Antivirus XP 2008!

Sain hienon ohjelman ladattua ja nyt tarvitsen apua päästäkseni siitä eroon.APUA!?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:57 AM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\lphc9m1j0e13l.exe
C:\Program Files\rhccm1j0e13l\rhccm1j0e13l.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\My Music\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\pphc9m1j0e13l.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O4 - HKLM\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [8l1gq5qa] C:\WINDOWS\system32\8l1gq5qa.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphc9m1j0e13l] C:\WINDOWS\system32\lphc9m1j0e13l.exe
O4 - HKLM\..\Run: [SMrhccm1j0e13l] C:\Program Files\rhccm1j0e13l\rhccm1j0e13l.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\My Music\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\My Music\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854006.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://sto-notes.samsung.se/iNotes.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121975574125
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://207.192.215.42/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D83E0111-E9A4-11D1-A5B7-0060082BD97A} (HMR Image Control Pro) - http://192.49.222.99/Objects/HMRImageCtrlPro.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{051169C6-FEE0-43B7-8D9B-423E9A772703}: NameServer = 195.74.0.47,195.74.0.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6FFB5-64B0-404C-97FF-1745481CDB25}: NameServer = 217.78.192.22 217.78.192.78
O17 - HKLM\System\CS1\Services\Tcpip\..\{051169C6-FEE0-43B7-8D9B-423E9A772703}: NameServer = 195.74.0.47,195.74.0.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{051169C6-FEE0-43B7-8D9B-423E9A772703}: NameServer = 195.74.0.47,195.74.0.55
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\nipsvc.exe (file missing)

--
End of file - 10028 bytes

 

Käynnistä -> Suorita ja kirjoita alla olevat punaiset rivit siihen yksitellen.

sc stop NipSvc

sc delete NipSvc


1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*


Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

 

Tässä näitä nyt sit tulee




ComboFix 08-08-21.02 - Esa & Minna-Liisa 2008-08-25 2:31:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1033.18.195 [GMT 3:00]
Running from: C:\Documents and Settings\Esa & Minna-Liisa\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Esa & Minna-Liisa\Application Data\macromedia\Flash Player\#SharedObjects\NZT6QCE6\static.youku.com
C:\Documents and Settings\Esa & Minna-Liisa\Application Data\macromedia\Flash Player\#SharedObjects\NZT6QCE6\static.youku.com\v1.0.0304\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Esa & Minna-Liisa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Esa & Minna-Liisa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Esa & Minna-Liisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Esa & Minna-Liisa\Application Data\rhccm1j0e13l
C:\Documents and Settings\Esa & Minna-Liisa\Cookies\esa & minna-liisa@ad.yieldmanager[2].txt
C:\Documents and Settings\Esa & Minna-Liisa\Cookies\esa & minna-liisa@services[2].txt
C:\Documents and Settings\Esa & Minna-Liisa\Cookies\esa & minna-liisa@serving-sys[1].txt
C:\Documents and Settings\Esa & Minna-Liisa\Cookies\esa & minna-liisa@serving-sys[2].txt
C:\Documents and Settings\Esa & Minna-Liisa\Cookies\esa & minna-liisa@serving-sys[3].txt
C:\Documents and Settings\Esa & Minna-Liisa\Cookies\esa & minna-liisa@tilt[4].txt
C:\Documents and Settings\Esa & Minna-Liisa\Cookies\esa & minna-liisa@web.checkm8[1].txt
C:\Documents and Settings\Esa & Minna-Liisa\Cookies\esa & minna-liisa@www.ohhla[1].txt
C:\Program Files\rhccm1j0e13l
C:\Program Files\RichVideoCodec
C:\WINDOWS\system32\blphc9m1j0e13l.scr
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\buts.bin
C:\WINDOWS\system32\Cache\chart 1.bmp
C:\WINDOWS\system32\Cache\ding.bmp
C:\WINDOWS\system32\Cache\disk 1.bmp
C:\WINDOWS\system32\Cache\document.bmp
C:\WINDOWS\system32\Cache\mail unreaded.bmp
C:\WINDOWS\system32\Cache\msg.bin
C:\WINDOWS\system32\Cache\peoples 1.bmp
C:\WINDOWS\system32\Cache\search find 2.bmp
C:\WINDOWS\system32\Cache\web app.bmp
C:\WINDOWS\system32\lphc9m1j0e13l.exe
C:\WINDOWS\system32\phc9m1j0e13l.bmp
C:\WINDOWS\system32\pphc9m1j0e13l.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-25 00:18 . 2008-08-25 00:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-24 23:39 . 2008-08-24 23:39 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-24 20:25 . 2008-08-24 20:25 0 --a------ C:\WINDOWS\system32\agshmcbp.html
2008-08-24 16:55 . 2008-08-24 16:55 126,976 --a------ C:\WINDOWS\system32\RichVideoCodec.dll
2008-08-15 14:36 . 2008-08-15 14:36 17,920 --a------ C:\Documents and Settings\Esa & Minna-Liisa\Application Data\GDIPFONTCACHEV1.DAT
2008-08-12 21:22 . 2008-08-12 21:22 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-09 02:22 . 2008-08-09 02:22 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-08-09 02:22 . 2008-08-09 02:22 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-08-09 02:15 . 2008-08-09 02:15 <DIR> d-------- C:\Program Files\MDickie
2008-08-08 06:46 . 2008-08-08 19:55 <DIR> d-------- C:\Program Files\Valve
2008-08-07 13:53 . 2008-08-07 14:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-06 22:37 . 2008-08-17 04:17 <DIR> d-------- C:\Documents and Settings\Esa & Minna-Liisa\Application Data\DivX
2008-08-05 22:46 . 2008-07-23 19:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-08-05 03:06 . 2008-08-05 03:06 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-05 03:06 . 2008-08-05 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-05 00:03 . 2008-08-17 21:00 <DIR> d-------- C:\Documents and Settings\Esa & Minna-Liisa\Application Data\LimeWire
2008-08-05 00:01 . 2008-08-05 00:02 <DIR> d-------- C:\Program Files\LimeWire
2008-08-04 21:34 . 2008-06-13 16:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-04 20:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-04 20:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-04 20:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-04 18:35 . 2008-08-05 08:46 <DIR> d-------- C:\Program Files\DC++
2008-08-04 18:27 . 2008-08-04 18:27 <DIR> d-------- C:\Program Files\P2P_Energy
2008-08-04 18:27 . 2008-08-04 18:27 <DIR> d-------- C:\Program Files\Conduit
2008-08-04 18:27 . 2008-08-04 18:27 <DIR> d-------- C:\Documents and Settings\Esa & Minna-Liisa\Application Data\LimeWireTurbo
2008-08-04 18:01 . 2008-08-04 18:01 <DIR> d-------- C:\Documents and Settings\Esa & Minna-Liisa\Contacts
2008-08-04 17:59 . 2008-08-04 17:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-04 17:27 . 2008-08-04 17:56 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-04 17:26 . 2008-08-04 17:59 <DIR> d-------- C:\Program Files\Windows Live
2008-08-04 17:26 . 2008-08-04 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-04 16:15 . 2008-08-05 06:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-04 15:58 . 2008-08-04 15:58 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-04 15:58 . 2008-08-04 15:58 <DIR> d-------- C:\Program Files\AVG
2008-08-04 15:58 . 2008-08-04 15:58 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-04 15:58 . 2008-08-04 15:58 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-04 15:58 . 2008-08-04 15:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-04 15:57 . 2008-08-04 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-04 15:23 . 2008-08-04 15:23 <DIR> d-------- C:\Program Files\Sygate
2008-08-04 15:23 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-04 15:20 . 2008-08-04 15:28 <DIR> d-------- C:\Program Files\Google
2008-07-31 04:45 . 2008-07-31 06:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-31 04:04 . 2008-08-04 15:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 03:25 . 2007-08-24 19:45 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-07-31 03:25 . 2007-08-24 19:45 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-07-31 00:09 . 2004-08-04 15:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-07-31 00:08 . 2004-08-04 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-31 00:07 . 2004-08-04 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-31 00:06 . 2004-08-04 15:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-31 00:05 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-07-31 00:02 . 2008-07-31 00:02 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-31 00:02 . 2008-07-31 00:02 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-31 00:02 . 2008-07-31 00:02 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-31 00:02 . 2008-07-31 00:02 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-31 00:02 . 2008-07-31 00:02 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-31 00:02 . 2008-07-31 00:02 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-31 00:01 . 2004-08-04 15:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-07-30 23:48 . 2004-08-04 15:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-07-30 23:48 . 2004-08-04 15:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-07-30 23:48 . 2004-08-04 15:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-07-30 23:48 . 2004-08-04 15:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-07-30 23:48 . 2008-07-30 23:48 2,572 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-07-30 23:20 . 2008-08-04 15:28 535,314,432 --a------ C:\WINDOWS\MEMORY.DMP
2008-07-25 11:36 . 2008-07-25 11:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-07-25 11:36 . 2008-07-25 11:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-07-25 05:18 . 2008-07-31 03:25 <DIR> d-------- C:\Program Files\Mobile Partner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 18:22 --------- d-----w C:\Program Files\Common Files\Real
2008-08-08 16:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-08 03:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 11:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-05 19:48 --------- d-----w C:\Program Files\DivX
2008-08-05 00:20 --------- d-----w C:\Program Files\QuickTime
2008-08-05 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-04 12:28 --------- d-----w C:\Program Files\F-Secure
2008-08-04 10:13 --------- d-----w C:\Program Files\Norman
2008-07-31 01:49 --------- d-----w C:\Program Files\Lavasoft
2006-02-24 15:03 13,652,192 ----a-w C:\Program Files\NVC581_R6FIN.EXE
2006-01-01 21:13 948,936 ----a-w C:\Program Files\install_flash_player.exe
2006-01-01 21:13 304,216 ----a-w C:\Program Files\nsb-setup.exe
2005-12-21 05:17 10,915 ----a-w C:\Program Files\OGLGeomBench.txt
2005-12-21 05:09 2,464,323 ----a-w C:\Program Files\glspec20.pdf
2005-12-21 05:08 102,400 ----a-w C:\Program Files\oglbench.exe
2005-12-21 04:42 48,410,384 ----a-w C:\Program Files\directx_dec2005_redist.exe
2005-12-21 03:57 11,817,800 ----a-w C:\Program Files\GoogleEarthSetup.exe
2005-12-05 15:28 916,806 ----a-w C:\Program Files\Dec2005_MDX1_x86.cab
2005-12-05 15:28 86,925 ----a-w C:\Program Files\Oct2005_xinput_x64.cab
2005-12-05 15:28 46,247 ----a-w C:\Program Files\Oct2005_xinput_x86.cab
2005-12-05 15:28 41,888 ----a-w C:\Program Files\dxdllreg_x86.cab
2005-12-05 15:28 3,673,932 ----a-w C:\Program Files\Dec2005_MDX1_x86_Archive.cab
2005-12-05 15:28 1,358,864 ----a-w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2005-12-05 15:27 1,080,344 ----a-w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2004-06-13 18:34 1,694,551 ----a-w C:\Program Files\aaw6181.exe
2004-06-13 18:29 19,012 ----a-w C:\Program Files\3001-8022-10214379.htm
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P1.dll" [2008-08-13 07:59 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-08-13 07:59 1569304 --a------ C:\Program Files\P2P_Energy\tbP2P1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P1.dll" [2008-08-13 07:59 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P1.dll" [2008-08-13 07:59 1569304]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Mobile Partner"="C:\Program Files\Mobile Partner\Mobile Partner.exe" [2007-10-17 17:45 110592]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-04 15:20 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-07-09 15:07 1249280]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 11:54 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"8l1gq5qa"="C:\WINDOWS\system32\8l1gq5qa.exe" [2006-06-28 13:24 420421]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-04 15:58 1232152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-12 21:20 185896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 12:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 12:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
WinZip Quick Pick.lnk - C:\My Music\WinZip\WZQKPICK.EXE [2004-06-26 20:05:04 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-04 15:58]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-04 15:58]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-04 15:58]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-04 15:58]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2005-01-14 22:54]
S3 cel90xbe;cel90xbe;C:\DOCUME~1\ESA&MI~1\LOCALS~1\Temp\cel90xbe.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11aac8bc-58dc-11dd-a2e3-00c0a8f528a9}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd561aa8-5e96-11dd-a2f3-00c0a8f528a9}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WinMX - C:\My Music\WinMX\WinMX.exe
HKCU-Run-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
HKLM-Run-lphc9m1j0e13l - C:\WINDOWS\system32\lphc9m1j0e13l.exe
HKLM-Run-SMrhccm1j0e13l - C:\Program Files\rhccm1j0e13l\rhccm1j0e13l.exe
HKU-Default-Run-Microsoft Update - wumgrd.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Esa & Minna-Liisa\Application Data\Mozilla\Firefox\Profiles\pt8akl6a.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fi/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 02:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-25 2:49:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 23:48:54

