Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help: Look2me.topconverting, command Service, Alexa Related, Smitfraud

Started by shayras , Sep 13 2006 07:08 AM

  • Please log in to reply

#46
shayras
Posted 25 October 2006 - 12:33 PM

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Me also I dont know if the problems are related, but i think the first PC stills infected because I tried today to do the online scan and it didnt work.

Also at the moment I enabled the WAN connection some services tried to access the internet and i had to block them with zone alarm.

After that the computer starts to act verry strange, all my coeenctions (they are tree) starts to apear like mapped folders and when I tryed to restart the computer it just worked at 4ht time.

As you see all this is very strange and I still need your help.

About the second infected computer, i have folowed Trend Micro steps, provided on their site and removed both trojans. The PC seems to be working fine now and I have done several scans with AVG.

Tomorow I'm thinking to do an online scan so I can be sure.
  • 0

Advertisements

#47
agrarianmonk
Posted 25 October 2006 - 03:27 PM

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
ok, let's take another look using a different scan:

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#48
shayras
Posted 26 October 2006 - 06:14 AM

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Ok, I will folow the instructions and post a log file.
  • 0

#49
shayras
Posted 26 October 2006 - 06:42 AM

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here is the log file:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ccleaner" = ""C:\Program Files\CCleaner\ccleaner.exe" /AUTO" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [null data]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = " RPCRT3.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"DfsInit" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ShowSuperHidden" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Disable registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"disablecad" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Default User\Desktop\untitled.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Desktop\untitled.bmp"

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"ZoneAlarm Pro" -> shortcut to: "C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe -nopopup" ["Zone Labs Inc."]


Enabled Scheduled Tasks:
------------------------

"RunBackupForDB" -> launches: "G:\backup\RunBackupForDB.bat" [null data]
"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" ["ParetoLogic Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Compaq Remote Monitor Service, CpqRcmc, "C:\WINNT\System32\CpqRcmc.exe" ["Compaq"]
HP Insight Diagnostics, hpdiags, "C:\compaq\hpdiags\hpdiags.exe -ntservice_s -l en" [null data]
HP Insight Foundation Agent, CqMgHost, "C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe" ["Hewlett-Packard Company"]
HP Insight NIC Agent, CpqNicMgmt, "C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe" ["Hewlett-Packard Company"]
HP Insight Server Agents, CqMgServ, "C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe" ["Hewlett-Packard Company"]
HP Insight Storage Agents, CqMgStor, "C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe" ["Hewlett-Packard Company"]
HP Insight Web Agent, CpqWebMgmt, "C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe" ["HP Corporation"]
HP ProLiant System Shutdown Service, sysdown, "C:\WINNT\System32\sysdown.exe" ["Compaq Computer Corporation"]
HP Version Control Agent, cpqvcagent, "C:\Compaq\vcagent\vcagent.exe" ["Hewlett-Packard Company"]
Secure Path Agent, SecurePathAgent, "C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe" ["Hewlett Packard Corporation"]
SNMP Service, SNMP, "C:\WINNT\System32\snmp.exe" [MS]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
TapeWare, TapeWare, "C:\Program Files\TapeWare\TWWINSDR.EXE" [null data]
Terminal Services, TermService, "C:\WINNT\System32\termsrv.exe" [MS]
TrueVector Internet Monitor, vsmon, "C:\WINNT\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
VNC Server Version 4, WinVNC4, ""C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service" ["RealVNC Ltd."]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 9 seconds.
---------- (total run time: 34 seconds)
  • 0

#50
agrarianmonk
Posted 28 October 2006 - 11:01 AM

agrarianmonk

    Visiting Staff

  • Member
  • PipPipPip
  • 753 posts
hmm...that log didn't help too much even though it took me a while to go through.

Let's try a couple of things:

SDfix has been recently updated so let's run the new version; first delete your old version:

Download the newest version of SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings.
  • In the AddOn-Options group click the checkboxes for
    • HKCU_IEDesktop.def
    • Jobs.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.


In your next post, please include...

new hijackthis log
winpfind log
sdfix log.
  • 0

#51
shayras
Posted 30 October 2006 - 06:17 AM

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi there,

I will split the logs in different replays.

This one is the SDfix report.

SDFix: Version 1.34
-------------------

Scan run on:
Mon 10/30/2006

Time:
11:26a


Microsoft Windows 2000 [Version 5.00.2195]

Running from: C:\Documents and Settings\Administrator\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----


Path:
----




Repairing Registry...


Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

C:\WINNT\system32\i
C:\WINNT\system32\setup_37637.exe

Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Files:
------


Any files removed are saved to the SDFix\backups Folder

FINISHED
  • 0

#52
shayras
Posted 30 October 2006 - 06:18 AM

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Logfile created on: 10/30/2006 12:12
WinPFind2 by OldTimer - Version 1.0.12 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind2\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)


< Processes (Non-Microsoft Only) >
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe - (Anti-Malware Development a.s. )
c:\program files\common files\symantec shared\ccevtmgr.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccsetmgr.exe - (Symantec Corporation )
c:\winnt\system32\cpqnimgt\cpqnimgt.exe - (Hewlett-Packard Company )
c:\winnt\system32\cpqrcmc.exe - (Compaq )
c:\winnt\system32\cpqmgmt\cpqwmgmt.exe - (HP Corporation )
c:\winnt\system32\cpqmgmt\cqmghost\cqmghost.exe - (Hewlett-Packard Company )
c:\winnt\system32\cpqmgmt\cqmgserv\cqmgserv.exe - (Hewlett-Packard Company )
c:\winnt\system32\cpqmgmt\cqmgstor\cqmgstor.exe - (Hewlett-Packard Company )
c:\program files\symantec antivirus\defwatch.exe - (Symantec Corporation )
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\compaq\hpdiags\hpdiags.exe - ( )
c:\program files\java\j2re1.4.2_01\bin\jusched.exe - ( )
c:\program files\compaq\securepath\agent\securepathagent.exe - (Hewlett Packard Corporation )
c:\winnt\system32\sysdown.exe - (Compaq Computer Corporation )
c:\program files\tapeware\twwinsdr.exe - ( )
c:\compaq\vcagent\vcagent.exe - (Hewlett-Packard Company )
c:\documents and settings\administrator\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\realvnc\vnc4\winvnc4.exe - (RealVNC Ltd. )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - about:blank
HKLM->Main\\Search Page - http://www.microsoft...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
HKLM->Main\\Local Page - C:\WINNT\SYSTEM32\blank.htm
HKCU->Main\\Start Page - http://www.microsoft...p...&ar=msnhome
HKCU->Main\\Search Page - http://www.microsoft...amp;ar=iesearch
HKCU->Main\\Default_Search_URL - http://www.microsoft.com/isapi
HKCU->Main\\Local Page - C:\WINNT\SYSTEM32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn...st/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 - Reg Data - Key not found
NextId - 8194

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc. )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{BDA77241-42F6-11d0-85E2-00AA001FE28C} - LDVP Shell Extensions = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINNT\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\!AVG Anti-Spyware - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe ( )
HKCU->Run\\ccleaner - "C:\Program Files\CCleaner\ccleaner.exe" /AUTO (File not found)

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - RPCRT3.dll (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - DfsInit;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
StartUpReg\AtiPTA - AtiPTA = Atiptaxx.exe (ATI Technologies, Inc. )
StartUpReg\CPQTEAM - CPQTEAM = cpqteam.exe (Hewlett-Packard Company )

[>> User Agent Post Platform <<]

[>> Winlogon <<]
HMLM->AltDefaultDomainName - BISSAUSMSCDB2
HMLM->AltDefaultUserName - Administrator
HMLM->AutoAdminLogon - 0
HMLM->DefaultDomainName - BISSAUSMSCDB2
HMLM->DefaultUserName - Administrator
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINNT\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\wzcnotif - wzcdlg.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{0AF4895B-CA3F-4791-859C-1E80B3331301} - 213.137.128.73,213.137.128.74 (HP NC7781 Gigabit Server Adapter)
{4CEB5FBB-7891-4093-AA6E-9A230F0A10C4} - (HP NC7771 Gigabit Server Adapter)
{862EDDDE-DE83-4A0E-8B70-4AAF9E543B42} - (HP NC7781 Gigabit Server Adapter)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
hpapp - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll (Hewlett-Packard Company )
hpapp\Apps - (File not found)
ipp - (File not found)
msdaipp - (File not found)
vnd.ms.radio - C:\WINNT\System32\msdxm.ocx ( )

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
HP Insight NIC Agent (CpqNicMgmt) - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
Compaq Remote Monitor Service (CpqRcmc) - C:\WINNT\System32\CpqRcmc.exe (Compaq ) [Automatic - Running - Win32, running in it's own process]
HP Version Control Agent (cpqvcagent) - C:\Compaq\vcagent\vcagent.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
HP Insight Web Agent (CpqWebMgmt) - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe (HP Corporation ) [Automatic - Running - Win32, running in it's own process]
HP Insight Foundation Agent (CqMgHost) - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
HP Insight Server Agents (CqMgServ) - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
HP Insight Storage Agents (CqMgStor) - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
Symantec AntiVirus Definition Watcher (DefWatch) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
HP Insight Diagnostics (hpdiags) - C:\compaq\hpdiags\hpdiags.exe -ntservice_s -l en ( ) [Automatic - Running - Win32, running in it's own process]
Secure Path Agent (SecurePathAgent) - C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe (Hewlett Packard Corporation ) [Automatic - Running - Win32, running in it's own process]
HP ProLiant System Shutdown Service (sysdown) - C:\WINNT\System32\sysdown.exe (Compaq Computer Corporation ) [Automatic - Running - Win32, running in it's own process]
TapeWare (TapeWare) - C:\Program Files\TapeWare\TWWINSDR.EXE ( ) [Automatic - Running - Win32, running in it's own process]
VNC Server Version 4 (WinVNC4) - "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (RealVNC Ltd. ) [Automatic - Running - Win32, running in it's own process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe (Zone Labs Inc. [Ver = 3.0.091 | Size = 299040 bytes | Date = 03/15/2002 20:21 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe

Miscellaneous Folders

AllUsers ApplicationData Folder

CurrentUser ApplicationData Folder

Program Files Folder
C:\Program Files\desktop.ini - ( [Ver = | Size = 271 bytes | Date = 05/01/2004 01:04 | Attr = H ])
C:\Program Files\folder.htt - ( [Ver = | Size = 21952 bytes | Date = 05/01/2004 01:04 | Attr = H ])

Common Files Folder

DPF files
{00134F72-5284-44F7-95A8-52A619F70751} - ObjWinNTCheck Class - CodeBase = https://192.168.100....ll/WinNTChk.cab
{08D75BB0-D2B5-11D1-88FC-0080C859833B} - OfficeScan Corp Edition Web-Deployment SetupINICtrl Class - CodeBase = https://192.168.100....ll/setupini.cab
{08D75BC1-D2B5-11D1-88FC-0080C859833B} - OfficeScan Corp Edition Web-Deployment SetupCtrl Class - CodeBase = https://192.168.100....stall/setup.cab
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - Encrypt Class - CodeBase = https://192.168.100....html/AtxEnc.cab
{5EFE8CB1-D095-11D1-88FC-0080C859833B} - OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class - CodeBase = https://192.168.100..../RemoveCtrl.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase = http://support.f-sec...m/ols/fscax.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macr...ash/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINNT\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab

Hosts file = 686 bytes. Reading all entries. C:\WINNT\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a "#" symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
# -
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 3
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 5
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 8194
Desktop\Components\0\\Position - 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3C 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 C0
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 F0 01 00 00 1F 00 00 00 80 00 00 00 76 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\WallpaperFileTime - C2 06 E8 36 47 4C C4 01
Desktop\General\\WallpaperLocalFileTime - C2 6E AC 98 4F 4C C4 01
Desktop\General\\ComponentsPositioned - 1
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 0
Desktop\General\\Wallpaper - %USERPROFILE%\Desktop\untitled.bmp
Desktop\General\\BackupWallpaper - %USERPROFILE%\Desktop\untitled.bmp
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 20 03 00 00 3C 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINNT\tasks\*.* - Parameters = Include SubFolders
C:\WINNT\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 07/24/2002 13:00 | Attr = RH ])
C:\WINNT\tasks\RunBackupForDB.job - ( [Ver = | Size = 248 bytes | Date = 10/30/2006 02:25 | Attr = ])
C:\WINNT\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/30/2006 11:29 | Attr = H ])
C:\WINNT\tasks\XoftSpy.job - ( [Ver = | Size = 316 bytes | Date = 01/24/2006 13:50 | Attr = ])

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\ActiveDesktop -
policies\ActiveDesktop\AdminComponent -
policies\Explorer -
policies\Explorer\\ShowSuperHidden - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\Ratings -
policies\system -
policies\system\\disablecad - 0
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 0

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 149
policies\System -
policies\System\\DisableRegistryTools - 0

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\SrvC - c:\red.exe

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run not found. -

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 149

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies not found. -

< End of report >
  • 0

#53
shayras
Posted 30 October 2006 - 06:21 AM

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:14:48 PM, on 10/30/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Compaq\vcagent\vcagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\compaq\hpdiags\hpdiags.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\WINNT\cluster\resrcmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Administrator\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.43.4:3128
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.100....ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://192.168.100....ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://192.168.100....stall/setup.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://192.168.100....html/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://192.168.100..../RemoveCtrl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OKSIJEN
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AF4895B-CA3F-4791-859C-1E80B3331301}: NameServer = 213.137.128.73,213.137.128.74
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - AppInit_DLLs: RPCRT3.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HP Insight Diagnostics (hpdiags) - Unknown owner - C:\compaq\hpdiags\hpdiags.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Secure Path Agent (SecurePathAgent) - Hewlett Packard Corporation - C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#54
shayras
Posted 24 November 2006 - 08:31 AM

shayras

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi there, did you forgot me?

I still waything for your instructions.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP