Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Guest652 HTJ Log - Virus/Malware Threat [CLOSED]


  • This topic is locked This topic is locked

#16
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements


#17
Cairne

Cairne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-04-01.2 - Gilad Kraus 2008-04-06 15:09:44.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.724 [GMT -7:00]
Running from: C:\Documents and Settings\Gilad Kraus\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gilad Kraus\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-02 15:41 . 2008-04-03 15:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 15:41 . 2008-04-02 15:41 <DIR> d-------- C:\Documents and Settings\Gilad Kraus\Application Data\SUPERAntiSpyware.com
2008-04-02 15:41 . 2008-04-02 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 01:42 . 2008-04-02 01:42 <DIR> d-------- C:\Program Files\Panda Security
2008-04-01 22:59 . 2008-04-01 22:59 <DIR> d-------- C:\Documents and Settings\Gilad Kraus\Application Data\Grisoft
2008-04-01 22:59 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 22:58 . 2008-04-01 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 02:26 . 2008-04-01 02:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-01 02:13 . 2008-04-01 02:41 <DIR> d-------- C:\SDFix
2008-04-01 01:21 . 2008-04-01 01:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 23:46 . 2008-03-26 23:46 <DIR> d-------- C:\Program Files\Curse
2008-03-25 20:02 . 2008-03-25 20:02 <DIR> d-------- C:\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 21:36 --------- d-----w C:\Program Files\SP2 Connection Patcher
2008-04-03 01:20 --------- d-----w C:\Program Files\World of Warcraft
2008-04-02 22:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 04:11 9,110,857 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-01 09:08 14,032 ----a-w C:\Documents and Settings\Gilad Kraus\Application Data\wklnhst.dat
2008-03-23 11:53 62,464 ----a-w C:\WINDOWS\Internet Logs\xDBE7.tmp
2008-03-20 19:47 82,628 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_20_12_41_10_small.dmp.zip
2008-03-20 19:41 2,066,944 ----a-w C:\WINDOWS\Internet Logs\xDBE6.tmp
2008-03-20 19:41 100,352 ----a-w C:\WINDOWS\Internet Logs\xDBE5.tmp
2008-03-19 23:14 --------- d-----w C:\Documents and Settings\Gilad Kraus\Application Data\uTorrent
2008-03-19 23:04 --------- d-----w C:\Program Files\XviD
2008-03-19 09:54 197,120 ----a-w C:\WINDOWS\Internet Logs\xDBE4.tmp
2008-03-09 11:30 204,800 ----a-w C:\WINDOWS\Internet Logs\xDBE3.tmp
2008-03-01 21:35 974,408 ----a-w C:\Program Files\WoW-2.3.3.7799-to-0.4.0.7897-enUS-downloader.exe
2008-02-27 10:20 332,288 ----a-w C:\WINDOWS\Internet Logs\xDBE2.tmp
2008-02-19 02:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-19 01:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 00:04 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-06 09:43 271,360 ----a-w C:\WINDOWS\Internet Logs\xDBE1.tmp
2008-01-21 13:00 249,344 ----a-w C:\WINDOWS\Internet Logs\xDBE0.tmp
2008-01-21 08:03 3,989,928 ----a-w C:\Documents and Settings\Gilad Kraus\WoW-2.3.2.7741-to-0.3.3.7799-enUS-patch.exe
2008-01-04 15:11 67,072 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp
2008-01-04 15:11 1,960,448 ----a-w C:\WINDOWS\Internet Logs\xDBDF.tmp
2007-12-31 13:11 89,600 ----a-w C:\WINDOWS\Internet Logs\xDBDC.tmp
2007-12-31 13:11 1,958,400 ----a-w C:\WINDOWS\Internet Logs\xDBDD.tmp
2007-12-28 13:17 50,176 ----a-w C:\WINDOWS\Internet Logs\xDBDB.tmp
2007-12-26 14:10 93,696 ----a-w C:\WINDOWS\Internet Logs\xDBD9.tmp
2007-12-26 14:10 1,955,840 ----a-w C:\WINDOWS\Internet Logs\xDBDA.tmp
2007-12-22 14:08 48,640 ----a-w C:\WINDOWS\Internet Logs\xDBD8.tmp
2007-12-21 12:10 48,128 ----a-w C:\WINDOWS\Internet Logs\xDBD7.tmp
2007-12-19 13:16 99,328 ----a-w C:\WINDOWS\Internet Logs\xDBD5.tmp
2007-12-19 13:16 1,933,312 ----a-w C:\WINDOWS\Internet Logs\xDBD6.tmp
2007-12-14 09:37 36,864 ----a-w C:\WINDOWS\Internet Logs\xDBD4.tmp
2007-12-13 09:30 37,888 ----a-w C:\WINDOWS\Internet Logs\xDBD3.tmp
2007-12-12 09:38 87,552 ----a-w C:\WINDOWS\Internet Logs\xDBD1.tmp
2007-12-12 09:38 1,925,632 ----a-w C:\WINDOWS\Internet Logs\xDBD2.tmp
2007-12-08 10:43 37,888 ----a-w C:\WINDOWS\Internet Logs\xDBCF.tmp
2007-12-08 10:43 1,923,072 ----a-w C:\WINDOWS\Internet Logs\xDBD0.tmp
2007-12-07 09:25 109,568 ----a-w C:\WINDOWS\Internet Logs\xDBCD.tmp
2007-12-07 09:25 1,922,560 ----a-w C:\WINDOWS\Internet Logs\xDBCE.tmp
2007-12-01 12:17 219,648 ----a-w C:\WINDOWS\Internet Logs\xDBCB.tmp
2007-12-01 12:17 1,914,368 ----a-w C:\WINDOWS\Internet Logs\xDBCC.tmp
2007-11-26 09:36 223,232 ----a-w C:\WINDOWS\Internet Logs\xDBC9.tmp
2007-11-26 09:36 1,909,248 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2007-11-22 13:02 68,096 ----a-w C:\WINDOWS\Internet Logs\xDBC8.tmp
2007-11-22 03:38 2,732,032 ----a-w C:\Program Files\ventrilo-3.0.1-Windows-i386.exe
2007-11-22 03:19 561,664 ----a-w C:\Program Files\ventrilo_srv-3.0.2-Windows.exe
2007-11-21 08:48 348,672 ----a-w C:\WINDOWS\Internet Logs\xDBC6.tmp
2007-11-21 08:48 1,904,640 ----a-w C:\WINDOWS\Internet Logs\xDBC7.tmp
2007-11-18 20:37 3,384,407 ----a-w C:\Program Files\AVICodecPackPlus-22.exe
2007-11-17 11:51 94,208 ----a-w C:\WINDOWS\Internet Logs\xDBC5.tmp
2007-11-12 14:24 49,664 ----a-w C:\WINDOWS\Internet Logs\xDBC4.tmp
2007-11-11 12:23 95,232 ----a-w C:\WINDOWS\Internet Logs\xDBC3.tmp
2007-11-07 09:16 47,616 ----a-w C:\WINDOWS\Internet Logs\xDBC2.tmp
2007-11-05 08:52 81,408 ----a-w C:\WINDOWS\Internet Logs\xDBC1.tmp
2007-11-04 09:19 122,368 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
2007-10-29 08:32 114,176 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp
2007-10-29 08:32 1,868,288 ----a-w C:\WINDOWS\Internet Logs\xDBBF.tmp
2007-10-24 22:31 1,857,024 ----a-w C:\WINDOWS\Internet Logs\xDBBD.tmp
2007-10-23 08:33 167,936 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp
2007-10-21 13:51 1,851,392 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp
2007-10-17 08:37 61,952 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp
2007-10-15 09:27 89,088 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp
2007-10-11 09:57 89,088 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp
2007-10-08 08:51 247,808 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp
2007-10-08 08:51 1,830,912 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp
2007-10-03 22:50 6,016,952 ----a-w C:\Program Files\Firefox Setup 2.0.0.7.exe
2007-09-30 23:53 138,240 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp
2007-09-29 09:48 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-09-27 06:01 320 ----a-w C:\Program Files\members
2007-09-27 05:55 658,840 ----a-w C:\Program Files\VoxWare_MSA_CoDec.zip
2007-09-26 04:22 131,656 ----a-w C:\Documents and Settings\Gilad Kraus\Application Data\GDIPFONTCACHEV1.DAT
2007-09-24 08:08 54,272 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp
2007-09-22 10:01 118,784 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp
2007-09-22 05:45 35,408,350 ----a-w C:\Program Files\hitmandemo2.zip
2007-09-16 10:35 218,112 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp
2007-09-16 10:35 1,779,712 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp
2007-09-05 06:56 121,856 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp
2007-08-31 11:04 73,216 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp
2007-08-31 11:04 1,751,040 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp
2007-08-29 06:40 45,056 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp
2007-08-28 09:29 39,424 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp
2007-08-28 09:29 1,739,776 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2007-08-28 07:13 112,640 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp
2007-08-26 11:22 96,256 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp
2007-08-25 21:29 1,675,302 ----a-w C:\Program Files\fdminst.exe
2007-08-25 11:34 1,730,048 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp
2007-08-23 10:58 137,728 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2007-08-23 10:58 1,729,024 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2007-08-17 10:21 47,104 -c--a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2007-08-17 10:21 1,723,904 -c--a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2007-08-16 11:41 128,000 -c--a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2007-08-16 11:41 1,720,320 -c--a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2007-08-14 10:42 1,717,760 -c--a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2007-08-10 11:27 1,715,200 -c--a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2007-08-09 08:43 147,968 -c--a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2007-08-09 08:43 1,711,616 -c--a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2007-08-07 07:31 1,710,592 -c--a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2007-08-02 09:16 213,504 -c--a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2007-08-02 09:16 1,707,520 -c--a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2004-10-27 23:55 56 --sh--r C:\WINDOWS\system32\9765A91937.sys
.

------- Sigcheck -------

2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$hf_mig$\KB893066\SP2GDR\tcpip.sys
2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2005-05-25 12:41 339968 228b0385bbfca24332fa22db45a8b684 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-11-13 13:38 359808 14143695e27b2718dee96ea2e50428b3 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-02-18 14:01 359808 eb98d5e55321cefd803e8173dbb000db C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-10-06 16:52 359808 ba57942c0029b0878afba052a3e33689 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-01-09 07:56 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [email protected]_21.17.18.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-02 22:41:36 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-02 22:41:36 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-04-01 22:57:06 96,700 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-06 21:39:46 96,700 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-01 22:57:06 523,164 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-06 21:39:47 523,164 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SP2 Connection Patcher"="C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" [2005-05-10 08:41 409600]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-13 18:11 67128]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 08:20 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 21:23 68856]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16 4670968]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-01-30 13:33 477696]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-04-10 04:52 270336]
"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 17:20 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-20 13:06 180269]
"MediaLifeService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 22:23 110739]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 19:10 249896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38 968696]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-03 17:09 157696]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-26 19:37:50 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-13 18:11:09 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2001-02-03 01:01:11 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-04-20 13:06 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Documents and Settings\\Gilad Kraus\\My Documents\\download\\firedragons23\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-0.0.7.6373-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-0.0.12.6531-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.1.0.6729-to-2.1.1.6739-enUS-downloader.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.1.1.6739-to-2.1.2.6803-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.1.1.6739-to-0.1.2.6757-enUS-downloader.exe"=
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.1.2.6803-to-2.1.3.6898-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.1.3.6898-to-0.2.0.6932-enUS-downloader.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.1.3.6898-to-2.2.0.7272-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.2.0.7272-to-0.2.2.7304-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.2.0.7272-to-2.2.2.7318-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.2.2.7318-to-2.2.3.7359-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.2.3.7359-to-2.3.0.7561-enUS-downloader.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.2.7741-to-2.3.3.7799-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.7897-to-0.4.0.7923-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.7923-to-0.4.0.7948-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.7948-to-0.4.0.7958-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.7958-to-0.4.0.7962-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.7962-to-0.4.0.7979-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.7979-to-0.4.0.7994-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.7994-to-0.4.0.8016-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.8016-to-0.4.0.8031-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.8031-to-0.4.0.8049-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.8049-to-0.4.0.8063-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.4.0.8063-to-0.4.0.8089-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6119:TCP"= 6119:TCP:Warcraft 3:TFT
"4000:TCP"= 4000:TCP:WC3
"4000:UDP"= 4000:UDP:WC3
"6112:TCP"= 6112:TCP:WC3
"6112:UDP"= 6112:UDP:WC3
"6113:TCP"= 6113:TCP:WC3
"6113:UDP"= 6113:UDP:WC3
"6114:TCP"= 6114:TCP:WC3
"6114:UDP"= 6114:UDP:WC3
"6115:TCP"= 6115:TCP:WC3
"6115:UDP"= 6115:UDP:WC3
"6116:TCP"= 6116:TCP:WC3
"6116:UDP"= 6116:UDP:WC3
"6117:TCP"= 6117:TCP:WC3
"6117:UDP"= 6117:UDP:WC3
"6118:TCP"= 6118:TCP:WC3
"6118:UDP"= 6118:UDP:WC3
"6119:UDP"= 6119:UDP:WC3
"3724:UDP"= 3724:UDP:WoW
"6881:TCP"= 6881:TCP:WoW
"6999:TCP"= 6999:TCP:Wow
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 07:05]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 07:05]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 07:05]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 07:05]

*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 04:15:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 15:15:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 15:16:51
ComboFix-quarantined-files.txt 2008-04-06 22:16:33
ComboFix2.txt 2008-04-04 04:41:04
ComboFix3.txt 2008-04-02 05:16:05
ComboFix4.txt 2008-04-02 04:17:40
Pre-Run: 6,621,274,112 bytes free
Post-Run: 6,602,133,504 bytes free
.
2008-03-12 09:03:45 --- E O F ---


________________________________________________________________________________
____________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:52 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11471 bytes
  • 0

#18
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Sorry about the delay. How is the computer running now?
  • 0

#19
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP