Jump to content


Photo

help (suspicious of a virus attack)


  • This topic is locked This topic is locked
34 replies to this topic

#1 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 27 May 2007 - 05:14 AM

Hi! Within this few days, my com has become REALLY REALLY LAG! :weep: I also see a couple of unknown processes in my task manager. There is once when i start my com and it only display the wallpaper and clashed there. But after i check out at the task manager and end tasked an unknown process (sry i had forgottened about the name of the process), things then start working again. I did a couple of scans usin AVG Antispyware and even combofix but they did not find anything... Therefore i kind of get suspicious and decided to seek help... This is my Hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 6:12:47 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hijackthis.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream....powerplayer.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/acti...ic_new/nxpm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.c...GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jacie88.space...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145257149890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares....LauncherNew.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame....GPluginJP23.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5727FC39-C29C-4663-98A4-DB4F4223A403}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 29 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 31 May 2007 - 08:52 AM

Hi,

Nothing suspicious was found on your log.

Make sure you have the latest version.

Download this file - combofix.exe

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe"

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe"

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 01 June 2007 - 07:18 AM

Hi! My com is kind of laggy after the combofix scan... I'm also suspicious about the sudden increase in the memory usage this past few days. Ususally it stays at around 300++ mb put now it stays at around 180++ mb. Can you please tell me why? Anyway thanks for ur help. This is the combofix log:



"User" - 2007-06-01 20:04:29 Service Pack 2 [SAFE MODE]
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\User\Desktop\"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_8NASCAR
-------\LEGACY_LIVE


((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))


2007-05-26 12:22 <DIR> d-------- C:\Program Files\pspvideo9
2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\SplitMp3.dll
2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\SoftCount.dll
2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\Reginfo.dll
2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\ConvertMp3.dll
2007-05-26 08:24 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\InstallShield
2007-05-25 13:59 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-25 13:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-25 13:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-25 13:39 <DIR> d-------- C:\Program Files\MP3SPLITTER
2007-05-24 18:09 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-05-24 16:24 <DIR> d-------- C:\Program Files\Veoh Networks
2007-05-24 15:55 <DIR> d-------- C:\Program Files\MetaStream
2007-05-24 15:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-05-23 18:15 <DIR> d-------- C:\Program Files\Naturpic Video Cutter
2007-05-23 17:48 <DIR> d-------- C:\Program Files\Moyea
2007-05-23 17:48 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\MoyeaFLV2Video
2007-05-23 17:40 <DIR> d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2007-05-23 17:09 98,304 --a------ C:\WINDOWS\system32\viscomtran.dll
2007-05-23 17:09 94,208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll
2007-05-23 17:09 90,112 --a------ C:\WINDOWS\system32\viscomframe.dll
2007-05-23 17:09 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-05-23 17:09 598,016 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-05-23 17:09 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-05-23 17:09 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-05-23 17:09 110,592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll
2007-05-23 17:09 <DIR> d-------- C:\Program Files\Kate's Video Cutter
2007-05-19 10:18 <DIR> d-------- C:\Program Files\AceLogix
2007-05-12 12:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-10 13:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-08 13:42 <DIR> d-------- C:\Documents and Settings\User\.SunDownloadManager
2007-05-08 13:42 <DIR> d-------- C:\DOCUME~1\User\.SunDownloadManager
2007-05-04 12:05 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-03 10:35 380,416 --a------ C:\WINDOWS\system32\rstrui.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 11:57:33 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
2007-06-01 11:57:21 -------- d-----w C:\Program Files\WinPoET Broadband Connection
2007-05-30 00:03:49 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Enigma Browser
2007-05-27 02:33:05 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Hamachi
2007-05-26 00:24:08 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-24 02:36:34 5 ----a-w C:\WINDOWS\system32\SySMACJ.dat
2007-05-08 05:38:33 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-08 03:18:49 -------- d-----w C:\Program Files\Spyware Terminator
2007-04-19 10:20:05 -------- d-----w C:\Program Files\Alcohol Soft
2007-04-19 10:15:07 -------- d-----w C:\Program Files\Elaborate Bytes
2007-04-19 08:58:33 -------- d-----w C:\Program Files\EA SPORTS
2007-04-19 08:43:25 -------- d-----w C:\Program Files\FIFA 07
2007-04-19 08:17:14 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-14 03:23:42 0 ----a-w C:\WINDOWS\system32\sys_dll.dll
2007-04-05 01:12:00 -------- d-----w C:\Program Files\softnyx
2007-04-02 07:49:31 -------- d-----w C:\Program Files\Opera
2007-03-09 08:57:06 5 ----a-w C:\WINDOWS\system32\SySMP3CutJoin.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-08-24 18:37]
{2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 22:44]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Comodo Launch Pad Tray"="C:\Program Files\Comodo\LaunchPad\CLPTray.exe" [2006-09-06 08:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-08 14:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-04 12:01]
"IESAddr"="" []
"a-winpoet-service"="C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe" [2002-07-17 13:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-24 09:34]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-04 08:00]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-05 13:52]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-10-11 05:23]
"Free Ram Optimizer"="C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
"@"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 13:11]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Live


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 20:09:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************


Completion time: 2007-06-01 20:10:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-01 20:10
C:\ComboFix2.txt ... 2007-05-25 20:04
C:\ComboFix3.txt ... 2007-05-10 13:31

--- E O F ---

#5 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 01 June 2007 - 07:19 AM

This is the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:15 PM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hijackthis.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream....powerplayer.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/acti...ic_new/nxpm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.c...GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jacie88.space...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145257149890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares....LauncherNew.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab55579.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame....GPluginJP23.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5727FC39-C29C-4663-98A4-DB4F4223A403}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 01 June 2007 - 08:16 AM

Nothing suspicious was found.

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-sec...home/ols3.shtml
  • Click the Online Virus Scanner link. (Bottom of the page)
  • When prompted, choose to install the software.
  • After the software has installed, click Accept.
  • Click Custom Scan and check the option for Scan inside archives, then click Start.
  • The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
  • If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
  • After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
  • In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 03 June 2007 - 11:13 PM

Hi! For the online scan, it sort of 'stucked' at the preparing to download thingy and a pop up came up and said that it is unable to download the necessary components... I will be away for a camp from tues to thurs, hope to see your reply then! Thanks for all your help

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 04 June 2007 - 07:18 AM

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.


Then,

Run Hijack This, Choose Open the Misc tools section, On the StartUp List area at the top, place a check next to List Also Minor Sections (full) and List Empty Sections (complete) then press Generate StartUp List Log and Yes at the prompt. Please post the text file that opens into your next reply.


Include a fresh HijackThis log for review.

Let me know what problem persist.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 10 June 2007 - 01:04 AM

Hi! Sry for the very very very late reply coz my mom banned me from using com... =.=' My com is working fine but i still notice quite a large usage of memory of my pc. Anyway, this is the log u wanted:

CreateProfile.vbs;C:\Program Files\Mozilla Firefox;Probably SCRIPT.Virus;Incurable.Moved.;
hztk0822.exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\IEHelper;Adware.Cdn;Incurable.Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;




StartupList report, 6/10/2007, 2:01:34 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\User\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Comodo Launch Pad Tray = C:\Program Files\Comodo\LaunchPad\CLPTray.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
IESAddr =
a-winpoet-service = "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
Free Ram Optimizer = C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
Veoh = "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

[Setup]
Registrando Panda ActiveX = C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\as.dll
Registrando Panda Almacen = C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\ActiveScan\pavpz.dll

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Windows Desktop Search\dsWebAllow.dll - {2F85D76C-0569-466F-A488-493E6BD0E955}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[{00000055-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...cs/i386/fhg.CAB

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab31267.cab

[StagingUI Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx
CODEBASE = http://zone.msn.com/...UI.cab55579.cab

[F-Secure Online Scanner 3.1]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\fscax.dll
CODEBASE = http://support.f-sec...m/ols/fscax.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[InstallerBehaviorFactory Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnInstC.dll
CODEBASE = https://signup.msn.c...es/MsnInstC.cab

[TmHcmsX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TmHcmsX.ocx
CODEBASE = http://www.trendsecu...vex/TmHcmsX.CAB

[PowerList Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\POWERL~1.OCX
CODEBASE = http://www.ppstream....powerplayer.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[Nexon Package Manager Control]
InProcServer32 = C:\WINDOWS\nxpm.ocx
CODEBASE = http://s.nx.com/acti...ic_new/nxpm.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.c...nst20040510.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[FilePlanet Download Control Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FPDC.dll
CODEBASE = http://www.fileplane...DC_2.3.0.97.cab

[MSN Games Buddy Invite]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx
CODEBASE = http://zone.msn.com/...dy.cab55579.cab

[EGamesPlugin Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EGamesPlugin.dll
CODEBASE = http://www.e-games.c...GamesPlugin.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
CODEBASE = http://jacie88.space...ad/MsnPUpld.cab

[ZonePAChat Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx
CODEBASE = http://zone.msn.com/...at.cab55579.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1145257149890

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab

[{77E32299-629F-43C6-AB77-6A1E6D7663F6}]
CODEBASE = http://download.shoc...otoy/OTOYAX.cab

[MLauncherNew Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MLauncherNew.dll
CODEBASE = http://legendofares....LauncherNew.cab

[UnoCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
CODEBASE = http://zone.msn.com/...O1.cab55579.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...t/ultrashim.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[SABScanProcesses Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sabspx.dll
CODEBASE = http://www.superadbl...ivex/sabspx.cab

[MSN Games - Installer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://cdn2.zone.msn...ro.cab55579.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[HGPlugin9USA Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.dll
CODEBASE = http://gamedownload....GPlugin9USA.cab

[HGPluginJP23 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HGPluginJP23.dll
CODEBASE = http://down.hangame....GPluginJP23.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://fpdownload.ma...ent/swflash.cab

[MSN Games Game Communicator]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll
CODEBASE = http://zone.msn.com/...xy.cab55579.cab

[{E5D419D6-A846-4514-9FAD-97E826C84822}]
CODEBASE = http://fdl.msn.com/z...s/heartbeat.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: system32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Comodo Application Agent: C:\Program Files\Comodo\Personal Firewall\cmdagent.exe (autostart)
Comodo Application Engine: System32\DRIVERS\cmdmon.sys (system)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
CO_Mon: \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Dua1: \??\C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\6NON749K\Dualengine[1]\Dualengine\DualEngi.sys (manual start)
EagleNT: \??\C:\WINDOWS\system32\drivers\EagleNT.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
fuckoff1: \??\C:\ReymiXEngine\reymixddk.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Hamachi Network Interface: system32\DRIVERS\hamachi.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
Comodo Network Engine: System32\DRIVERS\inspect.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
madCodeHook DLL injection driver: \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys (system)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
MSCSPTISRV: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NPPTNT2: \??\C:\WINDOWS\system32\npptNT2.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
ONSIO: \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS (autostart)
PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
SABProcEnum: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: system32\DRIVERS\sisgrp.sys (manual start)
SiSkp: system32\DRIVERS\srvkp.sys (system)
SiS PCI Fast Ethernet Adapter Driver: system32\DRIVERS\sisnic.sys (manual start)
SMPLSCSI: System32\drivers\SMPLSCSI.SYS (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
System Restore Filter Driver: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SonicStage SCSI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{90306629-1E0E-4D92-BD76-B3A913FF9BC9} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (manual start)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft AGPv3.5 Filter: system32\DRIVERS\uagp35.sys (system)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Motorola USB Modem Driver for MPT: system32\DRIVERS\usbsermpt.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
VClone: system32\DRIVERS\VClone.sys (system)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WinPPPoverEthernet: C:\Program Files\WinPoET Broadband Connection\WrOS.EXE (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
WrKPoET2000: \??\C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys (manual start)
iVasion PoET Adapter: system32\DRIVERS\WrKPoETNic2000.sys (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
XTrapD12: \??\C:\WINDOWS\system32\XTrapD12.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 41,166 bytes
Report generated in 0.281 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 10 June 2007 - 08:00 AM

All clean.

You may be interested in using this tool to disable some of the programs/processes you do not wish to start at startup.

StartUpLite
is a lightweight program that can disable or remove all known unnecessary startup entries from your computer and thus quicken the startup procedure of your system.

Simply download StartUpLite from http://www.malwareby...startuplite.php and save it to a convenient location. Double click on StartUpLite.exe. Select all options you would like executed and select continue.

More information on the site.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 10 June 2007 - 11:57 PM

Hi! Thanks for your help! My com is working great! Thanks for the software. It's great! Do you have anything to recomend so that my com will not have virus again? Thanks for your help!

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 11 June 2007 - 07:49 AM

If I had a crystal ball maybe I could, but no sorry.



Please read this Prevention page with lots of info and tips how to prevent this in the future.

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 11 June 2007 - 11:17 PM

It's ok! Thanks for ur help lately! Really appreciate it! =)

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 12 June 2007 - 07:52 AM

Glad we could help.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 13 June 2007 - 04:34 AM

Hi! For ur info, after i scan my pc usin the avast antivirus, it discovered win32.ctx...

