• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
falconnub

help (suspicious of a virus attack)

35 posts in this topic

Hi! Within this few days, my com has become REALLY REALLY LAG! :weep: I also see a couple of unknown processes in my task manager. There is once when i start my com and it only display the wallpaper and clashed there. But after i check out at the task manager and end tasked an unknown process (sry i had forgottened about the name of the process), things then start working again. I did a couple of scans usin AVG Antispyware and even combofix but they did not find anything... Therefore i kind of get suspicious and decided to seek help... This is my Hijackthis log:

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 6:12:47 PM, on 5/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Comodo\LaunchPad\CLPTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hijackthis.de/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB

O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream.com/bin/powerplayer.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jacie88.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145257149890

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5727FC39-C29C-4663-98A4-DB4F4223A403}: NameServer = 165.21.83.88 165.21.100.88

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Nothing suspicious was found on your log.

 

Make sure you have the latest version.

 

Download this file - combofix.exe

 

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

 

"%userprofile%\desktop\combofix.exe"

 

Boot into safe mode by tapping the F8 key just before Windows starts to load.

 

go to start --> run and copy/paste in the following:

 

"%userprofile%\desktop\combofix.exe"

 

When finished, it shall produce a log for you. Save it and post that log in your next reply.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

In your next post, please include

  • new hijackthis log
  • combofix log

*use separate posts to ensure the logs don't get cut off!

Share this post


Link to post
Share on other sites

Hi! My com is kind of laggy after the combofix scan... I'm also suspicious about the sudden increase in the memory usage this past few days. Ususally it stays at around 300++ mb put now it stays at around 180++ mb. Can you please tell me why? Anyway thanks for ur help. This is the combofix log:

 

 

 

"User" - 2007-06-01 20:04:29 Service Pack 2 [sAFE MODE]

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\User\Desktop\"

 

 

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_8NASCAR

-------\LEGACY_LIVE

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))

 

 

2007-05-26 12:22 <DIR> d-------- C:\Program Files\pspvideo9

2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\SplitMp3.dll

2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\SoftCount.dll

2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\Reginfo.dll

2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\ConvertMp3.dll

2007-05-26 08:24 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\InstallShield

2007-05-25 13:59 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-05-25 13:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-05-25 13:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-05-25 13:39 <DIR> d-------- C:\Program Files\MP3SPLITTER

2007-05-24 18:09 <DIR> d-------- C:\Program Files\AviSynth 2.5

2007-05-24 16:24 <DIR> d-------- C:\Program Files\Veoh Networks

2007-05-24 15:55 <DIR> d-------- C:\Program Files\MetaStream

2007-05-24 15:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

2007-05-23 18:15 <DIR> d-------- C:\Program Files\Naturpic Video Cutter

2007-05-23 17:48 <DIR> d-------- C:\Program Files\Moyea

2007-05-23 17:48 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\MoyeaFLV2Video

2007-05-23 17:40 <DIR> d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD

2007-05-23 17:09 98,304 --a------ C:\WINDOWS\system32\viscomtran.dll

2007-05-23 17:09 94,208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll

2007-05-23 17:09 90,112 --a------ C:\WINDOWS\system32\viscomframe.dll

2007-05-23 17:09 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll

2007-05-23 17:09 598,016 --a------ C:\WINDOWS\system32\viscomqtde.dll

2007-05-23 17:09 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll

2007-05-23 17:09 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll

2007-05-23 17:09 110,592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll

2007-05-23 17:09 <DIR> d-------- C:\Program Files\Kate's Video Cutter

2007-05-19 10:18 <DIR> d-------- C:\Program Files\AceLogix

2007-05-12 12:11 <DIR> d-------- C:\Program Files\SpywareBlaster

2007-05-10 13:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-05-08 13:42 <DIR> d-------- C:\Documents and Settings\User\.SunDownloadManager

2007-05-08 13:42 <DIR> d-------- C:\DOCUME~1\User\.SunDownloadManager

2007-05-04 12:05 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-03 10:35 380,416 --a------ C:\WINDOWS\system32\rstrui.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-01 11:57:33 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys

2007-06-01 11:57:21 -------- d-----w C:\Program Files\WinPoET Broadband Connection

2007-05-30 00:03:49 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Enigma Browser

2007-05-27 02:33:05 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Hamachi

2007-05-26 00:24:08 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-24 02:36:34 5 ----a-w C:\WINDOWS\system32\SySMACJ.dat

2007-05-08 05:38:33 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-05-08 03:18:49 -------- d-----w C:\Program Files\Spyware Terminator

2007-04-19 10:20:05 -------- d-----w C:\Program Files\Alcohol Soft

2007-04-19 10:15:07 -------- d-----w C:\Program Files\Elaborate Bytes

2007-04-19 08:58:33 -------- d-----w C:\Program Files\EA SPORTS

2007-04-19 08:43:25 -------- d-----w C:\Program Files\FIFA 07

2007-04-19 08:17:14 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-04-14 03:23:42 0 ----a-w C:\WINDOWS\system32\sys_dll.dll

2007-04-05 01:12:00 -------- d-----w C:\Program Files\softnyx

2007-04-02 07:49:31 -------- d-----w C:\Program Files\Opera

2007-03-09 08:57:06 5 ----a-w C:\WINDOWS\system32\SySMP3CutJoin.dat

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-08-24 18:37]

{2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 22:44]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Comodo Launch Pad Tray"="C:\Program Files\Comodo\LaunchPad\CLPTray.exe" [2006-09-06 08:29]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-08 14:56]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-04 12:01]

"IESAddr"="" []

"a-winpoet-service"="C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe" [2002-07-17 13:50]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-24 09:34]

"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-04 08:00]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-05 13:52]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-10-11 05:23]

"Free Ram Optimizer"="C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]

"@"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 13:11]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Live

 

 

********************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-01 20:09:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

********************************************************************

 

 

Completion time: 2007-06-01 20:10:51 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-01 20:10

C:\ComboFix2.txt ... 2007-05-25 20:04

C:\ComboFix3.txt ... 2007-05-10 13:31

 

--- E O F ---

Share this post


Link to post
Share on other sites

This is the hjt log:

 

Logfile of HijackThis v1.99.1

Scan saved at 8:19:15 PM, on 6/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Comodo\LaunchPad\CLPTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hijackthis.de/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB

O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream.com/bin/powerplayer.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jacie88.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145257149890

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5727FC39-C29C-4663-98A4-DB4F4223A403}: NameServer = 165.21.83.88 165.21.100.88

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

Share this post


Link to post
Share on other sites

Nothing suspicious was found.

 

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols3.shtml

  • Click the Online Virus Scanner link. (Bottom of the page)
  • When prompted, choose to install the software.
  • After the software has installed, click Accept.
  • Click Custom Scan and check the option for Scan inside archives, then click Start.
  • The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
  • If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
  • After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
  • In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.

Share this post


Link to post
Share on other sites

Hi! For the online scan, it sort of 'stucked' at the preparing to download thingy and a pop up came up and said that it is unable to download the necessary components... I will be away for a camp from tues to thurs, hope to see your reply then! Thanks for all your help

Share this post


Link to post
Share on other sites

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

 

Then,

 

Run Hijack This, Choose Open the Misc tools section, On the StartUp List area at the top, place a check next to List Also Minor Sections (full) and List Empty Sections (complete) then press Generate StartUp List Log and Yes at the prompt. Please post the text file that opens into your next reply.

 

 

Include a fresh HijackThis log for review.

 

Let me know what problem persist.

