Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer lags and Pandascan found a virus(W32/Oscarbot.IF.worm)


  • This topic is locked This topic is locked

#16
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
My computer has 4.42GB of space remaining out of a total of 32.8GB. When i ran defragmenter it said it required 12% of free space which i didnt have. However, i ran it anyway. I attached a log of that below the hjt startup list log.

StartupList report, 12/18/2006, 12:23:56 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\Desktop\hijackt\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\hijackt\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
hpoddt01.exe.lnk = ?
Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
Murasu Anjal.lnk = C:\Program Files\Murasu Systems\Anjal2000\anjal.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

hpsysdrv = c:\windows\system\hpsysdrv.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
KYE_UDSI = "C:\Program Files\USB Storage RW\udsi.exe
hp Silent Service = C:\Windows\system32\HpSrvUI.exe
hpScannerFirstBoot = c:\hp\drivers\scanners\scannerfb.exe
KBD = C:\HP\KBD\KBD.EXE
StorageGuard = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /installquiet /keeploaded /nodetect
PS2 = C:\WINDOWS\system32\ps2.exe
SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
DownloadAccelerator = "C:\Program Files\DAP\DAP.EXE" /STARTUP
IE Accelerator = D:\chess\Booster\IEAccelerator.exe /Auto
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
YeppStudioAgent = C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
DAEMON Tools = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
FilmLoop = "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
QuickTime Task = "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NVIEW = rundll32.exe nview.dll,nViewLoadHook
ares = "C:\Program Files\Ares\Ares.exe" -h
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
googletalk = "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
Steam = "C:\Program Files\Steam-Down\Steam.exe" -silent
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\StripS2.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Microsoft Money\System\mnyside.dll - {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
(no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab31267.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.micros...b?1149309271765

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.micros...b?1149309252640

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[Java Plug-in 1.5.0_07]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start)
Alcatel Speed Touch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start)
dump_wmimmc: \??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys (manual start)
EagleNT: \??\C:\WINDOWS\system32\drivers\EagleNT.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Hamachi Network Interface: system32\DRIVERS\hamachi.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HSFHWBS2: System32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Monitor Driver: System32\DRIVERS\NMnt.sys (manual start)
NPPTNT2: \??\C:\WINDOWS\system32\npptNT2.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
PS2: System32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: System32\DRIVERS\sisgrp.sys (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{EDE1F9D8-262D-4DFC-903B-93D52D162CEC} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TIEHDUSB: system32\drivers\tiehdusb.sys (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)
User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
XTrapD12: \??\C:\WINDOWS\System32\XTrapD12.sys (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\system32\temppf.sys||C:\DOCUME~1\Owner\LOCALS~1\Temp\A~NSISu_.exe||C:\DOCUME~1\Owner\LOCALS~1\Temp\A~NSISu_.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 37,046 bytes
Report generated in 0.156 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Volume PRESARIO (C:)
Volume size = 37.30 GB
Cluster size = 4 KB
Used space = 32.60 GB
Free space = 4.69 GB
Percent free space = 12 %

Volume fragmentation
Total fragmentation = 16 %
File fragmentation = 25 %
Free space fragmentation = 7 %

File fragmentation
Total files = 91,730
Average file size = 462 KB
Total fragmented files = 233
Total excess fragments = 102,882
Average fragments per file = 2.12

Pagefile fragmentation
Pagefile size = 0 bytes
Total fragments = 0

Folder fragmentation
Total folders = 6,333
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 138 MB
MFT record count = 99,544
Percent MFT in use = 70 %
Total MFT fragments = 295

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
1,295 22 MB \Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\MAME\mvsc.zip
723 23 MB \Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\MAME\mshvsf.zip
971 42 MB \Program Files\Steam-Down\steamapps\deathmatch classic.gcf
2,563 43 MB \Program Files\Warcraft III\War3xlocal.mpq
1,193 50 MB \Documents and Settings\Owner\Desktop\Frozenthrone\Warcraft III - The Frozen Throne [Disk3] -crack,patch,serial.iso
3,623 170 MB \Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Roms.rar
1,589 256 MB \WINDOWS\system32\temppf.sys
1,437 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP271\A0125928.sys
3,526 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP272\A0125961.sys
2,744 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP272\A0125976.sys
2,034 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP274\A0127126.sys
3,405 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP275\A0128188.sys
2,327 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP274\A0128126.sys
2,337 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP271\A0125847.sys
2,345 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP272\A0126976.sys
3,069 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP271\A0125918.sys
2,760 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP275\A0128205.sys
3,274 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP275\A0128257.sys
2,593 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP274\A0128133.sys
2,598 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP272\A0126990.sys
2,818 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP272\A0127003.sys
3,881 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP275\A0128328.sys
3,757 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP273\A0127035.sys
3,174 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP274\A0127110.sys
1,197 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP276\A0128406.sys
1,910 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP278\A0128650.sys
1,516 256 MB \System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP276\A0128430.sys
2,230 420 MB \Program Files\Warcraft III\war3.mpq
16,391 632 MB \Documents and Settings\Owner\Desktop\Frozenthrone\Warcraft III - The Frozen Throne [Disk 1].iso.iso
7,301 938 MB \Program Files\BitComet\Downloads\Boku Chi Chi Nurse\New Folder\[061117] [West Vision] 爆乳ナース (iso+mds rr3)\TWPT01.ISO
  • 0

Advertisements


#17
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Ok, firstly you do not need AVG Antispyware & SuperAntispyware to be installed at the same time, they are both good programs but only one is needed. Both are running at startup so removing one would be a good start.

Secondly you would be better freeing up some disk space by uninstalling any programs you no longer need.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Are you still getting the messages?

Andy :whistling:
  • 0

#18
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
the uninstall list. and my next reply might come slightly late as i wont be home for the next 2 days or so. i rebooted my computer after posting the uninstall log and the error message did not appear. =)

however, things are still kinda laggy...e.g songs playing from my itunes lag and repeat(like how a scratched music cd would) when ever i click any link in firefox...im not too sure how to explain it...

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Shockwave Player
Alcatel SpeedTouch USB Software
Apple Software Update
Ares 1.9.0
Autodesk DWF Viewer
AVG Anti-Spyware 7.5
BitComet 0.68
CCleaner (remove only)
Compaq Connections
Counter-Strike 1.6
Counter-Strike: Condition Zero
DivX Web Player
Download Accelerator Plus (DAP)
easy Internet sign-up
Eye Candy 4000
FilmLoop Player
FLV Player 1.3.3
Google Talk (remove only)
GunZ Mouse Re-Binder 1.13
Hamachi 0.9.9.9
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Deskjet printer preloaded drivers
hp instant support
HP Memories Disc
HP Multifunction products preloaded drivers
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photosmart printers preloaded drivers
HP Scanjet scanner preloaded drivers
IE Accelerator 2.21
Image Resizer Powertoy for Windows XP
Intel® Extreme Graphics Driver
iPod for Windows 2005-02-22
iTunes
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
KBD
K-Lite Mega Codec Pack 1.51
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Metacafe
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 2.0
Microsoft Encarta Encyclopedia Standard - WE 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007 (Beta)
Microsoft Office Excel MUI (English) 2007 (Beta)
Microsoft Office InfoPath MUI (English) 2007 (Beta)
Microsoft Office Outlook MUI (English) 2007 (Beta)
Microsoft Office PowerPoint MUI (English) 2007 (Beta)
Microsoft Office Professional 2007 (Beta)
Microsoft Office Professional Plus 2007 (Beta)
Microsoft Office Proof (English) 2007 (Beta)
Microsoft Office Proof (French) 2007 (Beta)
Microsoft Office Proof (Spanish) 2007 (Beta)
Microsoft Office Publisher MUI (English) 2007 (Beta)
Microsoft Office Shared MUI (English) 2007 (Beta)
Microsoft Office Word MUI (English) 2007 (Beta)
Microsoft Works 7.0
Mozilla Firefox (1.5.0.8)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Murasu Anjal
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
Riva FLV Encoder 2.0
S3Display
S3Gamma2
S3Info2
S3Overlay
Samsung Media Studio
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shockwave
ShowBiz DVD
SigmaTel MSCNMMC Audio Player
Simple Installer - Multilanguage Version
SiS 900 PCI Fast Ethernet Adapter Driver
Sonic Update Manager
SpeedTouch USB
Steam
Steam-Down
System Requirements Lab
TI Connect 1.6
Ulead GIF Animator 5
Uninstall USB Storage RW Ver. 2.00.11.b04
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VideoLAN VLC media player 0.8.1
Visualboy Advance 1.6a
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Toolbar
YAWLE 0.5b
YP-T55
ZoneAlarm

Edited by frozenthunder, 18 December 2006 - 05:26 PM.

  • 0

#19
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi frozenthunder

After taking some advice, i'd like you to download and install Tuneup2007 run through the utilities it offers and let me know how things are running after. This is a time limited trial version.

Andy :whistling:
  • 0

#20
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
i think i really like that program. my computer seems to be working much better. although songs lag when im surfing the internet. i dont remember this happening before...but i can see some good differences ever since using the programme.... :whistling:
  • 0

#21
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Glad to hear things are better, I did hear that itunes released a dodgy update recently not sure if it's the cause of your problems though.

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
Only use one antivirus and one firewall, more than one may cause conflicts.

To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Andy :whistling:
  • 0

#22
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
oh no...im sorry...i forgot that i hid all the files and folders after you subsequent to first post. due to the fact that im not the only person using tye computer and others might meddle with system files. im very sorry...i read that at unhid all folders and did an avg scan in safe mode and avg found a trojan...it said it cleaned it but heres the log just in case...once again thansk for everything so far!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:48:50 PM 12/22/2006

+ Scan result:



C:\System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP263\A0119644.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP263\A0119645.dll -> Adware.Softomate : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Owner\Desktop\stuff on desktop\=)\B0NK_Public.exe -> Trojan.Delf.bcg : Cleaned.
C:\Documents and Settings\Owner\Desktop\stuff on desktop\=)\CurseIndiGunz3.5.exe -> Trojan.Delf.bcg : Cleaned.
C:\Documents and Settings\Owner\Desktop\stuff on desktop\=)\Emistrainer 3 public.exe -> Trojan.Delf.bcg : Cleaned.
C:\Documents and Settings\Owner\Desktop\stuff on desktop\=)\Loky_Trainer.exe -> Trojan.Delf.bcg : Cleaned.
C:\Documents and Settings\Owner\Desktop\stuff on desktop\=)\New Folder\CurseIndiGunz3.5.zip/CurseIndiGunz3.5.exe -> Trojan.Delf.bcg : Cleaned.
C:\Documents and Settings\Owner\Desktop\stuff on desktop\=)\SK_Trainer_1.1.exe -> Trojan.Delf.bcg : Cleaned.
C:\Documents and Settings\Owner\My Documents\E31T.rar/Emistrainer 3 public.exe -> Trojan.Delf.bcg : Cleaned.
C:\Documents and Settings\Owner\My Documents\index5.php -> Trojan.Delf.bcg : Cleaned.


::Report end

Edited by frozenthunder, 22 December 2006 - 02:16 AM.

  • 0

#23
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi frozenthunder

Don't worry about rehiding the system files that's ok.

It looks like this folder C:\Documents and Settings\Owner\Desktop\stuff on desktop contained some baddies, you may want to delete it assuming these nothing in it you require.

How many other user accounts are on this pc? are you able to get a HJT log from each account?

One other question, do you recognise this file C:\WINDOWS\StripS2.scr I cannot find much info on it, it is related to a screensaver though. If you do not recognize it, use one of the following free online scanners and post the results for me.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustota...h/index_en.html

Andy :whistling:
  • 0

#24
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
i deleted the folder called "=)" in 'C:\Documents and Settings\Owner\Desktop\stuff on desktop'

since i needed most of the other things in the 'stuff on desktop' folder.

as for the screensaver thing, someone must have sent it to me and i dont really need it. however, i cant find it in 'C:\WINDOWS'

Edited by frozenthunder, 22 December 2006 - 06:46 AM.

  • 0

#25
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
I'd like you to run an online scan.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Andy :whistling:

Edited by andydf, 23 December 2006 - 11:34 AM.

  • 0

Advertisements


#26
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
heres the log...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 24, 2006 4:11:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/12/2006
Kaspersky Anti-Virus database records: 253988
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 95109
Number of viruses found: 4
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:23:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\FilmLoop\DB\Main.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\FilmLoop\Logs\server.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___daniel bedingfield - second first impression - wrap my words around you(2).mp3 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\infected.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_50E0_C496_E0C4_83A6\dfsr.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_50E0_C496_E0C4_83A6\fsr.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_50E0_C496_E0C4_83A6\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_50E0_C496_E0C4_83A6\tmp.edb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006122420061225\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Cddb\288768\cddb.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_468.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_858.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6141.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF62A2.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFDAC7.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFDD6D.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFDDA3.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFE05A.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.Word\~WRS{40957220-48B9-4ECF-8E51-2488A935CB5F}.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.Word\~WRS{E2276A0C-1B67-4899-AD7F-592141F48B78}.tmp Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Pray what say you.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\~WRL{F7A68FE6-BB04-401E-85F2-2A5013E69FC1}.tmp Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\myspace.exe Infected: Trojan.Win32.VB.abv skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Steam-Down\Steam.log Object is locked skipped
C:\Program Files\Steam-Down\steamapps\winui.gcf Object is locked skipped
C:\Program Files\Steam-Down\SteamLogs\SteamStats.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP264\A0119703.exe Infected: Backdoor.Win32.Agent.vk skipped
C:\System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP280\A0130181.exe Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP280\A0130183.exe Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP281\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\YOUR-6S3LT0MYQT.ldb Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9373.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT02f83.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02f86.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#27
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
merry christmas!....due to the festive season you might have been busy but today morning my computer restarted twice by itself and i cant visit certain sites(this might be my own internet connection problem im not sure)

anyway i got the following logs just in case you might want to have a look at it....

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:18:17 PM 12/27/2006

+ Scan result:



:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdeo76o8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP280\A0130106.exe -> Trojan.Delf.bcg : Cleaned.
C:\System Volume Information\_restore{FC7B549B-A9DB-4F65-8D9B-B165C7FAB2D5}\RP280\A0130107.exe -> Trojan.Delf.bcg : Cleaned.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 4:20:25 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.124.2.15:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [IE Accelerator] D:\chess\Booster\IEAccelerator.exe /Auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam-Down\Steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Murasu Anjal.lnk = C:\Program Files\Murasu Systems\Anjal2000\anjal.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149309271765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1149309252640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#28
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi frozenthunder

Hope you had a good christmas, Kaspersky found this file c:\myspace.exe i'd like you to locate it and delete it.

I can't see anything that would cause your pc to restart, what were you doing at the time?

Which sites can you not get to, are they secure sites or just random sites?

Andy :whistling:
  • 0

#29
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
ok ive deleted the file...

and my computer might have restarted because of the low internet connectivty that i think that my area is recieving due to some rain storms recently...this might be the reason why i cannot view some websites and sign in to msn messenger...
  • 0

#30
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
It certainly sounds like your ISP my be having problems, what were you doing at the time of the restarts?

I am having major hardware problems at the moment so I may not be able to answer you as quick as I would like, please bear with me.

Andy :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP