
    2008-10-25 18:47:20 ----HD---- C:\WINDOWS\system32\en-US
    2008-10-25 18:47:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-10-25 18:21:56 ----HD---- C:\WINDOWS\inf
    2008-10-25 18:20:42 ----D---- C:\WINDOWS\ie7updates
    2008-10-25 18:19:31 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-25 18:17:37 ----HD---- C:\WINDOWS\system32\CatRoot
    2008-10-25 15:17:35 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-10-25 14:44:31 ----A---- C:\WINDOWS\ModemLog_Ambient HaM Data Fax.txt
    2008-10-25 14:04:28 ----RD---- C:\Program Files
    2008-10-24 14:13:13 ----D---- C:\WINDOWS\system
    2008-10-23 16:00:56 ----SHD---- C:\WINDOWS\Installer
    2008-10-23 16:00:56 ----D---- C:\Config.Msi
    2008-10-21 18:46:07 ----D---- C:\WINDOWS\Downloaded Installations
    2008-10-21 18:43:32 ----RSD---- C:\WINDOWS\assembly
    2008-10-21 18:43:22 ----HD---- C:\WINDOWS\system32\URTTemp
    2008-10-21 18:43:12 ----D---- C:\WINDOWS\Registration
    2008-10-21 18:41:34 ----HD---- C:\WINDOWS\system32\mui
    2008-10-08 17:40:53 ----D---- C:\Documents and Settings
    2008-10-07 11:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-05 07:52:29 ----D---- C:\Program Files\Google
    2008-10-03 17:41:15 ----AH---- C:\WINDOWS\system32\ieframe.dll
    2008-10-02 15:23:54 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-10-02 15:18:33 ----D---- C:\Program Files\Common Files\Real
    2008-10-02 15:18:05 ----D---- C:\Program Files\Common Files
    2008-10-02 15:13:05 ----D---- C:\Program Files\Apple Software Update
    2008-10-02 15:12:06 ----HD---- C:\WINDOWS\system32\Adobe
    2008-10-02 15:11:56 ----D---- C:\Documents and Settings\Glen\Application Data\Macromedia
    2008-10-02 15:11:55 ----HD---- C:\WINDOWS\system32\Macromed
    2008-09-25 17:38:35 ----HD---- C:\WINDOWS\system32\drivers
    2008-09-11 17:13:29 ----D---- C:\WINDOWS\WinSxS
    2008-09-06 16:19:12 ----D---- C:\WINDOWS\Debug
    2008-09-04 09:54:20 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-09-03 10:28:47 ----D---- C:\WINDOWS\Help
    2008-08-29 21:07:44 ----A---- C:\WINDOWS\cdplayer.ini
    2008-08-27 12:54:32 ----AH---- C:\WINDOWS\system32\mshtml.dll
    2008-08-26 07:24:31 ----AH---- C:\WINDOWS\system32\wininet.dll
    2008-08-26 07:24:31 ----AH---- C:\WINDOWS\system32\webcheck.dll
    2008-08-26 07:24:31 ----AH---- C:\WINDOWS\system32\urlmon.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\url.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\pngfilt.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\occache.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\mstime.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\msrating.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\mshtmled.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\msfeeds.dll
    2008-08-26 07:24:30 ----AH---- C:\WINDOWS\system32\jsproxy.dll
    2008-08-26 07:24:29 ----AH---- C:\WINDOWS\system32\iertutil.dll
    2008-08-26 07:24:29 ----AH---- C:\WINDOWS\system32\iernonce.dll
    2008-08-26 07:24:29 ----AH---- C:\WINDOWS\system32\iedkcs32.dll
    2008-08-26 07:24:28 ----AH---- C:\WINDOWS\system32\ieapfltr.dll
    2008-08-26 07:24:28 ----AH---- C:\WINDOWS\system32\ieaksie.dll
    2008-08-26 07:24:28 ----AH---- C:\WINDOWS\system32\ieakeng.dll
    2008-08-26 07:24:28 ----AH---- C:\WINDOWS\system32\icardie.dll
    2008-08-26 07:24:28 ----AH---- C:\WINDOWS\system32\extmgr.dll
    2008-08-26 07:24:28 ----AH---- C:\WINDOWS\system32\dxtrans.dll
    2008-08-26 07:24:28 ----AH---- C:\WINDOWS\system32\dxtmsft.dll
    2008-08-26 07:24:28 ----AH---- C:\WINDOWS\system32\advpack.dll
    2008-08-25 08:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-08-25 08:37:59 ----AH---- C:\WINDOWS\system32\ie4uinit.exe
    2008-08-23 05:54:51 ----AH---- C:\WINDOWS\system32\ieakui.dll
    2008-08-22 00:12:22 ----D---- C:\Program Files\Microsoft ActiveSync
    2008-08-22 00:11:38 ----D---- C:\Program Files\Microsoft Works
    2008-08-22 00:11:31 ----RSD---- C:\WINDOWS\Fonts
    2008-08-22 00:10:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-08-14 20:09:34 ----SHD---- C:\RECYCLER

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-01 97928]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-18 26824]
    R1 cwmtdi;cwmtdi; C:\WINDOWS\system32\drivers\cwmtdi.sys [2007-05-14 48640]
    R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-25 5632]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-09-20 196240]
    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
    R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-18 76040]
    R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
    R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
    R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
    R2 MicroGuard;MicroGuard Copy Protection; \??\C:\WINDOWS\system32\drivers\mgnt.sys []
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
    R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
    R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HAM;Ambient HaM Data Fax; C:\WINDOWS\system32\DRIVERS\ham.sys [2000-03-04 376489]
    R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-07-15 2459712]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 usbhub;%StandardHub.SvcDesc%; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-03 31744]
    S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
    S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
    S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
    S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
    S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA; C:\WINDOWS\system32\DRIVERS\DC31VID.sys []
    S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-11 22016]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2005-08-22 30336]
    S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
    S3 PA7333I;Kodak Webcam Explorer Bulk Mode Device; C:\WINDOWS\system32\DRIVERS\DC31Bulk.sys []
    S3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
    S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
    S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
    S3 SDdriver;SDdriver; \??\C:\WINDOWS\system32\Drivers\sddriver.sys []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-09-20 12944]
    S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-09-20 109200]
    S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-09-20 31888]
    S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-09-20 27792]
    S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-09-20 24720]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-01 875288]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-09-17 192112]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-09-17 169584]
    R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 NProtectService;Norton Unerase Protection; C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE [2004-08-30 95328]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-15 114755]
    R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE [2004-08-30 181416]
    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
    R2 WebFilter;Blue Coat K9 Web Protection; f:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2007-04-30 184320]
    S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
    S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe []
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2005-09-25 749696]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-09-20 214672]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

    -----------------EOF-----------------
     
    sumpy,
    #1
  2. 2008/10/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Glen :)

    What did you use to clean up the about:blank infection? Do you have logs from any of the tools used?

    Do you know what all of the following folders are or contain?

    C:\AGG
    C:\AMVA
    C:\BOLLETT
    C:\DEV
    C:\AVED
    C:\HPDAE
    C:\INST
    C:\TOUCH
    C:\EXAWEB
    C:\Acrobat5

    This scheduled task looks rather suspicious. Do you know what it is?

    C:\WINDOWS\tasks\hhhhhhhhh.job
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/10/27
    sumpy

    sumpy Inactive Thread Starter

    Joined:
    2008/10/26
    Messages:
    3
    Likes Received:
    0
    Hi
    I did a search and found a manual way by removing avgrsstx.dll, found at the end of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows Key Applnit_DLL

    rgds Glen
     
    sumpy,
    #3
  5. 2008/10/27
    sumpy

    sumpy Inactive Thread Starter

    Joined:
    2008/10/26
    Messages:
    3
    Likes Received:
    0
    As for the contents of those folders, or sheduled task, I have no idea.
    rgds Glen
     
    sumpy,
    #4
  6. 2008/10/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Well, avgrsstx.dll belongs to AVG8 antivirus and that entry belongs there.

    Please navigate to C:\Windows\Tasks and right click the hhhhhhhhh.job then select properties. You should be able to determine what it is intended to do and whether or not it's a legitimate task. If not, post the details here.

    Please check the contents of those folders and let me know what's in there, and if you can determine their legitimacy as well.
     
    noahdfear,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...