Share this post


Link to post
Share on other sites

Hi! Sry for the very very very late reply coz my mom banned me from using com... =.=' My com is working fine but i still notice quite a large usage of memory of my pc. Anyway, this is the log u wanted:

 

CreateProfile.vbs;C:\Program Files\Mozilla Firefox;Probably SCRIPT.Virus;Incurable.Moved.;

hztk0822.exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\IEHelper;Adware.Cdn;Incurable.Moved.;

Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;

 

 

 

 

StartupList report, 6/10/2007, 2:01:34 PM

StartupList version: 1.52.2

Started from : C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Comodo\LaunchPad\CLPTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe

C:\WINDOWS\system32\Notepad.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\User\Start Menu\Programs\Startup]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Comodo Launch Pad Tray = C:\Program Files\Comodo\LaunchPad\CLPTray.exe

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

IESAddr =

a-winpoet-service = "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"

AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

Free Ram Optimizer = C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

Veoh = "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

(Default) =

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

[setup]

Registrando Panda ActiveX = C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll

Registrando Panda Almacen = C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *

StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Windows Desktop Search\dsWebAllow.dll - {2F85D76C-0569-466F-A488-493E6BD0E955}

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

*No jobs found*

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[{00000055-9980-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/fhg.CAB

 

[Checkers Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll

CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

 

[stagingUI Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx

CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

 

[F-Secure Online Scanner 3.1]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll

CODEBASE = http://support.f-secure.com/ols/fscax.cab

 

[CKAVWebScan Object]

InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

CODEBASE = http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

 

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

 

[installerBehaviorFactory Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnInstC.dll

CODEBASE = https://signup.msn.com/pages/MsnInstC.cab

 

[TmHcmsX Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\TmHcmsX.ocx

CODEBASE = http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB

 

[PowerList Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\POWERL~1.OCX

CODEBASE = http://www.ppstream.com/bin/powerplayer.cab

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://fpdownload.macromedia.com/pub/shock...director/sw.cab

 

[Nexon Package Manager Control]

InProcServer32 = C:\WINDOWS\nxpm.ocx

CODEBASE = http://s.nx.com/activex/public_new/nxpm.cab

 

[symantec AntiVirus scanner]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

 

[YInstStarter Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll

CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

 

[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

 

[FilePlanet Download Control Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\FPDC.dll

CODEBASE = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

 

[MSN Games – Buddy Invite]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx

CODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

 

[EGamesPlugin Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\EGamesPlugin.dll

CODEBASE = http://www.e-games.com.my/com/EGamesPlugin.cab

 

[MSN Photo Upload Tool]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll

CODEBASE = http://jacie88.spaces.live.com//PhotoUpload/MsnPUpld.cab

 

[ZonePAChat Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx

CODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

 

[WUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\wuweb.dll

CODEBASE = http://update.microsoft.com/windowsupdate/...b?1145257149890

 

[symantec RuFSI Utility Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[{77E32299-629F-43C6-AB77-6A1E6D7663F6}]

CODEBASE = http://download.shockwave.com/pub/otoy/OTOYAX.cab

 

[MLauncherNew Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MLauncherNew.dll

CODEBASE = http://legendofares.netgame.com/download/MusaLauncherNew.cab

 

[unoCtrl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll

CODEBASE = http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab

 

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll

CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

 

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

 

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

 

[sABScanProcesses Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\sabspx.dll

CODEBASE = http://www.superadblocker.com/activex/sabspx.cab

 

[MSN Games - Installer]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx

CODEBASE = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

 

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

 

[HGPlugin9USA Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.dll

CODEBASE = http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

 

[HGPluginJP23 Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\HGPluginJP23.dll

CODEBASE = http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx

CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

 

[MSN Games – Game Communicator]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll

CODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

 

[{E5D419D6-A846-4514-9FAD-97E826C84822}]

CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AMD K7 Processor Driver: system32\DRIVERS\amdk7.sys (system)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)

AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)

AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)

AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)

AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)

AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)

AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)

AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)

AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)

AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)

AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)

AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

Comodo Application Agent: C:\Program Files\Comodo\Personal Firewall\cmdagent.exe (autostart)

Comodo Application Engine: System32\DRIVERS\cmdmon.sys (system)

C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

CO_Mon: \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Disk Driver: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Dua1: \??\C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\6NON749K\Dualengine[1]\Dualengine\DualEngi.sys (manual start)

EagleNT: \??\C:\WINDOWS\system32\drivers\EagleNT.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

fuckoff1: \??\C:\ReymiXEngine\reymixddk.sys (manual start)

GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

Hamachi Network Interface: system32\DRIVERS\hamachi.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

Comodo Network Engine: System32\DRIVERS\inspect.sys (system)

IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

madCodeHook DLL injection driver: \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys (system)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)

Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)

WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

MSCSPTISRV: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NPPTNT2: \??\C:\WINDOWS\system32\npptNT2.sys (manual start)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: system32\DRIVERS\nv4_mini.sys (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

ONSIO: \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS (autostart)

PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (manual start)

Parallel port driver: system32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

SABProcEnum: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Serial port driver: system32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SiS315: system32\DRIVERS\sisgrp.sys (manual start)

SiSkp: system32\DRIVERS\srvkp.sys (system)

SiS PCI Fast Ethernet Adapter Driver: system32\DRIVERS\sisnic.sys (manual start)

SMPLSCSI: System32\drivers\SMPLSCSI.SYS (system)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

sptd: System32\Drivers\sptd.sys (system)

Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)

System Restore Filter Driver: \SystemRoot\system32\DRIVERS\sr.sys (disabled)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

SonicStage SCSI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{90306629-1E0E-4D92-BD76-B3A913FF9BC9} (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (manual start)

tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microsoft AGPv3.5 Filter: system32\DRIVERS\uagp35.sys (system)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)

Motorola USB Modem Driver for MPT: system32\DRIVERS\usbsermpt.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)

User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

VClone: system32\DRIVERS\VClone.sys (system)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

WinPPPoverEthernet: C:\Program Files\WinPoET Broadband Connection\WrOS.EXE (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

WrKPoET2000: \??\C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys (manual start)

iVasion PoET Adapter: system32\DRIVERS\WrKPoETNic2000.sys (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

XTrapD12: \??\C:\WINDOWS\system32\XTrapD12.sys (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

End of report, 41,166 bytes

Report generated in 0.281 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

All clean.

 

You may be interested in using this tool to disable some of the programs/processes you do not wish to start at startup.

 

StartUpLite is a lightweight program that can disable or remove all known unnecessary startup entries from your computer and thus quicken the startup procedure of your system.

 

Simply download StartUpLite from http://www.malwarebytes.org/startuplite.php and save it to a convenient location. Double click on StartUpLite.exe. Select all options you would like executed and select continue.

 

More information on the site.

 

Share this post


Link to post
Share on other sites

Hi! Thanks for your help! My com is working great! Thanks for the software. It's great! Do you have anything to recomend so that my com will not have virus again? Thanks for your help!

Share this post


Link to post
Share on other sites

Glad we could help.

Share this post


Link to post
Share on other sites

What was the exact message?

Share this post


Link to post
Share on other sites

Hi! Sry for late reply... camps again... this is the exact msg:

 

6/13/2007 11:32:57 AM User 2524 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.

Share this post


Link to post
Share on other sites

pskavs.dll is a legitimate file installed by Panda ActiveScan but there are some AV vendors (Avast and ClamAV) that tag it as malicious. This a false positive detection caused by Panda's on-line scanner not encrypting its virus signature files.

 

Do you have Panda, or did you ever installed or used there services?

Share this post


Link to post
Share on other sites

You probably have some remant items in your registry.

Let me see this result.

 

 

Download the Registry Search Tool from here:

http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip

 

Unzip to your Desktop and double click on regsrch.vbs

(if you have script protection, please allow this to run)

 

In the dialog that opens enter the following:

ActiveScan

 

Press 'OK'

 

The search will run for a while then alert you when it is finished.

 

Press 'OK' and copy the contents of the WordPad window and post in this thread.

Share this post


Link to post
Share on other sites

hi! This is the log u wanted:

 

REGEDIT4

; RegSrch.vbs © Bill James

 

; Registry search results for string "ActiveScan" 6/22/2007 1:02:21 PM

 

; NOTE: This file will be deleted when you close WordPad.

; You must manually save this file to a new location if you want to refer to it again later.

; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan]

@="Panda ActiveScan"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan\CLSID]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan\CurVer]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan\CurVer]

@="ActiveScan.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1]

@="Panda ActiveScan"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1\CLSID]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer]

@="ActiveScan Installer Class"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer\CLSID]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer\CurVer]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer\CurVer]

@="ActiveScan_Installer.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer.1]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer.1]

@="ActiveScan Installer Class"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer.1\CLSID]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AFA6B-D75C-445B-9D87-68DB699FAB32}\InprocServer32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AFA6B-D75C-445B-9D87-68DB699FAB32}\ToolboxBitmap32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll, 114"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4826196E-5CD9-4029-A1D3-789D4651D2C2}\InprocServer32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4826196E-5CD9-4029-A1D3-789D4651D2C2}\ToolboxBitmap32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll, 101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2A4430-3967-4461-94C7-BD95C419F3CF}\InprocServer32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2A4430-3967-4461-94C7-BD95C419F3CF}\ToolboxBitmap32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll, 103"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE}\InprocServer32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4}\InprocServer32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94E9170B-7540-4C38-A2A5-3BF7EF1B80EB}\InprocServer32]

@="C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}]

@="Panda ActiveScan"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}\ProgID]

@="ActiveScan.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}\VersionIndependentProgID]

@="ActiveScan"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}]

@="ActiveScan Installer Class"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ProgID]

@="ActiveScan_Installer.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\VersionIndependentProgID]

@="ActiveScan_Installer"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4387D200-E98E-4194-9684-44783E8EB4EE}\1.0]

@="ActiveScan Instalador Type Library"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE8607B2-0970-4A60-B1A0-34729D86766F}\1.0\0\win32]

@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE8607B2-0970-4A60-B1A0-34729D86766F}\1.0\HELPDIR]

@="C:\\WINDOWS\\system32\\ActiveScan\\"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0\0\win32]

@="C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0\HELPDIR]

@="C:\\WINDOWS\\system32\\ActiveScan\\"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0]

@="Panda ActiveScan 1.0 Type Library"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0\0\win32]

@="C:\\WINDOWS\\system32\\ActiveScan\\as.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0\HELPDIR]

@="C:\\WINDOWS\\system32\\ActiveScan\\"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]

"CODEBASE"="http://acs.pandasoftware.com/activescan/as5free/asinst.cab"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Panda ActiveScan]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]

"Registrando Panda ActiveX"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\as.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]

"Registrando Panda Almacen"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan]

"UninstallString"="C:\\WINDOWS\\system32\\ASUninst.exe Panda ActiveScan"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan]

"DisplayName"="Panda ActiveScan"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\ActiveScan]

Share this post


Link to post
Share on other sites

Can you post the rest of the registry scan.

The message was too long and was truncated.

 

So far I have found this file pavpz.dll and Not pskavs.dll.

 

Do you want me to prepare a fix to remove all of Active Scan?

Share this post


Link to post
Share on other sites

Hi! Sry to tell you this but after I checked the log with the wordpad file, i think that's all the log that is avaliable. I would be glad if you can prepare a fix. Anyway, I sense another thing that is very wierd. Yesterday, after I opened my opera browser, the entire screen blacked out... But after I press alt+tab, I can see a icon of a process that is running... I wonder what's that... Thanks for all your help! This is my hjt log for your refrence:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:36:53 AM, on 6/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Comodo\LaunchPad\CLPTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Napster\Plug-in\PPCore.exe

C:\Program Files\Napster\Plug-in\NMCoreCheck.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hijackthis.de/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB

O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream.com/bin/powerplayer.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jacie88.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145257149890

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5727FC39-C29C-4663-98A4-DB4F4223A403}: NameServer = 165.21.83.88 165.21.100.88

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Win

Edited by falconnub

Share this post


Link to post
Share on other sites

; Purpose: Remove traces in the registry.

;

; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.

;

; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer.1]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AFA6B-D75C-445B-9D87-68DB699FAB32}\InprocServer32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AFA6B-D75C-445B-9D87-68DB699FAB32}\ToolboxBitmap32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4826196E-5CD9-4029-A1D3-789D4651D2C2}\InprocServer32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4826196E-5CD9-4029-A1D3-789D4651D2C2}\ToolboxBitmap32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2A4430-3967-4461-94C7-BD95C419F3CF}\InprocServer32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2A4430-3967-4461-94C7-BD95C419F3CF}\ToolboxBitmap32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE}\InprocServer32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4}\InprocServer32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94E9170B-7540-4C38-A2A5-3BF7EF1B80EB}\InprocServer32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4387D200-E98E-4194-9684-44783E8EB4EE}\1.0]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE8607B2-0970-4A60-B1A0-34729D86766F}\1.0\0\win32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE8607B2-0970-4A60-B1A0-34729D86766F}\1.0\HELPDIR]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0\0\win32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0\HELPDIR]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0\0\win32]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0\HELPDIR]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Panda ActiveScan]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]

"Registrando Panda ActiveX"-

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]

"Registrando Panda Almacen"=-

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\ActiveScan]

 

 

; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

 

If you need help on "How to Make a .Reg File"

See: http://www.nellie2.co.uk/file.htm

 

=*=

 

after I opened my opera browser, the entire screen blacked out... But after I press alt+tab, I can see a icon of a process that is running...

If this happens again, look at the properties of the Icon, can you tell the file and path, any information can be usefull.

Share this post


Link to post
Share on other sites

Hi! There's an urgent issue to tell you... My com restarted 2 times by itself today... I scanned my com with combofix and these are the logs for your refrence:

 

"User" - 2007-06-25 19:36:28 Service Pack 2

ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\User\Desktop\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 ))))))))))))))))))))))))))))))))))

 

 

2007-06-23 14:54 <DIR> d-------- C:\Program Files\Combined Community Codec Pack

2007-06-14 16:44 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\uTorrent

2007-06-13 17:37 <DIR> d-------- C:\Program Files\Google

2007-06-12 13:02 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-06-12 13:02 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-12 13:02 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-12 13:02 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-12 13:02 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-12 13:02 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-12 13:02 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-12 13:02 <DIR> d-------- C:\Program Files\Alwil Software

2007-06-12 12:43 <DIR> d-------- C:\Program Files\EULAlyzer

2007-06-10 11:52 <DIR> d-------- C:\DOCUME~1\User\DoctorWeb

2007-06-08 15:46 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-06-08 15:44 <DIR> d-------- C:\Program Files\Oberon Media

2007-06-03 11:26 <DIR> d-------- C:\Program Files\Windows Live

2007-05-26 12:22 <DIR> d-------- C:\Program Files\pspvideo9

2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\SplitMp3.dll

2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\SoftCount.dll

2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\Reginfo.dll

2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\ConvertMp3.dll

2007-05-26 08:24 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\InstallShield

2007-05-25 13:59 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-05-25 13:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-05-25 13:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-05-25 13:39 <DIR> d-------- C:\Program Files\MP3SPLITTER

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-25 11:35:47 -------- d-----w C:\Program Files\WinPoET Broadband Connection

2007-06-25 11:35:45 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys

2007-06-25 08:56:17 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Hamachi

2007-06-25 01:37:04 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Enigma Browser

2007-06-23 08:50:53 -------- d-----w C:\Program Files\AsiaSoft

2007-06-18 02:35:14 -------- d-----w C:\DOCUME~1\User\APPLIC~1\BitTorrent

2007-06-17 09:09:45 -------- d-----w C:\Program Files\Enigma Browser

2007-06-16 12:11:50 -------- d-----w C:\Program Files\MSN Messenger

2007-06-16 12:11:50 -------- d-----w C:\Program Files\Messenger Plus! Live

2007-05-26 04:22:37 -------- d-----w C:\Program Files\AviSynth 2.5

2007-05-26 00:24:08 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-24 08:24:01 -------- d-----w C:\Program Files\Veoh Networks

2007-05-24 07:55:34 -------- d-----w C:\Program Files\MetaStream

2007-05-24 02:36:34 5 ----a-w C:\WINDOWS\system32\SySMACJ.dat

2007-05-23 10:15:19 -------- d-----w C:\Program Files\Naturpic Video Cutter

2007-05-23 09:59:14 -------- d-----w C:\DOCUME~1\User\APPLIC~1\MoyeaFLV2Video

2007-05-23 09:48:34 -------- d-----w C:\Program Files\Moyea

2007-05-23 09:46:26 -------- d-----w C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD

2007-05-23 09:30:26 -------- d-----w C:\Program Files\Kate's Video Cutter

2007-05-19 02:18:41 -------- d-----w C:\Program Files\AceLogix

2007-05-12 04:14:10 -------- d-----w C:\Program Files\SpywareBlaster

2007-05-08 05:38:33 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-05-08 03:18:49 -------- d-----w C:\Program Files\Spyware Terminator

2007-04-14 03:23:42 0 ----a-w C:\WINDOWS\system32\sys_dll.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-08-24 18:37]

{2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 22:44]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

{69A87B7D-DE56-4136-9655-716BA50C19C7}=C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [2007-01-29 20:22]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Comodo Launch Pad Tray"="C:\Program Files\Comodo\LaunchPad\CLPTray.exe" [2006-09-06 08:29]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16]

"IESAddr"="" []

"a-winpoet-service"="C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe" [2002-07-17 13:50]

"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-08 14:56]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 23:42]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-04 12:01]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-04 08:00]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-05 13:52]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-10-11 05:23]

"Free Ram Optimizer"="C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]

"@"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 13:11]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Live

 

 

********************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-25 19:39:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

********************************************************************

 

 

Completion time: 2007-06-25 19:40:43

C:\ComboFix-quarantined-files.txt ... 2007-06-25 19:40

C:\ComboFix2.txt ... 2007-06-14 08:41

C:\ComboFix3.txt ... 2007-06-01 20:10

 

--- E O F ---

 

 

 

2006-03-30 12:57	  128	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\User\APPLIC~1\Macromedia\Flash Player\#SharedObjects\S4Y2QZAZ\www.inter-focus.cn\flashad_beta_1.01.swf\IFFLASHAD.sol.vir
2006-03-30 12:57	  88	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\User\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol.vir
2006-04-24 14:29	  157	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\User\APPLIC~1\Macromedia\Flash Player\#SharedObjects\S4Y2QZAZ\www.inter-focus.cn\flashad-v5-stop_firstput_mute.swf\IFFLASHAD.sol.vir
2006-06-06 15:15	  1425536	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\IEHelper\lf2plus_v18.exe.vir
2007-03-13 10:25	  262	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\xljhlruj\winlogon.ini.vir
2007-06-01 20:07	  796	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_LIVE.reg.cf
2007-06-01 20:07	  820	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_8NASCAR.reg.cf


Folder PATH listing
Volume serial number is 0CB0-C79F
C:\QOOBOX
\---Quarantine
+---C
|   +---DOCUME~1
|   |   +---ALLUSE~1
|   |   |   \---APPLIC~1
|   |   |	   \---Microsoft
|   |   |		   \---IEHelper
|   |   |				   lf2plus_v18.exe.vir
|   |   |				   
|   |   \---User
|   |	   \---APPLIC~1
|   |		   \---Macromedia
|   |			   \---Flash Player
|   |				   +---#SharedObjects
|   |				   |   \---S4Y2QZAZ
|   |				   |	   \---www.inter-focus.cn
|   |				   |		   +---flashad-v5-stop_firstput_mute.swf
|   |				   |		   |	   IFFLASHAD.sol.vir
|   |				   |		   |	   
|   |				   |		   \---flashad_beta_1.01.swf
|   |				   |				   IFFLASHAD.sol.vir
|   |				   |				   
|   |				   \---macromedia.com
|   |					   \---support
|   |						   \---flashplayer
|   |							   \---sys
|   |								   \---#www.inter-focus.cn
|   |										   settings.sol.vir
|   |										   
|   \---WINDOWS
|	   \---system32
|		   \---xljhlruj
|				   winlogon.ini.vir
|				   
\---Registry_backups
		LEGACY_8NASCAR.reg.cf
		LEGACY_LIVE.reg.cf

Share this post


Link to post
Share on other sites

This is the log for my spybot search and destroy scan:

 

 

 

--- Search result list ---

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

Statcounter: Tracking cookie (Internet Explorer: User) (Cookie, nothing done)

 

 

TagASaurus: Tracking cookie (Internet Explorer: User) (Cookie, nothing done)

 

 

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

BlackCore: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

 

 

 

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

 

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2007-05-01 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2007-01-16 advcheck.dll (1.2.1.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2005-05-31 Tools.dll (2.0.0.2)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2007-06-20 Includes\Cookies.sbi (*)

2007-05-30 Includes\Dialer.sbi (*)

2007-06-20 Includes\DialerC.sbi (*)

2007-06-20 Includes\Hijackers.sbi (*)

2007-06-20 Includes\HijackersC.sbi (*)

2007-06-20 Includes\Keyloggers.sbi (*)

2007-06-20 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2007-06-20 Includes\Malware.sbi (*)

2007-06-20 Includes\MalwareC.sbi (*)

2007-03-21 Includes\PUPS.sbi (*)

2007-06-20 Includes\PUPSC.sbi (*)

2007-06-20 Includes\Revision.sbi (*)

2007-05-30 Includes\Security.sbi (*)

2007-06-20 Includes\SecurityC.sbi (*)

2007-06-20 Includes\Spybots.sbi (*)

2007-06-20 Includes\SpybotsC.sbi (*)

2005-02-17 Includes\Tracks.uti

2007-06-20 Includes\Trojans.sbi (*)

2007-06-20 Includes\TrojansC.sbi (*)

 

 

 

--- System information ---

Windows XP (Build: 2600) Service Pack 2

/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)

/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)

/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP

/ Windows XP / SP3: Windows XP Hotfix - KB873339

/ Windows XP / SP3: Windows XP Hotfix - KB885250

/ Windows XP / SP3: Windows XP Hotfix - KB885835

/ Windows XP / SP3: Windows XP Hotfix - KB885836

/ Windows XP / SP3: Windows XP Hotfix - KB886185

/ Windows XP / SP3: Windows XP Hotfix - KB887472

/ Windows XP / SP3: Windows XP Hotfix - KB887742

/ Windows XP / SP3: Windows XP Hotfix - KB888113

/ Windows XP / SP3: Windows XP Hotfix - KB888302

/ Windows XP / SP3: Security Update for Windows XP (KB890046)

/ Windows XP / SP3: Windows XP Hotfix - KB890859

/ Windows XP / SP3: Windows XP Hotfix - KB891781

/ Windows XP / SP3: Security Update for Windows XP (KB893756)

/ Windows XP / SP3: Windows Installer 3.1 (KB893803)

/ Windows XP / SP3: Update for Windows XP (KB894391)

/ Windows XP / SP3: Security Update for Windows XP (KB896358)

/ Windows XP / SP3: Security Update for Windows XP (KB896422)

/ Windows XP / SP3: Security Update for Windows XP (KB896423)

/ Windows XP / SP3: Security Update for Windows XP (KB896424)

/ Windows XP / SP3: Security Update for Windows XP (KB896428)

/ Windows XP / SP3: Update for Windows XP (KB898461)

/ Windows XP / SP3: Security Update for Windows XP (KB899587)

/ Windows XP / SP3: Security Update for Windows XP (KB899588)

/ Windows XP / SP3: Security Update for Windows XP (KB899589)

/ Windows XP / SP3: Security Update for Windows XP (KB899591)

/ Windows XP / SP3: Update for Windows XP (KB900485)

/ Windows XP / SP3: Security Update for Windows XP (KB900725)

/ Windows XP / SP3: Security Update for Windows XP (KB901017)

/ Windows XP / SP3: Security Update for Windows XP (KB901190)

/ Windows XP / SP3: Security Update for Windows XP (KB901214)

/ Windows XP / SP3: Security Update for Windows XP (KB902400)

/ Windows XP / SP3: Security Update for Windows XP (KB904706)

/ Windows XP / SP3: Security Update for Windows XP (KB905414)

/ Windows XP / SP3: Security Update for Windows XP (KB905749)

/ Windows XP / SP3: Security Update for Windows XP (KB908519)

/ Windows XP / SP3: Update for Windows XP (KB908531)

/ Windows XP / SP3: Update for Windows XP (KB910437)

/ Windows XP / SP3: Update for Windows XP (KB911280)

/ Windows XP / SP3: Security Update for Windows XP (KB911562)

/ Windows XP / SP3: Security Update for Windows XP (KB911567)

/ Windows XP / SP3: Security Update for Windows XP (KB911927)

/ Windows XP / SP3: Security Update for Windows XP (KB912812)

/ Windows XP / SP3: Security Update for Windows XP (KB912919)

/ Windows XP / SP3: Security Update for Windows XP (KB913446)

/ Windows XP / SP3: Security Update for Windows XP (KB913580)

/ Windows XP / SP3: Security Update for Windows XP (KB914389)

/ Windows XP / SP3: Security Update for Windows XP (KB916281)

/ Windows XP / SP3: Security Update for Windows XP (KB917344)

/ Windows XP / SP3: Security Update for Windows XP (KB917953)

/ Windows XP / SP3: Security Update for Windows XP (KB918439)

/ Windows XP / SP3: Hotfix for Windows XP (KB926239)

 

 

--- Startup entries list ---

Located: HK_LM:Run, avast!

command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

size: 75392

MD5: 41b88784128c1eb3a24a928ce58b2455

 

Located: HK_LM:Run, a-winpoet-service

command: "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"

file: C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

size: 241664

MD5: 5ba2e095755f7bc116378a5cadd34dcd

 

Located: HK_LM:Run, Comodo Launch Pad Tray

command: C:\Program Files\Comodo\LaunchPad\CLPTray.exe

file: C:\Program Files\Comodo\LaunchPad\CLPTray.exe

size: 229448

MD5: 500054959169939953f58d7ddb703e87

 

Located: HK_LM:Run, IESAddr

command:

file:

 

Located: HK_LM:Run, iTunesHelper

command: "C:\Program Files\iTunes\iTunesHelper.exe"

file: C:\Program Files\iTunes\iTunesHelper.exe

size: 278528

MD5: 8f5581d1be59577cacd5b43cfc5e4447

 

Located: HK_LM:Run, QuickTime Task

command: "C:\Program Files\QuickTime\qttask.exe" -atboottime

file: C:\Program Files\QuickTime\qttask.exe

size: 98304

MD5: 76a3a30b58405c2c6d833895253a51a9

 

Located: HK_LM:Run, SsAAD.exe

command: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

file: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

size: 81920

MD5: d728a3be3bbb48f7df4d847d0cf70bb9

 

Located: HK_LM:Run, TkBellExe

command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe

size: 180269

MD5: dadb538f51007d5ea5fa1ee553183f80

 

Located: HK_CU:Run,

command:

file:

 

Located: HK_CU:Run, BitTorrent

command: "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

file: C:\Program Files\BitTorrent\bittorrent.exe

size: 43520

MD5: 84c96ecea0fbbed6a1aa498c9b7685a0

 

Located: HK_CU:Run, ctfmon.exe

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 24232996a38c0b0cf151c2140ae29fc8

 

Located: HK_CU:Run, Free Ram Optimizer

command: C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

file: C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

size: 57344

MD5: 75c22dad3571c474a0e2b1aba4e7b409

 

Located: HK_CU:Run, MessengerPlus3

command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe

size: 190024

MD5: b787d9a60fee9c3732c2e2d4571bb716

 

Located: HK_CU:Run, msnmsgr

command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

file: C:\Program Files\MSN Messenger\msnmsgr.exe

size: 5674352

MD5: c4281ad865739e71fd1e4dac19a68d60

 

Located: HK_CU:Run, Veoh

command: "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

file: C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

size: 2019328

MD5: 7b7c6a1d1ee582e850a858f7a1e3d906

 

Located: Startup (common), Run Google Web Accelerator.lnk

command: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

file: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

size: 622592

MD5: f9f1ad2ca91738d17dc1626f3d0677f7

 

Located: Startup (common), Symantec Fax Starter Edition Port.lnk

command: C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

file: C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

size: 45568

MD5: 60fdd0fcf620deb6ac1f5fbedb659489

 

Located: Startup (common), Utility Tray.lnk

command: C:\WINDOWS\system32\sistray.exe

file: C:\WINDOWS\system32\sistray.exe

size: 331776

MD5: 75d2905cc72d4deb2771eef42a809c35

 

Located: Startup (common), Windows Desktop Search.lnk

command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe

file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe

size: 257752

MD5: cfbd142459389efd5c5f27cd913c2564

 

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

 

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

 

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

 

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

 

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

 

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

 

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

 

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

 

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

 

 

 

--- Browser helper object list ---

{2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class)

BHO name:

CLSID name: dsWebAllowBHO Class

Path: C:\Program Files\Windows Desktop Search\

Long name: dsWebAllow.dll

Short name: DSWEBA~1.DLL

Date (created): 3/26/2006 10:44:10 PM

Date (last access): 6/25/2007 7:32:08 PM

Date (last write): 3/26/2006 10:44:10 PM

Filesize: 265432

Attributes:

MD5: 3EEEAFCE6B19C9AB3F6AE71A6FC99B11

CRC32: BA5EA549

Version: 2.6.5000.5378

 

{69A87B7D-DE56-4136-9655-716BA50C19C7} (Google Web Accelerator Helper)

BHO name: Google Web Accelerator Helper

CLSID name: &Google Web Accelerator Helper

Path: C:\Program Files\Google\Web Accelerator\

Long name: GoogleWebAccToolbar.dll

Short name: GOOGLE~1.DLL

Date (created): 1/29/2007 8:22:50 PM

Date (last access): 6/25/2007 7:32:08 PM

Date (last write): 1/29/2007 8:22:50 PM

Filesize: 237568

Attributes: archive

MD5: A93146660057A466E6AA4C9DB87D9934

CRC32: 8ACA6C10

 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

BHO name:

CLSID name: SSVHelper Class

Path: C:\Program Files\Java\jre1.6.0_01\bin\

Long name: ssv.dll

Short name:

Date (created): 5/8/2007 1:48:34 PM

Date (last access): 6/25/2007 7:44:54 PM

Date (last write): 3/14/2007 3:43:40 AM

Filesize: 501400

Attributes: archive

MD5: 70FD57D6EDBED8D80C1995257C99D27E

CRC32: 3CE654AC

Version: 6.0.10.6

 

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)

BHO name:

CLSID name: Windows Live Sign-in Helper

Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\

Long name: WindowsLiveLogin.dll

Short name: WINDOW~1.DLL

Date (created): 4/7/2006 12:02:02 AM

Date (last access): 6/25/2007 7:32:10 PM

Date (last write): 4/7/2006 12:02:02 AM

Filesize: 323904

Attributes: archive

MD5: B30FAF9FD36BB993A5FB3A3AFE0E3703

CRC32: 53C1960B

Version: 4.0.246.1

 

 

 

--- ActiveX list ---

{00000055-9980-0010-8000-00AA00389B71} ()

DPF name:

CLSID name:

Installer: C:\WINDOWS\Downloaded Program Files\fhg.inf

Codebase: http://codecs.microsoft.com/codecs/i386/fhg.CAB

 

{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)

DPF name:

CLSID name: Checkers Class

Installer:

Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: msgrchkr.dll

Short name:

Date (created): 5/29/2003 3:00:18 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 5/29/2003 3:00:18 PM

Filesize: 77408

Attributes: archive

MD5: 42D567DF86B9B7AC4A89664C9651B68B

CRC32: 47FF3D19

Version: 7.1.9502.1

 

{05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object)

DPF name:

CLSID name: StagingUI Object

Installer:

Codebase: http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: StagingUI.ocx

Short name: STAGIN~1.OCX

Date (created): 1/24/2007 9:24:24 PM

Date (last access): 6/12/2007 9:17:32 AM

Date (last write): 1/24/2007 9:24:24 PM

Filesize: 397720

Attributes: archive

MD5: FF58F2E8ADD7A21AC10888189A2DA62E

CRC32: 118A20A8

Version: 9.5.5579.1

 

{0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1)

DPF name:

CLSID name: F-Secure Online Scanner 3.1

Installer: C:\WINDOWS\Downloaded Program Files\fscax.inf

Codebase: http://support.f-secure.com/ols/fscax.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: fscax.dll

Short name:

Date (created): 5/7/2007 4:39:24 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 5/7/2007 4:39:24 PM

Filesize: 254360

Attributes: archive

MD5: D5199825510E4C4F97DC93B7BC3B1A8A

CRC32: 9FA45099

Version: 3.1.0.5

 

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)

DPF name:

CLSID name: CKAVWebScan Object

Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf

Codebase: http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\

Long name: kavwebscan.dll

Short name: KAVWEB~1.DLL

Date (created): 3/20/2006 1:17:20 PM

Date (last access): 6/12/2007 9:36:18 AM

Date (last write): 3/20/2006 1:17:20 PM

Filesize: 798720

Attributes: archive

MD5: F74B09086C2097BC535C5DCCCD3402AC

CRC32: 01AA9D3D

Version: 5.0.83.0

 

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)

DPF name:

CLSID name: Windows Genuine Advantage Validation Tool

Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

Codebase: http://go.microsoft.com/fwlink/?linkid=39204

Path: C:\WINDOWS\system32\

Long name: LegitCheckControl.DLL

Short name: LEGITC~1.DLL

Date (created): 12/12/2006 10:45:04 AM

Date (last access): 6/22/2007 8:39:08 PM

Date (last write): 12/12/2006 10:45:04 AM

Filesize: 1474864

Attributes: archive

MD5: C7F2604BB81A5E8F8FB12AB8CCBE25CE

CRC32: 42057390

Version: 1.5.723.1

 

{1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class)

DPF name:

CLSID name: InstallerBehaviorFactory Class

Installer: C:\WINDOWS\Downloaded Program Files\MsnInstC.inf

Codebase: https://signup.msn.com/pages/MsnInstC.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: MsnInstC.dll

Short name:

Date (created): 12/14/2005 10:24:52 AM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 12/14/2005 10:24:52 AM

Filesize: 323272

Attributes: archive

MD5: 76B975A59A1018572F9F84DEB3BEE9A1

CRC32: 68B0407D

Version: 11.0.1213.1

 

{1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control)

DPF name:

CLSID name: TmHcmsX Control

Installer: C:\WINDOWS\Downloaded Program Files\TmHcmsX.inf

Codebase: http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB

Path: C:\WINDOWS\DOWNLO~1\

Long name: TmHcmsX.ocx

Short name:

Date (created): 2/5/2007 7:57:26 PM

Date (last access): 6/12/2007 9:17:32 AM

Date (last write): 2/5/2007 7:57:26 PM

Filesize: 409600

Attributes: archive

MD5: 018EB717AE0ECEDF4B65D57C35580BE3

CRC32: 28D220EF

Version: 2.1.0.1006

 

{20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control)

DPF name:

CLSID name: PowerList Control

Installer: C:\WINDOWS\Downloaded Program Files\powerplayer.inf

Codebase: http://www.ppstream.com/bin/powerplayer.cab

Path: C:\WINDOWS\DOWNLO~1\

Long name: PowerList.ocx

Short name: POWERL~1.OCX

Date (created): 1/12/2006 4:14:04 PM

Date (last access): 6/12/2007 9:17:30 AM

Date (last write): 1/12/2006 4:14:04 PM

Filesize: 581632

Attributes: archive

MD5: 98B67EA195B1F4D4C1849F59AD5CFA37

CRC32: 46C7F951

Version: 1.0.0.136

 

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)

DPF name:

CLSID name: Shockwave ActiveX Control

Installer: C:\WINDOWS\Downloaded Program Files\setup.inf

Codebase: http://fpdownload.macromedia.com/pub/shock...director/sw.cab

Path: C:\WINDOWS\system32\Macromed\Director\

Long name: SwDir.dll

Short name:

Date (created): 2/9/2006 2:27:56 PM

Date (last access): 6/22/2007 7:47:30 PM

Date (last write): 5/2/2007 12:32:04 PM

Filesize: 182512

Attributes: archive

MD5: 95F03ABE4B96C50CF4DA8245819138E4

CRC32: 12E5BB80

Version: 10.2.0.22

 

{2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control)

DPF name:

CLSID name: Nexon Package Manager Control

Installer: C:\WINDOWS\Downloaded Program Files\nxpm.inf

Codebase: http://s.nx.com/activex/public_new/nxpm.cab

Path: C:\WINDOWS\

Long name: nxpm.ocx

Short name:

Date (created): 1/12/2005 9:02:50 PM

Date (last access): 6/12/2007 9:15:00 AM

Date (last write): 1/12/2005 9:02:50 PM

Filesize: 466944

Attributes: archive

MD5: F4E216365F7BEBBA9A2B6FF7F2170AA7

CRC32: BAF8EC4F

Version: 1.0.3.0

 

{33564D57-0000-0010-8000-00AA00389B71} ()

DPF name:

CLSID name:

Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf

Codebase: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

 

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)

DPF name:

CLSID name: FilePlanet Download Control Class

Installer:

Codebase: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: FPDC.dll

Short name:

Date (created): 5/17/2006 11:08:08 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 9/11/2006 12:50:26 PM

Filesize: 353968

Attributes: archive

MD5: DFB5A258E773AC531874D2238BDE3A97

CRC32: 7D6C5C73

Version: 2.3.0.97

 

{3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite)

DPF name:

CLSID name: MSN Games – Buddy Invite

Installer:

Codebase: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: ZBuddy.ocx

Short name:

Date (created): 1/24/2007 9:24:24 PM

Date (last access): 6/12/2007 9:17:32 AM

Date (last write): 1/24/2007 9:24:24 PM

Filesize: 232352

Attributes: archive

MD5: 560B653EF510810B4CEF62827E8C095F

CRC32: 13E185C2

Version: 9.5.5579.1

 

{48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class)

DPF name:

CLSID name: EGamesPlugin Class

Installer: C:\WINDOWS\Downloaded Program Files\EGamesPlugin.inf

Codebase: http://www.e-games.com.my/com/EGamesPlugin.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: EGamesPlugin.dll

Short name: EGAMES~1.DLL

Date (created): 9/15/2003 4:24:50 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 9/15/2003 4:24:50 PM

Filesize: 61440

Attributes: archive

MD5: 441EBE73EE3B4EAE7AC22D486D665324

CRC32: DC0CABDF

Version: 1.0.0.1

 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)

DPF name:

CLSID name: MSN Photo Upload Tool

Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.inf

Codebase: http://jacie88.spaces.live.com//PhotoUpload/MsnPUpld.cab

Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\

Long name: MsnPUpld.dll

Short name:

Date (created): 6/20/2006 3:44:04 PM

Date (last access): 6/12/2007 9:17:34 AM

Date (last write): 6/20/2006 3:44:04 PM

Filesize: 379704

Attributes: archive

MD5: D2FB109C3F0DAAAA4A73E5921656DB3E

CRC32: A13093E8

Version: 10.0.913.0

 

{5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object)

DPF name:

CLSID name: ZonePAChat Object

Installer:

Codebase: http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: ZPAChat.ocx

Short name:

Date (created): 1/24/2007 9:24:28 PM

Date (last access): 6/12/2007 9:17:34 AM

Date (last write): 1/24/2007 9:24:28 PM

Filesize: 509848

Attributes: archive

MD5: A91F756CE0A17EB8EACE27A9086E215A

CRC32: 96795A06

Version: 9.5.5579.1

 

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

DPF name:

CLSID name: WUWebControl Class

Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf

Codebase: http://update.microsoft.com/windowsupdate/...b?1145257149890

Path: C:\WINDOWS\system32\

Long name: wuweb.dll

Short name:

Date (created): 8/11/2005 8:15:12 AM

Date (last access): 6/22/2007 8:39:12 PM

Date (last write): 5/26/2005 4:19:32 AM

Filesize: 173536

Attributes: archive

MD5: C459F2D5E64C942F3F66E1CD7F1C4C00

CRC32: EEF66B50

Version: 5.8.0.2469

 

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)

DPF name:

CLSID name: Symantec RuFSI Utility Class

Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf

Codebase: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: rufsi.dll

Short name:

Date (created): 4/20/2006 1:43:06 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 4/20/2006 1:43:06 PM

Filesize: 161480

Attributes: archive

MD5: 3CB430974D11764CEEFB3120876BFB1F

CRC32: C269885A

Version: 2006.2.15.43

 

{77E32299-629F-43C6-AB77-6A1E6D7663F6} ()

DPF name:

CLSID name:

Installer:

Codebase: http://download.shockwave.com/pub/otoy/OTOYAX.cab

 

{7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class)

DPF name:

CLSID name: MLauncherNew Class

Installer: C:\WINDOWS\Downloaded Program Files\MLauncherNew.inf

Codebase: http://legendofares.netgame.com/download/MusaLauncherNew.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: MLauncherNew.dll

Short name: MLAUNC~1.DLL

Date (created): 4/27/2006 1:50:06 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 4/27/2006 1:50:06 PM

Filesize: 262237

Attributes: archive

MD5: 8E989B651AC35FCBB8DF71651460E037

CRC32: 97ED0E00

Version: 1.0.0.4

 

{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class)

DPF name:

CLSID name: UnoCtrl Class

Installer:

Codebase: http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: GAME_UNO1.dll

Short name: GAME_U~1.DLL

Date (created): 1/25/2007 12:10:14 AM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 1/25/2007 12:10:14 AM

Filesize: 390512

Attributes: archive

MD5: 0CB1409633FB23F69BD88D615F8D523B

CRC32: D97A90A9

Version: 1.0.1171.1

 

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)

DPF name:

CLSID name: MessengerStatsClient Class

Installer:

Codebase: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: messengerstatsclient.dll

Short name: MESSEN~1.DLL

Date (created): 5/29/2003 3:00:20 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 5/29/2003 3:00:20 PM

Filesize: 160864

Attributes: archive

MD5: B069B555A00AA026F657AA4FD13AE154

CRC32: 89BB01E1

Version: 7.1.9502.1

 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()

DPF name:

CLSID name:

Installer: C:\WINDOWS\Downloaded Program Files\erma.inf

Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

 

{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class)

DPF name:

CLSID name: SABScanProcesses Class

Installer: C:\WINDOWS\Downloaded Program Files\sabspx.inf

Codebase: http://www.superadblocker.com/activex/sabspx.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: sabspx.dll

Short name:

Date (created): 2/26/2007 1:41:44 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 2/26/2007 1:41:44 PM

Filesize: 380144

Attributes: archive

MD5: F3A9C44C8AA9CFA7D0FDF994E028C01B

CRC32: 77AA169B

Version: 1.0.0.1042

 

{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)

DPF name:

CLSID name: MSN Games - Installer

Installer:

Codebase: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: ZIntro.ocx

Short name:

Date (created): 1/31/2005 11:26:46 PM

Date (last access): 6/22/2007 7:47:30 PM

Date (last write): 2/19/2007 11:26:28 AM

Filesize: 159128

Attributes: archive

MD5: E681AC948003CCA59C6C00D3F5EC3D4B

CRC32: C8723760

Version: 9.5.6649.1

 

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_01

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

Path: C:\Program Files\Java\jre1.6.0_01\bin\

Long name: npjpi160_01.dll

Short name: NPJPI1~1.DLL

Date (created): 3/14/2007 2:04:46 AM

Date (last access): 6/12/2007 9:02:42 AM

Date (last write): 3/14/2007 3:43:42 AM

Filesize: 132760

Attributes: archive

MD5: F112FB2FD2EF66D439799E3F834DF000

CRC32: D2B09219

Version: 6.0.0.6

 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)

DPF name: Java Runtime Environment 1.6.0

CLSID name: Java Plug-in 1.6.0_01

Installer:

Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

Path: C:\Program Files\Java\jre1.6.0_01\bin\

Long name: npjpi160_01.dll

Short name: NPJPI1~1.DLL

Date (created): 3/14/2007 2:04:46 AM

Date (last access): 6/25/2007 8:07:52 PM

Date (last write): 3/14/2007 3:43:42 AM

Filesize: 132760

Attributes: archive

MD5: F112FB2FD2EF66D439799E3F834DF000

CRC32: D2B09219

Version: 6.0.0.6

 

{CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class)

DPF name:

CLSID name: HGPlugin9USA Class

Installer: C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.inf

Codebase: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: HGPlugin9USA.dll

Short name: HGPLUG~1.DLL

Date (created): 8/9/2006 8:56:06 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 8/9/2006 8:56:06 PM

Filesize: 53248

Attributes: archive

MD5: D075F38B14A69362897FA1010A676A7B

CRC32: A87C7F44

Version: 9.0.0.0

 

{D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class)

DPF name:

CLSID name: HGPluginJP23 Class

Installer: C:\WINDOWS\Downloaded Program Files\HGPluginJP23.inf

Codebase: http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: HGPluginJP23.dll

Short name: HGPLUG~2.DLL

Date (created): 1/15/2007 6:42:40 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 1/15/2007 6:42:40 PM

Filesize: 40960

Attributes: archive

MD5: 5939024928094B97B4FEF6FFA6043680

CRC32: D21535EF

Version: 23.0.0.0

 

{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator)

DPF name:

CLSID name: MSN Games – Game Communicator

Installer:

Codebase: http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

Path: C:\WINDOWS\Downloaded Program Files\

Long name: StProxy.dll

Short name:

Date (created): 1/24/2007 9:24:24 PM

Date (last access): 6/25/2007 7:50:36 PM

Date (last write): 1/24/2007 9:24:24 PM

Filesize: 299432

Attributes: archive

MD5: C68867D8C7C098AA75A40D6BB1706BE4

CRC32: D775327E

Version: 9.5.5579.1

 

{E5D419D6-A846-4514-9FAD-97E826C84822} ()

DPF name:

CLSID name:

Installer: C:\WINDOWS\Downloaded Program Files\heartbeat.inf

Codebase: http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

 

 

--- Process list ---

PID: 0 ( 0) [system]

PID: 536 ( 4) \SystemRoot\System32\smss.exe

PID: 644 ( 536) \??\C:\WINDOWS\system32\csrss.exe

PID: 676 ( 536) \??\C:\WINDOWS\system32\winlogon.exe

PID: 720 ( 676) C:\WINDOWS\system32\services.exe

size: 108032

MD5: C6CE6EEC82F187615D1002BB3BB50ED4

PID: 732 ( 676) C:\WINDOWS\system32\lsass.exe

size: 13312

MD5: 84885F9B82F4D55C6146EBF6065D75D2

PID: 888 ( 720) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 8F078AE4ED187AAABC0A305146DE6716

PID: 948 ( 720) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 8F078AE4ED187AAABC0A305146DE6716

PID: 1048 ( 720) C:\WINDOWS\System32\svchost.exe

size: 14336

MD5: 8F078AE4ED187AAABC0A305146DE6716

PID: 1096 ( 720) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 8F078AE4ED187AAABC0A305146DE6716

PID: 1148 ( 720) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: 8F078AE4ED187AAABC0A305146DE6716

PID: 1404 ( 720) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

size: 16512

MD5: 0BAB87DB7DAC336B52ADA529CF472B74

PID: 1520 ( 720) C:\Program Files\Alwil Software\Avast4\ashServ.exe

size: 132736

MD5: 4C2D6F51F2A1943EF24E8C3E55267F04

PID: 1540 (1448) C:\WINDOWS\Explorer.EXE

size: 1032192

MD5: A0732187050030AE399B241436565E64

PID: 1820 (1540) C:\Program Files\Comodo\LaunchPad\CLPTray.exe

size: 229448

MD5: 500054959169939953F58D7DDB703E87

PID: 1832 (1540) C:\Program Files\iTunes\iTunesHelper.exe

size: 278528

MD5: 8F5581D1BE59577CACD5B43CFC5E4447

PID: 1844 (1540) C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

size: 241664

MD5: 5BA2E095755F7BC116378A5CADD34DCD

PID: 1856 (1540) C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

size: 81920

MD5: D728A3BE3BBB48F7DF4D847D0CF70BB9

PID: 1864 (1540) C:\Program Files\Common Files\Real\Update_OB\realsched.exe

size: 180269

MD5: DADB538F51007D5EA5FA1EE553183F80

PID: 1876 (1540) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

size: 75392

MD5: 41B88784128C1EB3A24A928CE58B2455

PID: 1896 (1540) C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 24232996A38C0B0CF151C2140AE29FC8

PID: 1916 (1540) C:\Program Files\MSN Messenger\msnmsgr.exe

size: 5674352

MD5: C4281AD865739E71FD1E4DAC19A68D60

PID: 2016 ( 720) C:\WINDOWS\system32\spoolsv.exe

size: 57856

MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F

PID: 192 (1540) C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe

size: 57344

MD5: 75C22DAD3571C474A0E2B1ABA4E7B409

PID: 220 (1540) C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

size: 2019328

MD5: 7B7C6A1D1EE582E850A858F7A1E3D906

PID: 404 (1540) C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

size: 622592

MD5: F9F1AD2CA91738D17DC1626F3D0677F7

PID: 420 (1540) C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

size: 45568

MD5: 60FDD0FCF620DEB6AC1F5FBEDB659489

PID: 440 (1540) C:\WINDOWS\system32\sistray.exe

size: 331776

MD5: 75D2905CC72D4DEB2771EEF42A809C35

PID: 472 (1540) C:\Program Files\Windows Desktop Search\WindowsSearch.exe

size: 257752

MD5: CFBD142459389EFD5C5F27CD913C2564

PID: 572 ( 888) C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe

size: 159960

MD5: 69BB55D6FF0AD519120A0C34BAC6D290

PID: 1020 ( 404) C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

size: 1630208

MD5: 0C4C8A0D7386B589405E731ECACF42E7

PID: 2164 ( 720) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

size: 204800

MD5: E8FBDCC8D618D1BB84B828F247A6244B

PID: 2180 ( 720) C:\Program Files\Comodo\Personal Firewall\cmdagent.exe

size: 569936

MD5: 8B5530A38FA78193F05447624FEF29DF

PID: 2592 ( 720) C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

size: 94255

MD5: 6A58346A1D8113BA1B58B3C120575437

PID: 2752 ( 720) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

size: 243328

MD5: 0005DB55986F3B014FBA24C2356476B7

PID: 2848 ( 720) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

size: 345728

MD5: D1C26F6B1AA7BA597F435CB136E998D4

PID: 3296 ( 720) C:\Program Files\iPod\bin\iPodService.exe

size: 331776

MD5: F82D852F5969BD3A1EC61E42D0255954

PID: 3932 ( 720) C:\WINDOWS\System32\alg.exe

size: 44544

MD5: F1958FBF86D5C004CF19A5951A9514B7

PID: 3576 (1864) C:\Program Files\Real\RealPlayer\RealPlay.exe

size: 208941

MD5: 4814A30318E728C5367BBAC2AB1D1F58

PID: 3496 (1048) C:\WINDOWS\system32\wuauclt.exe

size: 124184

MD5: EBF1AB7E4FC05CABF2F4680D2A45F827

PID: 2672 (1540) C:\Program Files\internet explorer\iexplore.exe

size: 93184

MD5: E7484514C0464642BE7B4DC2689354C8

PID: 1936 ( 720) C:\Program Files\MSN Messenger\usnsvc.exe

size: 97136

MD5: C5B70A6AA947667CE0E5FC84A05EC8B6

PID: 3824 (1540) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

size: 4393096

MD5: 09CA174A605B480318731E691DC98539

PID: 1280 (1840) C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

size: 157312

MD5: A22635DD443FB4B43E8DD0BC2E7B3BC8

PID: 3656 ( 572) C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe

size: 221400

MD5: 5A8736AC6E698CF5249C4A232B5024AF

PID: 4 ( 0) System

 

 

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 6/25/2007 8:07:53 PM

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\system32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.hijackthis.de/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@

http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

%SystemRoot%\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

about:blank

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

 

 

--- Winsock Layered Service Provider list ---

 

 

--- Uninstall list ---

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)

uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

publisher: Lavasoft

help link: http://www.lavasoft.com

 

(AddressBook)

 

Adobe Flash Player ActiveX 9.0.45.0 (Adobe Flash Player ActiveX)

uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

publisher: Adobe Systems Incorporated

help link: http://www.adobe.com/go/flashplayer_support/

 

Adobe Shockwave Player 10.2.0.22 (Adobe Shockwave Player)

uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

publisher: Adobe Systems, Inc.

help link: http://www.adobe.com/support/shockwave

 

avast! Antivirus 4.7 (avast!)

version (major): 4

version (minor): 7

install location: C:\PROGRA~1\ALWILS~1\Avast4

install source: C:\PROGRA~1\ALWILS~1\Avast4\setup

uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

publisher: Alwil Software

help link: http://www.avast.com

 

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)

install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

publisher: Grisoft Ltd.

help link: http://www.grisoft.com

 

AviSynth 2.5 (AviSynth)

uninstall cmd: "C:\Program Files\AviSynth 2.5\Uninstall.exe"

 

BitTorrent 4.26.0 (BitTorrent)

uninstall cmd: "C:\Program Files\BitTorrent\uninstall.exe"

 

(Branding)

 

C-Media 3D Audio (C-Media Audio)

uninstall cmd: C:\WINDOWS\CMIUnInstall.exe

 

C-Media WDM Audio Driver (C-Media Audio Driver)

uninstall cmd: C:\WINDOWS\system32\cmirmdrv.exe

 

Combined Community Codec Pack 2007-02-22 2007-02-22 23:00 (Combined Community Codec Pack_is1)

install date: 20070623

install location: C:\Program Files\Combined Community Codec Pack\

uninstall cmd: "C:\Program Files\Combined Community Codec Pack\unins000.exe"

publisher: CCCP Project

help link: http://www.cccp-project.net/

 

(Connection Manager)

 

(DirectAnimation)

 

(DirectDrawEx)

 

(DXM_Runtime)

 

Enigma Browser (remove only) (Enigma Browser)

uninstall cmd: "C:\Program Files\Enigma Browser\uninst.exe"

 

EULAlyzer v1.2 1.2.0 (EULAlyzer_is1)

install date: 20070612

install location: C:\Program Files\EULAlyzer\

uninstall cmd: "C:\Program Files\EULAlyzer\unins000.exe"

publisher: Javacool Software LLC

 

Finale NotePad 2006 (Finale NotePad 2006)

uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2006\uninstal.log

 

(Fontcore)

 

Free Ram Optimizer XP 1.0 (Free Ram Optimizer XP_is1)

uninstall cmd: "C:\Program Files\AceLogix\Free Ram Optimizer\unins000.exe"

publisher: AceLogix

help link: http://www.acelogix.com

 

GunboundWC (GunboundWC_is1)

install date: 20070127

install location: C:\Program Files\softnyx\

uninstall cmd: "C:\Program Files\softnyx\unins000.exe"

publisher: Softnyx co.,ltd.

help link: http://www.gunbound.net

 

Hamachi 1.0.0.62 (Hamachi)

uninstall cmd: C:\Program Files\Hamachi\uninstall.exe

 

HijackThis 1.99.1 1.99.1 (HijackThis)

uninstall cmd: C:\Documents and Settings\User\My Documents\hijackthis_199\HijackThis.exe /uninstall

publisher: Soeperman Enterprises Ltd.

 

(ICW)

 

(IE40)

 

(IE4Data)

 

(IE5BAKEX)

 

(IEData)

 

(InstallShield Uninstall Information)

 

Veoh Player 3.2.1 (InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B})

version: 50462721

version (major): 3

version (minor): 2

estimated size: 6555

install date: 20070524

install location: C:\Program Files\Veoh Networks\Veoh\

install source: C:\DOCUME~1\User\LOCALS~1\Temp\{81AA1BB0-63C1-4CDA-926A-5A9CCC86F206}\

uninstall cmd: C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409

publisher: Veoh Networks, Inc.

 

iTunes 4.9.0.17 (InstallShield_{47808F78-F178-49DC-B708-15FE538B16FF})

version: 67698688

version (major): 4

version (minor): 9

estimated size: 14072

install date: 20060604

install location: C:\Program Files\iTunes\

install source: C:\WINDOWS\Downloaded Installations\{A89EB61A-717D-4E9B-BB70-7626DF2EB947}\

uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF}

publisher: Apple Computer, Inc.

contact: AppleCare Support

help link: http://www.info.apple.com/

help telephone: 1-800-275-2273

 

Comodo Personal Firewall 2.0.0001 (InstallShield_{BA653D63-0D0E-48F8-87E5-150CCF5E9413})

version: 33554433

version (major): 2

estimated size: 11092

install date: 20060527

install source: C:\DOCUME~1\User\LOCALS~1\Temp\_is3C\

uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BA653D63-0D0E-48F8-87E5-150CCF5E9413}

publisher: ComodoGroup

comments: A product of Comodo

contact: personalfirewall@comodo.com

help link: http://www.personalfirewall.comodo.com

help telephone: "

readme: "

 

OpenMG Secure Module 4.4.00 4.4.00.11241 (InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2})

version: 67371008

version (major): 4

version (minor): 4

estimated size: 15978

install date: 20070223

install location: C:\Program Files\Sony Corporation\OpenMG Secure Module\

install source: D:\common\openmg\

uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL

publisher: Sony Corporation

 

Kaspersky Online Scanner 5.0.83.0 (Kaspersky Online Scanner)

estimated size: 6040

install location: C:\WINDOWS\system32\KASPER~1\KASPER~1

uninstall cmd: C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe

publisher: Kaspersky Lab

contact: Customer Support Department

help link: http://www.kaspersky.com/support.asp

 

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)

uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

publisher: Microsoft Corporation

help link: http://support.microsoft.com?kbid=873339

 

(KB884016)

 

(KB884267)

 

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)

uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

publisher: Microsoft Corporation

help link: http://support.microsoft.com?kbid=885250

 

(KB885353)

 

Windows XP Hotfix - KB885835 20041027.181713

Share this post


Link to post
Share on other sites

Hi! I somehow find out what happen regarding the auto restart thingy. When i access a mini SD memory card at the picture section, it will auto restart. However, if i use Avast scanner to scan it, it will have trouble accessing the card. Do you have any methods so that I can prepare a log for you to see regarding the mini SD card? Thanks for all your help!

Share this post


Link to post
Share on other sites

No sorry.

 

I suspected some hardware proglems. Spontaneous restart is a sign that we look for.

 

If there is any RAM on the card it may be bad.

Share this post


Link to post
Share on other sites

Without being tended, sudden....

 

Check for head in your computer. Make sure all fans are clean, on the back of the computer and on the CPU.

Share this post


Link to post
Share on other sites

I had the sudden kind of restart before. However, this time it also shows the windows is shutting down kind of thing...

Share this post


Link to post
Share on other sites

You have hardware problems.

 

Can't help you from this end.

Share this post


Link to post
Share on other sites

Hi! No worries... After i check with my sis, she said it's blink and boom! It restarted... It's ok... Thanks for your help this few weeks... Really appreciate it!

Share this post


Link to post
Share on other sites

Thank you.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0