#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 13 June 2007 - 07:54 AM

What was the exact message?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 18 June 2007 - 07:02 AM

Hi! Sry for late reply... camps again... this is the exact msg:

6/13/2007 11:32:57 AM User 2524 Sign of "Win32:CTX" has been found in "C:\WINDOWS\system32\ActiveScan\pskavs.dll" file.

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 18 June 2007 - 08:30 AM

pskavs.dll is a legitimate file installed by Panda ActiveScan but there are some AV vendors (Avast and ClamAV) that tag it as malicious. This a false positive detection caused by Panda's on-line scanner not encrypting its virus signature files.

Do you have Panda, or did you ever installed or used there services?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 18 June 2007 - 08:26 PM

I used the online scanner before...

#20 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 19 June 2007 - 07:34 AM

You probably have some remant items in your registry.
Let me see this result.


Download the Registry Search Tool from here:
http://www.billsway....les/RegSrch.zip

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:
ActiveScan

Press 'OK'

The search will run for a while then alert you when it is finished.

Press 'OK' and copy the contents of the WordPad window and post in this thread.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#21 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 22 June 2007 - 12:07 AM

hi! This is the log u wanted:

REGEDIT4
; RegSrch.vbs Bill James

; Registry search results for string "ActiveScan" 6/22/2007 1:02:21 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan]
@="Panda ActiveScan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan\CurVer]
@="ActiveScan.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1]
@="Panda ActiveScan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer]
@="ActiveScan Installer Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer\CurVer]
@="ActiveScan_Installer.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer.1]
@="ActiveScan Installer Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AFA6B-D75C-445B-9D87-68DB699FAB32}\InprocServer32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AFA6B-D75C-445B-9D87-68DB699FAB32}\ToolboxBitmap32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll, 114"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4826196E-5CD9-4029-A1D3-789D4651D2C2}\InprocServer32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4826196E-5CD9-4029-A1D3-789D4651D2C2}\ToolboxBitmap32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll, 101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2A4430-3967-4461-94C7-BD95C419F3CF}\InprocServer32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2A4430-3967-4461-94C7-BD95C419F3CF}\ToolboxBitmap32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll, 103"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE}\InprocServer32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94E9170B-7540-4C38-A2A5-3BF7EF1B80EB}\InprocServer32]
@="C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}]
@="Panda ActiveScan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}\ProgID]
@="ActiveScan.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}\VersionIndependentProgID]
@="ActiveScan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}]
@="ActiveScan Installer Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\ProgID]
@="ActiveScan_Installer.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\VersionIndependentProgID]
@="ActiveScan_Installer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4387D200-E98E-4194-9684-44783E8EB4EE}\1.0]
@="ActiveScan Instalador Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE8607B2-0970-4A60-B1A0-34729D86766F}\1.0\0\win32]
@="C:\\WINDOWS\\system32\\ActiveScan\\ascontrol.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE8607B2-0970-4A60-B1A0-34729D86766F}\1.0\HELPDIR]
@="C:\\WINDOWS\\system32\\ActiveScan\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0\0\win32]
@="C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0\HELPDIR]
@="C:\\WINDOWS\\system32\\ActiveScan\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0]
@="Panda ActiveScan 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0\0\win32]
@="C:\\WINDOWS\\system32\\ActiveScan\\as.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0\HELPDIR]
@="C:\\WINDOWS\\system32\\ActiveScan\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
"CODEBASE"="http://acs.pandasoft...ree/asinst.cab"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Panda ActiveScan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]
"Registrando Panda ActiveX"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\as.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]
"Registrando Panda Almacen"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan]
"UninstallString"="C:\\WINDOWS\\system32\\ASUninst.exe Panda ActiveScan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan]
"DisplayName"="Panda ActiveScan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\ActiveScan]

#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 22 June 2007 - 08:15 AM

Can you post the rest of the registry scan.
The message was too long and was truncated.

So far I have found this file pavpz.dll and Not pskavs.dll.

Do you want me to prepare a fix to remove all of Active Scan?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 22 June 2007 - 10:37 PM

Hi! Sry to tell you this but after I checked the log with the wordpad file, i think that's all the log that is avaliable. I would be glad if you can prepare a fix. Anyway, I sense another thing that is very wierd. Yesterday, after I opened my opera browser, the entire screen blacked out... But after I press alt+tab, I can see a icon of a process that is running... I wonder what's that... Thanks for all your help! This is my hjt log for your refrence:

Logfile of HijackThis v1.99.1
Scan saved at 11:36:53 AM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Napster\Plug-in\PPCore.exe
C:\Program Files\Napster\Plug-in\NMCoreCheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\User\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hijackthis.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream....powerplayer.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/acti...ic_new/nxpm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.c...GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jacie88.space...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145257149890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares....LauncherNew.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame....GPluginJP23.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5727FC39-C29C-4663-98A4-DB4F4223A403}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Win

Edited by falconnub, 22 June 2007 - 10:38 PM.


#24 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 23 June 2007 - 09:16 AM

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan_Installer.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AFA6B-D75C-445B-9D87-68DB699FAB32}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AFA6B-D75C-445B-9D87-68DB699FAB32}\ToolboxBitmap32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4826196E-5CD9-4029-A1D3-789D4651D2C2}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4826196E-5CD9-4029-A1D3-789D4651D2C2}\ToolboxBitmap32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2A4430-3967-4461-94C7-BD95C419F3CF}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2A4430-3967-4461-94C7-BD95C419F3CF}\ToolboxBitmap32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94E9170B-7540-4C38-A2A5-3BF7EF1B80EB}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4387D200-E98E-4194-9684-44783E8EB4EE}\1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE8607B2-0970-4A60-B1A0-34729D86766F}\1.0\0\win32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CE8607B2-0970-4A60-B1A0-34729D86766F}\1.0\HELPDIR]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0\0\win32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0\HELPDIR]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0\0\win32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0\HELPDIR]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Panda ActiveScan]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]
"Registrando Panda ActiveX"-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup]
"Registrando Panda Almacen"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\ActiveScan]



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

If you need help on "How to Make a .Reg File"
See: http://www.nellie2.co.uk/file.htm

=*=

after I opened my opera browser, the entire screen blacked out... But after I press alt+tab, I can see a icon of a process that is running...

If this happens again, look at the properties of the Icon, can you tell the file and path, any information can be usefull.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#25 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 25 June 2007 - 07:00 AM

Hi! There's an urgent issue to tell you... My com restarted 2 times by itself today... I scanned my com with combofix and these are the logs for your refrence:

"User" - 2007-06-25 19:36:28 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\User\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 ))))))))))))))))))))))))))))))))))


2007-06-23 14:54 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-06-14 16:44 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\uTorrent
2007-06-13 17:37 <DIR> d-------- C:\Program Files\Google
2007-06-12 13:02 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-12 13:02 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-12 13:02 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-12 13:02 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-12 13:02 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-12 13:02 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-12 13:02 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-12 13:02 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-12 12:43 <DIR> d-------- C:\Program Files\EULAlyzer
2007-06-10 11:52 <DIR> d-------- C:\DOCUME~1\User\DoctorWeb
2007-06-08 15:46 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-08 15:44 <DIR> d-------- C:\Program Files\Oberon Media
2007-06-03 11:26 <DIR> d-------- C:\Program Files\Windows Live
2007-05-26 12:22 <DIR> d-------- C:\Program Files\pspvideo9
2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\SplitMp3.dll
2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\SoftCount.dll
2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\Reginfo.dll
2007-05-26 09:56 6 --a------ C:\WINDOWS\system32\ConvertMp3.dll
2007-05-26 08:24 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\InstallShield
2007-05-25 13:59 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-25 13:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-25 13:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-25 13:39 <DIR> d-------- C:\Program Files\MP3SPLITTER


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 11:35:47 -------- d-----w C:\Program Files\WinPoET Broadband Connection
2007-06-25 11:35:45 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys
2007-06-25 08:56:17 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Hamachi
2007-06-25 01:37:04 -------- d-----w C:\DOCUME~1\User\APPLIC~1\Enigma Browser
2007-06-23 08:50:53 -------- d-----w C:\Program Files\AsiaSoft
2007-06-18 02:35:14 -------- d-----w C:\DOCUME~1\User\APPLIC~1\BitTorrent
2007-06-17 09:09:45 -------- d-----w C:\Program Files\Enigma Browser
2007-06-16 12:11:50 -------- d-----w C:\Program Files\MSN Messenger
2007-06-16 12:11:50 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-05-26 04:22:37 -------- d-----w C:\Program Files\AviSynth 2.5
2007-05-26 00:24:08 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-24 08:24:01 -------- d-----w C:\Program Files\Veoh Networks
2007-05-24 07:55:34 -------- d-----w C:\Program Files\MetaStream
2007-05-24 02:36:34 5 ----a-w C:\WINDOWS\system32\SySMACJ.dat
2007-05-23 10:15:19 -------- d-----w C:\Program Files\Naturpic Video Cutter
2007-05-23 09:59:14 -------- d-----w C:\DOCUME~1\User\APPLIC~1\MoyeaFLV2Video
2007-05-23 09:48:34 -------- d-----w C:\Program Files\Moyea
2007-05-23 09:46:26 -------- d-----w C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2007-05-23 09:30:26 -------- d-----w C:\Program Files\Kate's Video Cutter
2007-05-19 02:18:41 -------- d-----w C:\Program Files\AceLogix
2007-05-12 04:14:10 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-08 05:38:33 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-08 03:18:49 -------- d-----w C:\Program Files\Spyware Terminator
2007-04-14 03:23:42 0 ----a-w C:\WINDOWS\system32\sys_dll.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-08-24 18:37]
{2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 22:44]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{69A87B7D-DE56-4136-9655-716BA50C19C7}=C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [2007-01-29 20:22]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Comodo Launch Pad Tray"="C:\Program Files\Comodo\LaunchPad\CLPTray.exe" [2006-09-06 08:29]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16]
"IESAddr"="" []
"a-winpoet-service"="C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe" [2002-07-17 13:50]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-08 14:56]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 23:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-04 12:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-04 08:00]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-05 13:52]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-10-11 05:23]
"Free Ram Optimizer"="C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
"@"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 13:11]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Live


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 19:39:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************


Completion time: 2007-06-25 19:40:43
C:\ComboFix-quarantined-files.txt ... 2007-06-25 19:40
C:\ComboFix2.txt ... 2007-06-14 08:41
C:\ComboFix3.txt ... 2007-06-01 20:10

--- E O F ---



2006-03-30 12:57	  128	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\User\APPLIC~1\Macromedia\Flash Player\#SharedObjects\S4Y2QZAZ\www.inter-focus.cn\flashad_beta_1.01.swf\IFFLASHAD.sol.vir
2006-03-30 12:57	  88	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\User\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol.vir
2006-04-24 14:29	  157	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\User\APPLIC~1\Macromedia\Flash Player\#SharedObjects\S4Y2QZAZ\www.inter-focus.cn\flashad-v5-stop_firstput_mute.swf\IFFLASHAD.sol.vir
2006-06-06 15:15	  1425536	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\IEHelper\lf2plus_v18.exe.vir
2007-03-13 10:25	  262	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\xljhlruj\winlogon.ini.vir
2007-06-01 20:07	  796	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_LIVE.reg.cf
2007-06-01 20:07	  820	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_8NASCAR.reg.cf


Folder PATH listing
Volume serial number is 0CB0-C79F
C:\QOOBOX
\---Quarantine
	+---C
	|   +---DOCUME~1
	|   |   +---ALLUSE~1
	|   |   |   \---APPLIC~1
	|   |   |	   \---Microsoft
	|   |   |		   \---IEHelper
	|   |   |				   lf2plus_v18.exe.vir
	|   |   |				   
	|   |   \---User
	|   |	   \---APPLIC~1
	|   |		   \---Macromedia
	|   |			   \---Flash Player
	|   |				   +---#SharedObjects
	|   |				   |   \---S4Y2QZAZ
	|   |				   |	   \---www.inter-focus.cn
	|   |				   |		   +---flashad-v5-stop_firstput_mute.swf
	|   |				   |		   |	   IFFLASHAD.sol.vir
	|   |				   |		   |	   
	|   |				   |		   \---flashad_beta_1.01.swf
	|   |				   |				   IFFLASHAD.sol.vir
	|   |				   |				   
	|   |				   \---macromedia.com
	|   |					   \---support
	|   |						   \---flashplayer
	|   |							   \---sys
	|   |								   \---#www.inter-focus.cn
	|   |										   settings.sol.vir
	|   |										   
	|   \---WINDOWS
	|	   \---system32
	|		   \---xljhlruj
	|				   winlogon.ini.vir
	|				   
	\---Registry_backups
			LEGACY_8NASCAR.reg.cf
			LEGACY_LIVE.reg.cf
			


#26 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 25 June 2007 - 07:15 AM

This is the log for my spybot search and destroy scan:



--- Search result list ---
Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

Statcounter: Tracking cookie (Internet Explorer: User) (Cookie, nothing done)


TagASaurus: Tracking cookie (Internet Explorer: User) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


BlackCore: Tracking cookie (Firefox: default) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-16 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-20 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-20 Includes\DialerC.sbi (*)
2007-06-20 Includes\Hijackers.sbi (*)
2007-06-20 Includes\HijackersC.sbi (*)
2007-06-20 Includes\Keyloggers.sbi (*)
2007-06-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-06-20 Includes\Malware.sbi (*)
2007-06-20 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-20 Includes\PUPSC.sbi (*)
2007-06-20 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-20 Includes\SecurityC.sbi (*)
2007-06-20 Includes\Spybots.sbi (*)
2007-06-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-06-20 Includes\Trojans.sbi (*)
2007-06-20 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)


--- Startup entries list ---
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 75392
MD5: 41b88784128c1eb3a24a928ce58b2455

Located: HK_LM:Run, a-winpoet-service
command: "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
file: C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
size: 241664
MD5: 5ba2e095755f7bc116378a5cadd34dcd

Located: HK_LM:Run, Comodo Launch Pad Tray
command: C:\Program Files\Comodo\LaunchPad\CLPTray.exe
file: C:\Program Files\Comodo\LaunchPad\CLPTray.exe
size: 229448
MD5: 500054959169939953f58d7ddb703e87

Located: HK_LM:Run, IESAddr
command:
file:

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8f5581d1be59577cacd5b43cfc5e4447

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, SsAAD.exe
command: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
file: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 81920
MD5: d728a3be3bbb48f7df4d847d0cf70bb9

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: dadb538f51007d5ea5fa1ee553183f80

Located: HK_CU:Run,
command:
file:

Located: HK_CU:Run, BitTorrent
command: "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
file: C:\Program Files\BitTorrent\bittorrent.exe
size: 43520
MD5: 84c96ecea0fbbed6a1aa498c9b7685a0

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, Free Ram Optimizer
command: C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
file: C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
size: 57344
MD5: 75c22dad3571c474a0e2b1aba4e7b409

Located: HK_CU:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: b787d9a60fee9c3732c2e2d4571bb716

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: c4281ad865739e71fd1e4dac19a68d60

Located: HK_CU:Run, Veoh
command: "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
file: C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
size: 2019328
MD5: 7b7c6a1d1ee582e850a858f7a1e3d906

Located: Startup (common), Run Google Web Accelerator.lnk
command: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
file: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
size: 622592
MD5: f9f1ad2ca91738d17dc1626f3d0677f7

Located: Startup (common), Symantec Fax Starter Edition Port.lnk
command: C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
file: C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
size: 45568
MD5: 60fdd0fcf620deb6ac1f5fbedb659489

Located: Startup (common), Utility Tray.lnk
command: C:\WINDOWS\system32\sistray.exe
file: C:\WINDOWS\system32\sistray.exe
size: 331776
MD5: 75d2905cc72d4deb2771eef42a809c35

Located: Startup (common), Windows Desktop Search.lnk
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 257752
MD5: cfbd142459389efd5c5f27cd913c2564

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class)
BHO name:
CLSID name: dsWebAllowBHO Class
Path: C:\Program Files\Windows Desktop Search\
Long name: dsWebAllow.dll
Short name: DSWEBA~1.DLL
Date (created): 3/26/2006 10:44:10 PM
Date (last access): 6/25/2007 7:32:08 PM
Date (last write): 3/26/2006 10:44:10 PM
Filesize: 265432
Attributes:
MD5: 3EEEAFCE6B19C9AB3F6AE71A6FC99B11
CRC32: BA5EA549
Version: 2.6.5000.5378

{69A87B7D-DE56-4136-9655-716BA50C19C7} (Google Web Accelerator Helper)
BHO name: Google Web Accelerator Helper
CLSID name: &Google Web Accelerator Helper
Path: C:\Program Files\Google\Web Accelerator\
Long name: GoogleWebAccToolbar.dll
Short name: GOOGLE~1.DLL
Date (created): 1/29/2007 8:22:50 PM
Date (last access): 6/25/2007 7:32:08 PM
Date (last write): 1/29/2007 8:22:50 PM
Filesize: 237568
Attributes: archive
MD5: A93146660057A466E6AA4C9DB87D9934
CRC32: 8ACA6C10

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: ssv.dll
Short name:
Date (created): 5/8/2007 1:48:34 PM
Date (last access): 6/25/2007 7:44:54 PM
Date (last write): 3/14/2007 3:43:40 AM
Filesize: 501400
Attributes: archive
MD5: 70FD57D6EDBED8D80C1995257C99D27E
CRC32: 3CE654AC
Version: 6.0.10.6

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 4/7/2006 12:02:02 AM
Date (last access): 6/25/2007 7:32:10 PM
Date (last write): 4/7/2006 12:02:02 AM
Filesize: 323904
Attributes: archive
MD5: B30FAF9FD36BB993A5FB3A3AFE0E3703
CRC32: 53C1960B
Version: 4.0.246.1



--- ActiveX list ---
{00000055-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\fhg.inf
Codebase: http://codecs.micros...cs/i386/fhg.CAB

{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zon...kr.cab31267.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 5/29/2003 3:00:18 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 5/29/2003 3:00:18 PM
Filesize: 77408
Attributes: archive
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 7.1.9502.1

{05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object)
DPF name:
CLSID name: StagingUI Object
Installer:
Codebase: http://zone.msn.com/...UI.cab55579.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: StagingUI.ocx
Short name: STAGIN~1.OCX
Date (created): 1/24/2007 9:24:24 PM
Date (last access): 6/12/2007 9:17:32 AM
Date (last write): 1/24/2007 9:24:24 PM
Filesize: 397720
Attributes: archive
MD5: FF58F2E8ADD7A21AC10888189A2DA62E
CRC32: 118A20A8
Version: 9.5.5579.1

{0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1)
DPF name:
CLSID name: F-Secure Online Scanner 3.1
Installer: C:\WINDOWS\Downloaded Program Files\fscax.inf
Codebase: http://support.f-sec...m/ols/fscax.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: fscax.dll
Short name:
Date (created): 5/7/2007 4:39:24 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 5/7/2007 4:39:24 PM
Filesize: 254360
Attributes: archive
MD5: D5199825510E4C4F97DC93B7BC3B1A8A
CRC32: 9FA45099
Version: 3.1.0.5

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky...can_unicode.cab
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 3/20/2006 1:17:20 PM
Date (last access): 6/12/2007 9:36:18 AM
Date (last write): 3/20/2006 1:17:20 PM
Filesize: 798720
Attributes: archive
MD5: F74B09086C2097BC535C5DCCCD3402AC
CRC32: 01AA9D3D
Version: 5.0.83.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft....k/?linkid=39204
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 12/12/2006 10:45:04 AM
Date (last access): 6/22/2007 8:39:08 PM
Date (last write): 12/12/2006 10:45:04 AM
Filesize: 1474864
Attributes: archive
MD5: C7F2604BB81A5E8F8FB12AB8CCBE25CE
CRC32: 42057390
Version: 1.5.723.1

{1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class)
DPF name:
CLSID name: InstallerBehaviorFactory Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnInstC.inf
Codebase: https://signup.msn.c...es/MsnInstC.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnInstC.dll
Short name:
Date (created): 12/14/2005 10:24:52 AM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 12/14/2005 10:24:52 AM
Filesize: 323272
Attributes: archive
MD5: 76B975A59A1018572F9F84DEB3BEE9A1
CRC32: 68B0407D
Version: 11.0.1213.1

{1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control)
DPF name:
CLSID name: TmHcmsX Control
Installer: C:\WINDOWS\Downloaded Program Files\TmHcmsX.inf
Codebase: http://www.trendsecu...vex/TmHcmsX.CAB
Path: C:\WINDOWS\DOWNLO~1\
Long name: TmHcmsX.ocx
Short name:
Date (created): 2/5/2007 7:57:26 PM
Date (last access): 6/12/2007 9:17:32 AM
Date (last write): 2/5/2007 7:57:26 PM
Filesize: 409600
Attributes: archive
MD5: 018EB717AE0ECEDF4B65D57C35580BE3
CRC32: 28D220EF
Version: 2.1.0.1006

{20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control)
DPF name:
CLSID name: PowerList Control
Installer: C:\WINDOWS\Downloaded Program Files\powerplayer.inf
Codebase: http://www.ppstream....powerplayer.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: PowerList.ocx
Short name: POWERL~1.OCX
Date (created): 1/12/2006 4:14:04 PM
Date (last access): 6/12/2007 9:17:30 AM
Date (last write): 1/12/2006 4:14:04 PM
Filesize: 581632
Attributes: archive
MD5: 98B67EA195B1F4D4C1849F59AD5CFA37
CRC32: 46C7F951
Version: 1.0.0.136

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://fpdownload.ma...director/sw.cab
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 2/9/2006 2:27:56 PM
Date (last access): 6/22/2007 7:47:30 PM
Date (last write): 5/2/2007 12:32:04 PM
Filesize: 182512
Attributes: archive
MD5: 95F03ABE4B96C50CF4DA8245819138E4
CRC32: 12E5BB80
Version: 10.2.0.22

{2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control)
DPF name:
CLSID name: Nexon Package Manager Control
Installer: C:\WINDOWS\Downloaded Program Files\nxpm.inf
Codebase: http://s.nx.com/acti...ic_new/nxpm.cab
Path: C:\WINDOWS\
Long name: nxpm.ocx
Short name:
Date (created): 1/12/2005 9:02:50 PM
Date (last access): 6/12/2007 9:15:00 AM
Date (last write): 1/12/2005 9:02:50 PM
Filesize: 466944
Attributes: archive
MD5: F4E216365F7BEBBA9A2B6FF7F2170AA7
CRC32: BAF8EC4F
Version: 1.0.3.0

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.micr...922/wmv9VCM.CAB

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)
DPF name:
CLSID name: FilePlanet Download Control Class
Installer:
Codebase: http://www.fileplane...DC_2.3.0.97.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FPDC.dll
Short name:
Date (created): 5/17/2006 11:08:08 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 9/11/2006 12:50:26 PM
Filesize: 353968
Attributes: archive
MD5: DFB5A258E773AC531874D2238BDE3A97
CRC32: 7D6C5C73
Version: 2.3.0.97

{3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite)
DPF name:
CLSID name: MSN Games Buddy Invite
Installer:
Codebase: http://zone.msn.com/...dy.cab55579.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZBuddy.ocx
Short name:
Date (created): 1/24/2007 9:24:24 PM
Date (last access): 6/12/2007 9:17:32 AM
Date (last write): 1/24/2007 9:24:24 PM
Filesize: 232352
Attributes: archive
MD5: 560B653EF510810B4CEF62827E8C095F
CRC32: 13E185C2
Version: 9.5.5579.1

{48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class)
DPF name:
CLSID name: EGamesPlugin Class
Installer: C:\WINDOWS\Downloaded Program Files\EGamesPlugin.inf
Codebase: http://www.e-games.c...GamesPlugin.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EGamesPlugin.dll
Short name: EGAMES~1.DLL
Date (created): 9/15/2003 4:24:50 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 9/15/2003 4:24:50 PM
Filesize: 61440
Attributes: archive
MD5: 441EBE73EE3B4EAE7AC22D486D665324
CRC32: DC0CABDF
Version: 1.0.0.1

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.inf
Codebase: http://jacie88.space...ad/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: MsnPUpld.dll
Short name:
Date (created): 6/20/2006 3:44:04 PM
Date (last access): 6/12/2007 9:17:34 AM
Date (last write): 6/20/2006 3:44:04 PM
Filesize: 379704
Attributes: archive
MD5: D2FB109C3F0DAAAA4A73E5921656DB3E
CRC32: A13093E8
Version: 10.0.913.0

{5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object)
DPF name:
CLSID name: ZonePAChat Object
Installer:
Codebase: http://zone.msn.com/...at.cab55579.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZPAChat.ocx
Short name:
Date (created): 1/24/2007 9:24:28 PM
Date (last access): 6/12/2007 9:17:34 AM
Date (last write): 1/24/2007 9:24:28 PM
Filesize: 509848
Attributes: archive
MD5: A91F756CE0A17EB8EACE27A9086E215A
CRC32: 96795A06
Version: 9.5.5579.1

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.micros...b?1145257149890
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 8/11/2005 8:15:12 AM
Date (last access): 6/22/2007 8:39:12 PM
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.syma...n/bin/cabsa.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 4/20/2006 1:43:06 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 4/20/2006 1:43:06 PM
Filesize: 161480
Attributes: archive
MD5: 3CB430974D11764CEEFB3120876BFB1F
CRC32: C269885A
Version: 2006.2.15.43

{77E32299-629F-43C6-AB77-6A1E6D7663F6} ()
DPF name:
CLSID name:
Installer:
Codebase: http://download.shoc...otoy/OTOYAX.cab

{7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class)
DPF name:
CLSID name: MLauncherNew Class
Installer: C:\WINDOWS\Downloaded Program Files\MLauncherNew.inf
Codebase: http://legendofares....LauncherNew.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MLauncherNew.dll
Short name: MLAUNC~1.DLL
Date (created): 4/27/2006 1:50:06 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 4/27/2006 1:50:06 PM
Filesize: 262237
Attributes: archive
MD5: 8E989B651AC35FCBB8DF71651460E037
CRC32: 97ED0E00
Version: 1.0.0.4

{80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class)
DPF name:
CLSID name: UnoCtrl Class
Installer:
Codebase: http://zone.msn.com/...O1.cab55579.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: GAME_UNO1.dll
Short name: GAME_U~1.DLL
Date (created): 1/25/2007 12:10:14 AM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 1/25/2007 12:10:14 AM
Filesize: 390512
Attributes: archive
MD5: 0CB1409633FB23F69BD88D615F8D523B
CRC32: D97A90A9
Version: 1.0.1171.1

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zon...nt.cab31267.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 5/29/2003 3:00:20 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 5/29/2003 3:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.ma...t/ultrashim.cab

{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class)
DPF name:
CLSID name: SABScanProcesses Class
Installer: C:\WINDOWS\Downloaded Program Files\sabspx.inf
Codebase: http://www.superadbl...ivex/sabspx.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: sabspx.dll
Short name:
Date (created): 2/26/2007 1:41:44 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 2/26/2007 1:41:44 PM
Filesize: 380144
Attributes: archive
MD5: F3A9C44C8AA9CFA7D0FDF994E028C01B
CRC32: 77AA169B
Version: 1.0.0.1042

{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://cdn2.zone.msn...ro.cab56649.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 1/31/2005 11:26:46 PM
Date (last access): 6/22/2007 7:47:30 PM
Date (last write): 2/19/2007 11:26:28 AM
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 6/12/2007 9:02:42 AM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 6/25/2007 8:07:52 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class)
DPF name:
CLSID name: HGPlugin9USA Class
Installer: C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.inf
Codebase: http://gamedownload....GPlugin9USA.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HGPlugin9USA.dll
Short name: HGPLUG~1.DLL
Date (created): 8/9/2006 8:56:06 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 8/9/2006 8:56:06 PM
Filesize: 53248
Attributes: archive
MD5: D075F38B14A69362897FA1010A676A7B
CRC32: A87C7F44
Version: 9.0.0.0

{D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class)
DPF name:
CLSID name: HGPluginJP23 Class
Installer: C:\WINDOWS\Downloaded Program Files\HGPluginJP23.inf
Codebase: http://down.hangame....GPluginJP23.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HGPluginJP23.dll
Short name: HGPLUG~2.DLL
Date (created): 1/15/2007 6:42:40 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 1/15/2007 6:42:40 PM
Filesize: 40960
Attributes: archive
MD5: 5939024928094B97B4FEF6FFA6043680
CRC32: D21535EF
Version: 23.0.0.0

{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator)
DPF name:
CLSID name: MSN Games Game Communicator
Installer:
Codebase: http://zone.msn.com/...xy.cab55579.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: StProxy.dll
Short name:
Date (created): 1/24/2007 9:24:24 PM
Date (last access): 6/25/2007 7:50:36 PM
Date (last write): 1/24/2007 9:24:24 PM
Filesize: 299432
Attributes: archive
MD5: C68867D8C7C098AA75A40D6BB1706BE4
CRC32: D775327E
Version: 9.5.5579.1

{E5D419D6-A846-4514-9FAD-97E826C84822} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\heartbeat.inf
Codebase: http://fdl.msn.com/z...s/heartbeat.cab



--- Process list ---
PID: 0 ( 0) [System]
PID: 536 ( 4) \SystemRoot\System32\smss.exe
PID: 644 ( 536) \??\C:\WINDOWS\system32\csrss.exe
PID: 676 ( 536) \??\C:\WINDOWS\system32\winlogon.exe
PID: 720 ( 676) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 732 ( 676) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 888 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 948 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1048 ( 720) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1096 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1148 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1404 ( 720) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 16512
MD5: 0BAB87DB7DAC336B52ADA529CF472B74
PID: 1520 ( 720) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 132736
MD5: 4C2D6F51F2A1943EF24E8C3E55267F04
PID: 1540 (1448) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1820 (1540) C:\Program Files\Comodo\LaunchPad\CLPTray.exe
size: 229448
MD5: 500054959169939953F58D7DDB703E87
PID: 1832 (1540) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8F5581D1BE59577CACD5B43CFC5E4447
PID: 1844 (1540) C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
size: 241664
MD5: 5BA2E095755F7BC116378A5CADD34DCD
PID: 1856 (1540) C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 81920
MD5: D728A3BE3BBB48F7DF4D847D0CF70BB9
PID: 1864 (1540) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: DADB538F51007D5EA5FA1EE553183F80
PID: 1876 (1540) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 75392
MD5: 41B88784128C1EB3A24A928CE58B2455
PID: 1896 (1540) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1916 (1540) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
PID: 2016 ( 720) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 192 (1540) C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
size: 57344
MD5: 75C22DAD3571C474A0E2B1ABA4E7B409
PID: 220 (1540) C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
size: 2019328
MD5: 7B7C6A1D1EE582E850A858F7A1E3D906
PID: 404 (1540) C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
size: 622592
MD5: F9F1AD2CA91738D17DC1626F3D0677F7
PID: 420 (1540) C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
size: 45568
MD5: 60FDD0FCF620DEB6AC1F5FBEDB659489
PID: 440 (1540) C:\WINDOWS\system32\sistray.exe
size: 331776
MD5: 75D2905CC72D4DEB2771EEF42A809C35
PID: 472 (1540) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 257752
MD5: CFBD142459389EFD5C5F27CD913C2564
PID: 572 ( 888) C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
size: 159960
MD5: 69BB55D6FF0AD519120A0C34BAC6D290
PID: 1020 ( 404) C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
size: 1630208
MD5: 0C4C8A0D7386B589405E731ECACF42E7
PID: 2164 ( 720) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 2180 ( 720) C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
size: 569936
MD5: 8B5530A38FA78193F05447624FEF29DF
PID: 2592 ( 720) C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
size: 94255
MD5: 6A58346A1D8113BA1B58B3C120575437
PID: 2752 ( 720) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 243328
MD5: 0005DB55986F3B014FBA24C2356476B7
PID: 2848 ( 720) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 345728
MD5: D1C26F6B1AA7BA597F435CB136E998D4
PID: 3296 ( 720) C:\Program Files\iPod\bin\iPodService.exe
size: 331776
MD5: F82D852F5969BD3A1EC61E42D0255954
PID: 3932 ( 720) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3576 (1864) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 208941
MD5: 4814A30318E728C5367BBAC2AB1D1F58
PID: 3496 (1048) C:\WINDOWS\system32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 2672 (1540) C:\Program Files\internet explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 1936 ( 720) C:\Program Files\MSN Messenger\usnsvc.exe
size: 97136
MD5: C5B70A6AA947667CE0E5FC84A05EC8B6
PID: 3824 (1540) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1280 (1840) C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
size: 157312
MD5: A22635DD443FB4B43E8DD0BC2E7B3BC8
PID: 3656 ( 572) C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
size: 221400
MD5: 5A8736AC6E698CF5249C4A232B5024AF
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/25/2007 8:07:53 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.hijackthis.de/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://us.rd.yahoo.c...//www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Flash Player ActiveX 9.0.45.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com...player_support/

Adobe Shockwave Player 10.2.0.22 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\PROGRA~1\ALWILS~1\Avast4\setup
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: http://www.avast.com

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

AviSynth 2.5 (AviSynth)
uninstall cmd: "C:\Program Files\AviSynth 2.5\Uninstall.exe"

BitTorrent 4.26.0 (BitTorrent)
uninstall cmd: "C:\Program Files\BitTorrent\uninstall.exe"

(Branding)

C-Media 3D Audio (C-Media Audio)
uninstall cmd: C:\WINDOWS\CMIUnInstall.exe

C-Media WDM Audio Driver (C-Media Audio Driver)
uninstall cmd: C:\WINDOWS\system32\cmirmdrv.exe

Combined Community Codec Pack 2007-02-22 2007-02-22 23:00 (Combined Community Codec Pack_is1)
install date: 20070623
install location: C:\Program Files\Combined Community Codec Pack\
uninstall cmd: "C:\Program Files\Combined Community Codec Pack\unins000.exe"
publisher: CCCP Project
help link: http://www.cccp-project.net/

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

Enigma Browser (remove only) (Enigma Browser)
uninstall cmd: "C:\Program Files\Enigma Browser\uninst.exe"

EULAlyzer v1.2 1.2.0 (EULAlyzer_is1)
install date: 20070612
install location: C:\Program Files\EULAlyzer\
uninstall cmd: "C:\Program Files\EULAlyzer\unins000.exe"
publisher: Javacool Software LLC

Finale NotePad 2006 (Finale NotePad 2006)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2006\uninstal.log

(Fontcore)

Free Ram Optimizer XP 1.0 (Free Ram Optimizer XP_is1)
uninstall cmd: "C:\Program Files\AceLogix\Free Ram Optimizer\unins000.exe"
publisher: AceLogix
help link: http://www.acelogix.com

GunboundWC (GunboundWC_is1)
install date: 20070127
install location: C:\Program Files\softnyx\
uninstall cmd: "C:\Program Files\softnyx\unins000.exe"
publisher: Softnyx co.,ltd.
help link: http://www.gunbound.net

Hamachi 1.0.0.62 (Hamachi)
uninstall cmd: C:\Program Files\Hamachi\uninstall.exe

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\User\My Documents\hijackthis_199\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Veoh Player 3.2.1 (InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B})
version: 50462721
version (major): 3
version (minor): 2
estimated size: 6555
install date: 20070524
install location: C:\Program Files\Veoh Networks\Veoh\
install source: C:\DOCUME~1\User\LOCALS~1\Temp\{81AA1BB0-63C1-4CDA-926A-5A9CCC86F206}\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
publisher: Veoh Networks, Inc.

iTunes 4.9.0.17 (InstallShield_{47808F78-F178-49DC-B708-15FE538B16FF})
version: 67698688
version (major): 4
version (minor): 9
estimated size: 14072
install date: 20060604
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{A89EB61A-717D-4E9B-BB70-7626DF2EB947}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Comodo Personal Firewall 2.0.0001 (InstallShield_{BA653D63-0D0E-48F8-87E5-150CCF5E9413})
version: 33554433
version (major): 2
estimated size: 11092
install date: 20060527
install source: C:\DOCUME~1\User\LOCALS~1\Temp\_is3C\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BA653D63-0D0E-48F8-87E5-150CCF5E9413}
publisher: ComodoGroup
comments: A product of Comodo
contact: personalfirewall@comodo.com
help link: http://www.personalfirewall.comodo.com
help telephone: "
readme: "

OpenMG Secure Module 4.4.00 4.4.00.11241 (InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2})
version: 67371008
version (major): 4
version (minor): 4
estimated size: 15978
install date: 20070223
install location: C:\Program Files\Sony Corporation\OpenMG Secure Module\
install source: D:\common\openmg\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
publisher: Sony Corporation

Kaspersky Online Scanner 5.0.83.0 (Kaspersky Online Scanner)
estimated size: 6040
install location: C:\WINDOWS\system32\KASPER~1\KASPER~1
uninstall cmd: C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: http://www.kaspersky.com/support.asp

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=873339

(KB884016)

(KB884267)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=885250

(KB885353)

Windows XP Hotfix - KB885835 20041027.181713 (KB88583

#27 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 25 June 2007 - 07:39 AM

Hi! I somehow find out what happen regarding the auto restart thingy. When i access a mini SD memory card at the picture section, it will auto restart. However, if i use Avast scanner to scan it, it will have trouble accessing the card. Do you have any methods so that I can prepare a log for you to see regarding the mini SD card? Thanks for all your help!

#28 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 25 June 2007 - 09:38 AM

No sorry.

I suspected some hardware proglems. Spontaneous restart is a sign that we look for.

If there is any RAM on the card it may be bad.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#29 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 27 June 2007 - 03:15 AM

Hi! What is Spontaneous? Anyway I don't think there's any ram on the card...

#30 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 27 June 2007 - 07:29 AM

Without being tended, sudden....

Check for head in your computer. Make sure all fans are clean, on the back of the computer and on the CPU.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#31 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 28 June 2007 - 12:38 AM

I had the sudden kind of restart before. However, this time it also shows the windows is shutting down kind of thing...

#32 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 28 June 2007 - 08:19 AM

You have hardware problems.

Can't help you from this end.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#33 falconnub

falconnub

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 29 June 2007 - 07:00 AM

Hi! No worries... After i check with my sis, she said it's blink and boom! It restarted... It's ok... Thanks for your help this few weeks... Really appreciate it!

#34 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 29 June 2007 - 07:49 AM

Thank you.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#35 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 10 July 2007 - 08:49 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button