Awwwww! Cutest duckie ever! Thanks Corrine!
I installed Online Armor and its running fine but I had some items I've never heard of when it scanned and it asked me if I wanted to block or allow them and I didn't know what to do. I didn't know if it was something harmless that goes along with my computer or something.
Okay now onto the logs...
ComboFixComboFix 08-11-10.01 - Owner 2008-11-10 20:40:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.178 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\tmp0_123501601221.bk.old
c:\windows\system32\tmpxr_113965127447.bk
c:\windows\system32\tmpxr_121863277018.bk
c:\windows\system32\tmpxr_1326257771.bk
c:\windows\system32\tmpxr_165775457855.bk
c:\windows\system32\tmpxr_169135620091.bk
c:\windows\system32\tmpxr_171298367478.bk
c:\windows\system32\tmpxr_251882775017.bk
c:\windows\system32\tmpxr_25968696129.bk
c:\windows\system32\tmpxr_26122537045.bk
c:\windows\system32\tmpxr_269187402835.bk
c:\windows\system32\tmpxr_285632302436.bk
c:\windows\system32\tmpxr_312730456670.bk
c:\windows\system32\tmpxr_34150561193.bk
c:\windows\system32\tmpxr_3584318732.bk
c:\windows\system32\tmpxr_360057757864.bk
c:\windows\system32\tmpxr_38291189300.bk
c:\windows\system32\tmpxr_39277030322.bk
c:\windows\system32\tmpxr_447400678105.bk
c:\windows\system32\tmpxr_455615451612.bk
c:\windows\system32\tmpxr_456497128999.bk
c:\windows\system32\tmpxr_4871851931.bk
c:\windows\system32\tmpxr_489168222975.bk
c:\windows\system32\tmpxr_489966761291.bk
c:\windows\system32\tmpxr_534074182103.bk
c:\windows\system32\tmpxr_565000482036.bk
c:\windows\system32\tmpxr_574770524087.bk
c:\windows\system32\tmpxr_649333806314.bk
c:\windows\system32\tmpxr_676259759994.bk
c:\windows\system32\tmpxr_692387680604.bk
c:\windows\system32\tmpxr_721629774584.bk
c:\windows\system32\tmpxr_745220870253.bk
c:\windows\system32\tmpxr_748103197388.bk
c:\windows\system32\tmpxr_751599731368.bk
c:\windows\system32\tmpxr_76728704160.bk
c:\windows\system32\tmpxr_776903365217.bk
c:\windows\system32\tmpxr_794261529486.bk
c:\windows\system32\tmpxr_839050459708.bk
c:\windows\system32\tmpxr_847666733972.bk
c:\windows\system32\xdufytw.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp0_123501601221.bk.old
c:\windows\system32\tmpxr_113965127447.bk
c:\windows\system32\tmpxr_121863277018.bk
c:\windows\system32\tmpxr_1326257771.bk
c:\windows\system32\tmpxr_165775457855.bk
c:\windows\system32\tmpxr_169135620091.bk
c:\windows\system32\tmpxr_171298367478.bk
c:\windows\system32\tmpxr_251882775017.bk
c:\windows\system32\tmpxr_25968696129.bk
c:\windows\system32\tmpxr_26122537045.bk
c:\windows\system32\tmpxr_269187402835.bk
c:\windows\system32\tmpxr_285632302436.bk
c:\windows\system32\tmpxr_312730456670.bk
c:\windows\system32\tmpxr_34150561193.bk
c:\windows\system32\tmpxr_3584318732.bk
c:\windows\system32\tmpxr_360057757864.bk
c:\windows\system32\tmpxr_38291189300.bk
c:\windows\system32\tmpxr_39277030322.bk
c:\windows\system32\tmpxr_447400678105.bk
c:\windows\system32\tmpxr_455615451612.bk
c:\windows\system32\tmpxr_456497128999.bk
c:\windows\system32\tmpxr_4871851931.bk
c:\windows\system32\tmpxr_489168222975.bk
c:\windows\system32\tmpxr_489966761291.bk
c:\windows\system32\tmpxr_534074182103.bk
c:\windows\system32\tmpxr_565000482036.bk
c:\windows\system32\tmpxr_574770524087.bk
c:\windows\system32\tmpxr_649333806314.bk
c:\windows\system32\tmpxr_676259759994.bk
c:\windows\system32\tmpxr_692387680604.bk
c:\windows\system32\tmpxr_721629774584.bk
c:\windows\system32\tmpxr_745220870253.bk
c:\windows\system32\tmpxr_748103197388.bk
c:\windows\system32\tmpxr_751599731368.bk
c:\windows\system32\tmpxr_76728704160.bk
c:\windows\system32\tmpxr_776903365217.bk
c:\windows\system32\tmpxr_794261529486.bk
c:\windows\system32\tmpxr_839050459708.bk
c:\windows\system32\tmpxr_847666733972.bk
c:\windows\system32\xdufytw.sys
.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.
2008-11-10 19:44 . 2008-11-10 20:33 <DIR> d----c--- c:\documents and settings\Owner\Application Data\OnlineArmor
2008-11-10 19:44 . 2008-11-10 19:44 <DIR> d----c--- c:\documents and settings\All Users\Application Data\OnlineArmor
2008-11-10 19:43 . 2008-11-10 19:43 <DIR> d-------- c:\program files\Tall Emu
2008-11-10 19:43 . 2008-10-07 00:09 178,376 --a------ c:\windows\system32\drivers\OADriver.sys
2008-11-10 19:43 . 2008-10-07 00:09 30,920 --a------ c:\windows\system32\drivers\OAmon.sys
2008-11-10 19:43 . 2008-10-07 00:09 28,872 --a------ c:\windows\system32\drivers\OAnet.sys
2008-11-09 19:06 . 2008-11-09 20:21 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-09 14:01 . 2008-11-09 14:01 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-09 13:36 . 2008-11-09 14:15 <DIR> d-------- c:\program files\NOS
2008-11-09 13:36 . 2008-11-09 14:15 <DIR> d----c--- c:\documents and settings\All Users\Application Data\NOS
2008-11-07 21:22 . 2008-11-07 21:22 <DIR> d-------- c:\program files\Trend Micro
2008-11-07 19:31 . 2008-11-07 19:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-07 19:31 . 2008-11-07 19:31 <DIR> d----c--- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-07 19:31 . 2008-11-07 19:31 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-07 19:31 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 19:31 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-27 22:44 . 2008-10-27 22:44 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-24 02:36 . 2008-10-15 09:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 05:13 . 2008-09-08 03:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 05:07 . 2008-09-15 05:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 05:06 . 2008-08-14 03:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 05:06 . 2008-08-14 03:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 05:06 . 2008-08-14 02:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 05:06 . 2008-08-14 02:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 21:10 --------- d-----w c:\program files\Java
2008-11-09 21:00 --------- d-----w c:\program files\Common Files\Adobe
2008-10-28 05:45 --------- d-----w c:\program files\Lavasoft
2008-10-28 05:42 --------- dc----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-28 05:31 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-28 05:31 --------- d-----w c:\program files\SpywareBlaster
2008-10-21 13:30 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-19 01:26 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((
snapshot@2008-11-09_11.31.46.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-06 02:24:43 65,536 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\PM_Designer.exe
+ 2008-11-10 00:51:08 65,536 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\PM_Designer.exe
- 2008-08-06 02:24:42 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
+ 2008-11-10 00:51:08 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
- 2008-08-06 02:24:43 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat_Standard.exe
+ 2008-11-10 00:51:08 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat_Standard.exe
- 2008-08-06 02:24:43 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Distiller.exe
+ 2008-11-10 00:51:09 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Distiller.exe
- 2008-08-06 02:24:43 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_ELEMENTS_DT.exe
+ 2008-11-10 00:51:08 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_ELEMENTS_DT.exe
+ 2007-12-12 22:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-09-13 01:25:08 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-09 20:37:22 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-09-13 01:25:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-09 20:37:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-13 01:25:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-09 20:37:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-27 21:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 21:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 02:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 19:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
- 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-11-05 17:44:39 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-09 21:05:10 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-06-28 03:55:23 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-11-11 03:15:44 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-02-11 16:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 16:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 20:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 15:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
- 2008-11-05 17:42:50 53,608 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-10 15:26:17 53,608 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-05 17:42:50 383,254 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-10 15:26:17 383,254 ----a-w c:\windows\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-08-15 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 4501912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 98304]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-11 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-10-07 6223048]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 c:\windows\SOUNDMAN.EXE]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-10-30 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-10 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= lvfwwdmt.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\utorrent.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-10-07 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-10-07 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-10-07 28872]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-18 76040]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2008-10-07 1402568]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2008-10-07 3321032]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\Drivers\RIOXDRV.sys [2003-02-06 18304]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;c:\docume~1\Owner\LOCALS~1\Temp\TCCpuInfo.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0139f1c3-0909-11da-ad6b-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a99c35-0aaa-11da-92d3-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-11-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-10 20:43:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-11-10 20:47:22
ComboFix-quarantined-files.txt 2008-11-11 03:46:19
ComboFix2.txt 2008-11-09 21:41:46
ComboFix3.txt 2008-11-09 18:33:09
Pre-Run: 29,277,986,816 bytes free
Post-Run: 29,441,155,072 bytes free
265 --- E O F --- 2008-10-24 12:22:42
Hijack ThisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:15 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gaiaonline.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cabO16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) -
http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://142.22.58.150/activex/AxisCamControl.cabO16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) -
http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 10361 bytes