Pre-Run: 1,068,089,344 bytes free
Post-Run: 1,618,973,184 bytes free

263 --- E O F --- 2008-08-19 06:01:00





Malwarebytes' Anti-Malware 1.25
Tietokantaversio: 1085
Windows 5.1.2600 Service Pack 2

4:33:21 25.8.2008
mbam-log-08-25-2008 (04-33-21).txt

Tarkistustyyppi: Täysi tarkistus (A:\|C:\|D:\|E:\|F:\|)
Tarkistetut kohteet: 93637
Kulunut aika: 1 hour(s), 31 minute(s), 2 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 3
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 3

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\WINDOWS\system32\blphc9m1j0e13l.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BB632877-C629-45DE-8320-22BC38DB6BD5}\RP36\A0012215.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:32, on 25.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\My Music\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [8l1gq5qa] C:\WINDOWS\system32\8l1gq5qa.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\My Music\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://sto-notes.samsung.se/iNotes.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121975574125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://207.192.215.42/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D83E0111-E9A4-11D1-A5B7-0060082BD97A} (HMR Image Control Pro) - http://192.49.222.99/Objects/HMRImageCtrlPro.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{051169C6-FEE0-43B7-8D9B-423E9A772703}: NameServer = 195.74.0.47,195.74.0.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6FFB5-64B0-404C-97FF-1745481CDB25}: NameServer = 217.78.192.22 217.78.192.78
O17 - HKLM\System\CS1\Services\Tcpip\..\{051169C6-FEE0-43B7-8D9B-423E9A772703}: NameServer = 195.74.0.47,195.74.0.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{051169C6-FEE0-43B7-8D9B-423E9A772703}: NameServer = 195.74.0.47,195.74.0.55
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

--
End of file - 9118 bytes