Tech Support Guy banner
Cancel

HJT-log Computer rebooting and slow

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 13 of 13 Posts
I

· Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
Computer is slow and rebooting itself. Happens more often when driving multiple programs same time and when having several downloads simultaneously. Being suspicious because in task manager/processes there is 7 svchosts and CLI.exe

I´ve executed following operations:
1.Anti-Vir (no viruses)
2.Avast (found a keylogger and trojan) executed twice more no probs found
3.Spybot (found some spyware)
4.Ad-aware (no probs)
5.AVG (no probs)
In addition, I have deleted all the problems which I thought may have caused problems

Logfile of HijackThis v1.99.1
Scan saved at 13:31:03, on 11.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\AntiVir PersonalEdition Classic\sched.exe
C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\softat\nvidia\bin\nSvcIp.exe
C:\softat\nvidia\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\softat\nvidia\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\softat\nvidia\bin\nTrayFw.exe
C:\softat\LG\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\softat\LG\fwupdate.exe
C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\softat\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\softat\SAMSUNG\GammaTray.exe
C:\softat\Logitech\SetPoint\SetPoint.exe
C:\softat\SAMSUNG\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Programs\foobar2000\foobar2000.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programs\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\softat\nvidia\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RemoteControl] C:\softat\LG\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LGODDFU] C:\softat\LG\fwupdate.exe
O4 - HKLM\..\Run: [ppmate] C:\Programs\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [avgnt] "C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\softat\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Scepter\OctoshapeClient.exe" -inv:bootrun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\softat\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\softat\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\Programs\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: bw+0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\softat\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programs\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programs\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\softat\nvidia\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\softat\nvidia\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\softat\nvidia\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
I

· Registered
Joined
·
7 Posts
Discussion Starter · #3 ·
Did clean install about a year ago.
Was thinking to wait for Vista before next one.
Have done disc defrag frequently.

Maybe there is a problem with my hard disk because comp crashes with downloads such as dc++.
Torrent programs have never worked with my comp, crashes once in a while.
 
K

· Registered
Joined
·
12,302 Posts
#4 ·
Uninstall logitec desktop messenger from add/remove you don't need it!

If I was you I would stay away from Vista for a few years as there are bound to be problems with it!

WinPFind

* Download WinPFind http://www.bleepingcomputer.com/files/winpfind.php
Double click on WinPFind and unzip it to your Desktop.
Don't do anything with it yet!
*

Download Track qoo http://www.geekstogo.com/downloads/Trackqoo.zip
o Save it to the Desktop.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly
until a menu shows up (and choose Safe Mode from the list). In some systems,
this may be the F5 key, so try that if F8 doesn't work.

Double click WinPFind.exe

* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!

Reboot back to Normal Mode!

Double click on 'Track qoo.vbs'

Note - If you have an anti-virus program that has script blocking features,
you will get a pop up window asking you what to do. Allow this entire script
to run. It's harmless.

Wait a few seconds and Notepad will pop up. Copy & Paste those results and
place them in the next post along with the results of WinPFind!

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find AVG Antipsyware guard
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.

Note: You may get an error here when trying to access the properties of the
service. If you do get an error, just select the service and look there in
the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

You can re-enable this after you are clean!

* Click here to download ATF Cleaner by Atribune and save it to your desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.

* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in
safe mode:

Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.

reboot to normal mode and run a few online scans!

Note: this is a stand alone, it doesn't install to start/programmes.

Download Mwav,

http://www.spywareinfo.dk/download/mwav.exe

double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on mwavscan
to launch the programme.

Use the defaults of:

Memory
startup folders
Registry
system folders
services

Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.

Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.

Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.

post another hijack this log, the AVG Anti-Spyware log. winpfind, trackqoo and the Mwav scan log.
 
I

· Registered
Joined
·
7 Posts
Discussion Starter · #6 ·
Okay. Took a while with all the checks but here are all the logs. avg found a a trojan dropper.

HJT
Logfile of HijackThis v1.99.1
Scan saved at 22:24:01, on 11.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Programs\AntiVir PersonalEdition Classic\sched.exe
C:\softat\nvidia\bin\nTrayFw.exe
C:\softat\LG\PowerDVD\PDVDServ.exe
C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\VM_STI.EXE
C:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\softat\nvidia\bin\nSvcIp.exe
C:\softat\LG\fwupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\softat\nvidia\bin\nSvcLog.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\softat\Logitech\SetPoint\SetPoint.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\softat\nvidia\bin\nSvcAppFlt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\DC++\DCPlusPlus.exe
C:\WINDOWS\system32\notepad.exe
C:\hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\softat\nvidia\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RemoteControl] C:\softat\LG\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LGODDFU] C:\softat\LG\fwupdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\softat\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\Programs\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programs\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\softat\nvidia\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\softat\nvidia\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\softat\nvidia\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:25:17 11.1.2007

+ Scan result:

C:\Programs\mozilla\SetupPoker.exe -> Adware.Casino : Cleaned.
C:\Programs\mozilla\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Scepter\Desktop\misc\BS.PLAYER.PRO V2.0 SETUP.0XE -> Dropper.Agent.ru : Cleaned.
C:\Documents and Settings\Scepter\My Documents\Vastaanotetut tiedostot\software\ppstreamsetup.exe -> Not-A-Virus.Constructor.Win32.QQRob.e : Cleaned.
F:\Karaoke ohelmia\All codecs needed for Windows Media Player - DivX & SVCD movies etc\04...DivX5\LS_DivX_5.0_Pro_Bundle_Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
:mozilla.250:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.185:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.164:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.167:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.10:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.12:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.127:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.128:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.129:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.130:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Vanaha Liitto\Cookies\vanaha [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.194:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.282:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.283:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.171:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Scepter\Application Data\Mozilla\Firefox\Profiles\injyvrzz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.249:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.193:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.153:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.155:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.156:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.160:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.161:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.168:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.174:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.139:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.234:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.235:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.253:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.72:C:\Documents and Settings\Scepter\Application Data\Mozilla\Firefox\Profiles\injyvrzz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.112:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.113:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.114:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.115:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.35:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.36:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.277:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.301:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.302:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.323:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.105:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.256:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.13:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.9:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.116:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.257:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.122:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.123:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.143:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.144:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.145:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.146:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
 
I

· Registered
Joined
·
7 Posts
Discussion Starter · #7 ·
WINPFIND

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 11.1.2007 15:06:12
WinPFind v1.5.0 Folder = C:\Documents and Settings\Scepter\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 17.11.2004 10:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 18.3.2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 26.5.2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 22.7.2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 5.12.2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 3.2.2006 8:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 31.3.2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
aspack 28.9.2006 15:05:20 2414360 C:\WINDOWS\SYSTEM32\d3dx9_31.dll (Microsoft Corporation)
PEC2 4.8.2004 3:07:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 3.7.2006 23:40:50 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 3.7.2006 23:40:50 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PEC2 28.10.1998 22:51:00 42496 C:\WINDOWS\SYSTEM32\hvstrlib.DLL ()
PTech 12.7.2005 17:04:22 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft® Corporation)
PECompact2 5.10.2005 4:09:08 2293088 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 5.10.2005 4:09:08 2293088 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 4.8.2004 3:07:00 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 4.8.2004 3:07:00 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 4.8.2004 3:07:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
UPX! 26.11.2003 0:32:02 123392 C:\WINDOWS\SYSTEM32\pncrt.dll (Real Networks, Inc)
Umonitor 4.8.2004 3:07:00 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 4.8.2004 3:07:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11.1.2007 15:05:10 S 2048 C:\WINDOWS\bootstat.dat ()
10.1.2007 17:04:44 H 54156 C:\WINDOWS\QTFont.qfn ()
11.1.2007 13:12:32 H 35864 C:\WINDOWS\system32\vsconfig.xml ()
11.1.2007 15:05:06 H 8192 C:\WINDOWS\system32\config\default.LOG ()
11.1.2007 15:05:22 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
11.1.2007 15:05:10 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG ()
11.1.2007 15:05:12 H 57344 C:\WINDOWS\system32\config\software.LOG ()
11.1.2007 15:05:12 H 1069056 C:\WINDOWS\system32\config\system.LOG ()
19.12.2006 1:44:46 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
15.11.2006 12:20:46 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2479539e-063e-4286-9cdb-e55fa7f4cde3 ()
25.11.2006 4:39:34 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\57280752-7159-4423-90aa-08d6da61df02 ()
22.11.2006 18:51:24 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e6d0886c-5b49-4274-85a9-aa6641c3c293 ()
25.11.2006 4:39:34 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
11.1.2007 15:03:58 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
4.8.2004 3:07:00 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
17.11.2004 10:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
4.8.2004 3:07:00 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4.8.2004 3:07:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
4.8.2004 3:07:00 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
4.8.2004 3:07:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
4.8.2004 3:07:00 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
4.8.2004 3:07:00 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
4.8.2004 3:07:00 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
9.11.2006 15:07:28 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
4.8.2004 3:07:00 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
4.8.2004 3:07:00 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
4.8.2004 3:07:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
4.8.2004 3:07:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
4.8.2004 3:07:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
4.8.2004 3:07:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
4.8.2004 3:07:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
20.3.2006 21:43:16 372736 C:\WINDOWS\SYSTEM32\PhysX.cpl ()
4.8.2004 3:07:00 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
4.8.2004 3:07:00 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
4.8.2004 3:07:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
4.8.2004 3:07:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
4.8.2004 3:07:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26.5.2005 3:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
4.8.2004 3:07:00 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
4.8.2004 3:07:00 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
4.8.2004 3:07:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
4.8.2004 3:07:00 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
4.8.2004 3:07:00 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
4.8.2004 3:07:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
4.8.2004 3:07:00 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
4.8.2004 3:07:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
4.8.2004 3:07:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
4.8.2004 3:07:00 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
4.8.2004 3:07:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
4.8.2004 3:07:00 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
4.8.2004 3:07:00 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
4.8.2004 3:07:00 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
4.8.2004 3:07:00 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
4.8.2004 3:07:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
4.8.2004 3:07:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
4.8.2004 3:07:00 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
26.5.2005 3:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
{5ED80217-570B-4DA9-BF44-BE107C0EC166} - Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols/fscax.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7.2.2006 20:37:32 994 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ()
10.1.2007 15:16:02 1765 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
27.9.2005 21:47:14 1301 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk ()
27.9.2005 20:09:38 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
27.9.2005 21:04:16 1606 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ()
27.9.2005 21:47:14 1329 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune3.5.lnk ()
23.5.2006 15:39:52 1653 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
27.9.2005 21:49:58 485 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
2.3.2006 2:09:26 305 C:\Documents and Settings\All Users\Application Data\addr_file.html ()
28.9.2005 3:36:56 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
10.1.2007 17:16:22 1356 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
27.9.2005 20:09:38 HS 84 C:\Documents and Settings\Scepter\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
28.9.2005 3:36:56 HS 62 C:\Documents and Settings\Scepter\Application Data\desktop.ini ()
30.6.2006 14:38:50 23728 C:\Documents and Settings\Scepter\Application Data\GDIPFONTCACHEV1.DAT ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - = ()
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2E608F70-C430-4BC5-96F6-608E02EBA5B2} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 = Windows Messenger
\\NEXTID - 8195
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8194 = PartyPoker.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = E:\games\PP\PartyPoker\RunApp.exe ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{950FF917-7A57-46BC-8017-59D9BF474000} - Shell Extension for CDRW = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG)
\\{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = ()
\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Programs\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Programs\real\rpshell.dll (RealNetworks, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Programs\WinRAR\rarext.dll ()
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{5E2121EE-0300-11D4-8D3B-444553540000} - Catalyst Context Menu extension = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programs\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programs\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programs\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programs\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programs\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()
\InCDMenu - {950FF917-7A57-46BC-8017-59D9BF474000} = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programs\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programs\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
InCD - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
nTrayFw - C:\softat\nvidia\bin\nTrayFw.exe (NVIDIA Corporation)
RemoteControl - C:\softat\LG\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
IMJPMIG8.1 - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe ()
PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
QuickTime Task - C:\Programs\quicktime\qttask.exe (Apple Computer, Inc.)
BigDogPath - C:\WINDOWS\VM_STI.EXE (BIGDOG)
Zone Labs Client - C:\Programs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
AGEIA PhysX SysTray - C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
Logitech Hardware Abstraction Layer - C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
ATICCC - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
LGODDFU - C:\softat\LG\fwupdate.exe (CST)
ppmate - C:\Programs\PPMate\PPMate\ppmate.exe ()
avgnt - C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
DAEMON Tools - C:\Programs\DAEMON Tools\daemon.exe (DT Soft Ltd.)
!AVG Anti-Spyware - C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
 
I

· Registered
Joined
·
7 Posts
Discussion Starter · #8 ·
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PowerBar - Reg Data missing or invalid ()
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
NBJ - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
Octoshape Streaming Services - C:\Program Files\Octoshape Streaming Services\Scepter\OctoshapeClient.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk - C:\softat\SAMSUNG\GammaTray.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - C:\softat\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune3.5.lnk - C:\softat\SAMSUNG\MagicTuneTray.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Programs\Office\Office10\OSA.EXE (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk - C:\softat\SAMSUNG\NaturalColorLoad.exe ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Scepter\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = ()
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Programs\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{66711A6D-7B34-4CEE-8DD0-656A4089254C} - ()
{75E56C1E-1B74-42B0-85FC-76C9A2918307} - ()
{B76D8621-2A71-4B2B-928C-CEB3593B21E2} - ()

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000002\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000003\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000004\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000005\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000006\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000007\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000008\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000009\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000010\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000011\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000012\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000013\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000014\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000015\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000028\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000029\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000030\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000031\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
::Report end

Track QOO
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nTrayFw"="C:\\softat\\nvidia\\bin\\nTrayFw.exe"
"RemoteControl"="C:\\softat\\LG\\PowerDVD\\PDVDServ.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"QuickTime Task"="\"C:\\Programs\\quicktime\\qttask.exe\" -atboottime"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera"
"Zone Labs Client"="C:\\Programs\\ZoneAlarm\\zlclient.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"LGODDFU"="C:\\softat\\LG\\fwupdate.exe"
"ppmate"="C:\\Programs\\PPMate\\PPMate\\ppmate.exe -autoplay"
"avgnt"="\"C:\\Programs\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"DAEMON Tools"="\"C:\\Programs\\DAEMON Tools\\daemon.exe\" -lang 1033"
"!AVG Anti-Spyware"="\"C:\\Programs\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- AVG Anti-Spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920}
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\context.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A}
C:\Programs\AntiVir PersonalEdition Classic\shlext.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Programs\WinRAR\rarext.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRAMS\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk
Adobe Reader Speed Launch.lnk
Color Calibration.lnk
desktop.ini
Logitech SetPoint.lnk
MagicTune3.5.lnk
Microsoft Office.lnk
NaturalColorLoad.lnk
==============================
C:\Documents and Settings\Scepter\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk
Adobe Reader Speed Launch.lnk
Color Calibration.lnk
desktop.ini
Logitech SetPoint.lnk
MagicTune3.5.lnk
Microsoft Office.lnk
NaturalColorLoad.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files

access.cpl Microsoft Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
PhysX.cpl
powercfg.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

MWAV
Virus log information:
File C:\Documents and Settings\Scepter\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Scepter\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{B59AD832-B1B5-450B-AE1F-9DAB34718290}\RP375\A0153917.exe tagged as not-a-virus:AdWare.Win32.Casino.w. No Action Taken.
File E:\temp\mirc62.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.
File E:\temp\Texas-holdem-training.exe tagged as not-a-virus:AdWare.Win32.Casino.w. No Action Taken.

Thu Jan 11 22:18:13 2007 => ***** Scanning complete. *****

Thu Jan 11 22:18:13 2007 => Total Number of Files Scanned: 105299
Thu Jan 11 22:18:13 2007 => Total Number of Virus(es) Found: 5
Thu Jan 11 22:18:13 2007 => Total Number of Disinfected Files: 0
Thu Jan 11 22:18:13 2007 => Total Number of Files Renamed: 2
Thu Jan 11 22:18:13 2007 => Total Number of Deleted Files: 0
Thu Jan 11 22:18:13 2007 => Total Number of Errors: 14
Thu Jan 11 22:18:13 2007 => Time Elapsed: 03:41:15
Thu Jan 11 22:18:13 2007 => Virus Database Date: 2006/12/28
Thu Jan 11 22:18:13 2007 => Virus Database Count: 254631

Thu Jan 11 22:18:13 2007 => Scan Completed.
 
K

· Registered
Joined
·
12,302 Posts
#9 ·
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php

Double-click on Killbox.exe to run it. Now put a tick by Delete on
Reboot. In the "Full Path of File to Delete" box, copy and paste each
of the following lines one at a time then click on the button that has
the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file on next reboot. Click
Yes. It will then ask if you want to reboot now. Click No. Continue
with that same procedure until you have copied and pasted all of
these in the "Paste Full Path of File to Delete" box.Then click yes
to reboot after you entered the last one.

Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.

C:\Documents and Settings\All Users\Application Data\addr_file.html

Download Superantispyware.

http://www.superantispyware.com/

Once downloaded and installed update the defintions
and then run a full system scan quarantine what it finds!

All tools can be downloaded at the link below and found on that page!

. SUPERAntiSpyware

http://www.majorgeeks.com/downloads31.html

Make sure your ActiveX controls are set as follows:

Go to Internet Options - Security - Internet, press 'default level', then OK.
Now press "Custom Level."

In the ActiveX section, set the first two options (Download signed and
unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
controls not marked as safe" to 'disable'.

Active X settings

http://www.compu-docs.com/activex.htm

Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!

post another log and the panda scan log!
 
I

· Registered
Joined
·
7 Posts
Discussion Starter · #10 ·
Panda activescan was clean.

Logfile of HijackThis v1.99.1
Scan saved at 12:03:03, on 12.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\AntiVir PersonalEdition Classic\sched.exe
C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\softat\nvidia\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\softat\nvidia\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\softat\nvidia\bin\nSvcAppFlt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\softat\LG\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\softat\LG\fwupdate.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\softat\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Programs\foobar2000\foobar2000.exe
C:\Programs\AntiVir PersonalEdition Classic\avnotify.exe
C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Scepter\Desktop\WoW-2.0.0-enUS-Installer\wowclient-downloader.exe
C:\Programs\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\softat\nvidia\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RemoteControl] C:\softat\LG\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LGODDFU] C:\softat\LG\fwupdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\softat\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\Programs\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programs\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programs\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\softat\nvidia\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\softat\nvidia\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\softat\nvidia\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
K

· Registered
Joined
·
12,302 Posts
#11 ·
1 - 13 of 13 Posts
Status
Not open for further replies.
About this Discussion
12 Replies
2 Participants
Last post:
khazars
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top