Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Tuesday 4.3.2025 / 16:52
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > final steps to av 2009 removal
Show topics
 
Forums
Forums
Final Steps To AV 2009 Removal
  Jump to:
 
Posted Message
itrk4fun
Newbie
_ 		17. January 2009 @ 22:02 _ Link to this message    Send private message to this user   
I had been following a thread by cdavfrew but realized that the final steps could be different to my situation so I thought it would be best to come here and see if I could figure out my way through forums.

Thus far I have ran Combo-Fix and HijackThis... the logs are posted below. What would be the final steps to me getting rid of any malicious software in this system.

Combo-Fix Log File

ComboFix 09-01-17.03 - louis 2009-01-17 20:44:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.203 [GMT -5:00]
Running from: c:\documents and settings\louis\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\system32\TDSSosvd.dat

.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-17 19:43 . 2009-01-17 19:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 19:43 . 2009-01-17 19:43 <DIR> d-------- c:\documents and settings\louis\Application Data\Malwarebytes
2009-01-17 19:43 . 2009-01-17 19:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 19:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 19:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 07:41 . 2009-01-17 07:41 <DIR> d-------- c:\program files\Belarc
2009-01-17 07:41 . 2008-02-27 12:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
2009-01-16 22:37 . 2009-01-16 22:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PC Tools
2009-01-16 21:23 . 2007-08-10 19:46 33,656 --a------ c:\windows\system32\sprecovr.exe
2009-01-16 21:18 . 2008-08-14 05:00 2,180,352 --a------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-16 21:16 . 2009-01-16 21:16 <DIR> d-------- c:\windows\EHome
2009-01-16 18:43 . 2009-01-16 19:42 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-07 20:39 . 2009-01-07 20:42 <DIR> d-------- C:\33eff2825cc66e6cd3d40088
2009-01-06 19:08 . 2009-01-06 19:08 244 --ah----- C:\sqmnoopt02.sqm
2009-01-06 19:08 . 2009-01-06 19:08 232 --ah----- C:\sqmdata02.sqm
2009-01-06 17:08 . 2004-10-04 17:25 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2009-01-06 17:08 . 2004-10-04 17:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterTrust
2009-01-06 17:08 . 2009-01-06 17:08 <DIR> d-------- c:\documents and settings\Administrator
2008-12-20 09:39 . 2009-01-06 16:56 47,584 --a------ c:\windows\system32\cnrsdlasrwhp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 04:47 --------- d-----w c:\program files\Yahoo!
2009-01-17 04:45 --------- d-----w c:\program files\Google
2009-01-17 03:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-17 02:13 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-17 02:01 --------- d-----w c:\program files\Winamp Remote
2008-12-18 04:03 --------- d-----w c:\program files\MSN Messenger
2009-01-06 23:33 66,648 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-06 23:33 54,352 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-06 23:33 34,928 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-06 23:33 46,696 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-06 23:34 172,120 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^louis^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\louis\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^louis^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\louis\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-10-30 03:46 192512 c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-10 23:10 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
--a------ 2004-06-14 07:00 638976 c:\program files\TOSHIBA\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER]
--a------ 2004-08-19 20:14 135168 c:\program files\TOSHIBA\Power Management\CePMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-07-20 03:04 122939 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzButton]
--a------ 2004-05-13 21:29 712704 c:\program files\EzButton\EzButton.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-10-05 16:12 243072 c:\program files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--------- 2003-09-26 17:43 184320 c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 15:02 495616 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2004-02-03 16:47 1089589 c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-22 21:29 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2003-09-05 05:24 65536 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
--a------ 2004-03-14 22:17 53248 c:\program files\TOSHIBA\TouchPad\TPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
--------- 2005-09-14 20:44 65536 c:\windows\UMStor\Res.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-02-20 17:00 88363 c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2004-10-02 6016]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPSp50.sys --> c:\windows\system32\Drivers\CBPSp50.sys [?]
S4 aus6ehgionuu;Print Spooler Service;c:\windows\system32\vwi.exe /service --> c:\windows\system32\vwi.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0e59214-45fa-11dc-8624-000fb06a8aaa}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-17 c:\windows\Tasks\At1.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At10.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At100.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At101.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At102.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At103.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At104.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At105.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At106.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At107.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At108.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At109.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At11.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At110.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At111.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At112.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At113.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At114.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At115.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-18 c:\windows\Tasks\At116.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-18 c:\windows\Tasks\At117.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At118.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At119.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At12.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At120.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At121.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At122.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At123.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At124.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At125.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At126.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At127.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At128.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At129.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At13.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At130.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At131.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At132.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At133.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At134.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At135.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At136.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At137.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At138.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At139.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At14.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At140.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At141.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At142.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At143.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At144.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At145.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At146.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At147.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At148.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At149.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At15.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At150.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At151.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At152.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At153.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At154.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At155.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At156.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At157.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At158.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At159.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At16.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At160.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At161.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At162.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At163.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At164.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At165.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At166.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At167.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At168.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At169.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At17.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At170.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At171.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At172.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At173.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At174.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At175.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At176.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At177.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At178.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At179.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At18.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At180.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At181.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At182.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At183.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At184.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At185.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At186.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At187.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At188.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At189.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At19.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At190.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At191.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At192.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At2.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At20.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At21.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At22.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At23.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At24.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At25.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At26.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At27.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At28.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At29.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At3.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At30.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At31.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At32.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At33.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At34.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At35.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At36.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At37.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At38.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At39.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At4.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At40.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At41.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At42.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At43.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At44.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At45.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At46.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At47.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At48.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At49.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At5.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At50.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At51.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At52.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At53.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At54.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At55.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At56.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At57.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At58.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At59.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At6.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At60.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At61.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At62.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At63.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At64.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At65.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At66.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At67.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At68.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At69.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At7.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At70.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At71.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At72.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At73.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At74.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At75.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At76.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At77.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At78.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At79.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At8.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At80.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At81.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At82.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At83.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At84.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At85.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At86.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At87.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At88.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At89.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At9.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At90.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At91.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At92.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-18 c:\windows\Tasks\At93.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At94.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At95.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At96.job
- c:\windows\system32\WRESP3oE.exe []

2009-01-17 c:\windows\Tasks\At97.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At98.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-17 c:\windows\Tasks\At99.job
- c:\windows\system32\B1JbnEw4.exe []

2009-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2005-10-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 07:00]

2005-10-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 07:00]

2005-10-26 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 07:00]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-37420751612770275530678491231760 - c:\program files\A360\av360.exe
MSConfigStartUp-ieupdate - c:\windows\system32\explorer32.exe
MSConfigStartUp-lrzhreqgpntq - c:\windows\system32\eyqfovqolijeclwrj.dll
MSConfigStartUp-MSFox - c:\docume~1\louis\LOCALS~1\Temp\yyy9556.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-Spyware Doctor - c:\program files\Spyware Doctor\swdoctor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\wianmpa.exe
MSConfigStartUp-CFSServ - CFSServ.exe
MSConfigStartUp-NDSTray - NDSTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.meteomedia.com/weather/caon0449
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.200.1:8080
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\louis\Application Data\Mozilla\Firefox\Profiles\aqe6f63s.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/english/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 20:47:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\Power Management\CeEPwrSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
**************************************************************************
.
Completion time: 2009-01-17 20:50:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-18 01:50:47

Pre-Run: 78,160,908,288 bytes free
Post-Run: 79,303,561,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

602 --- E O F --- 2009-01-08 01:42:01

HiJackThis Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:31 PM, on 1/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\louis\Desktop\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meteomedia.com/weather/caon0449
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.200.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.vista-agent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Print Spooler Service (aus6ehgionuu) - Unknown owner - C:\WINDOWS\system32\vwi.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7764 bytes


Thank you for any help you can provide and all the help you have already provided.
[ + quote]
If I stop learning... what will I do?
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > final steps to av 2009 removal
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork