Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mal ware clean up - hijack log

Started by tinybell , May 05 2008 12:57 AM

  • Please log in to reply

#1
tinybell
Posted 05 May 2008 - 12:57 AM

tinybell

    New Member

  • Member
  • Pip
  • 1 posts
My system got infected, ended up with a clean install. I tired using One Care and my system slowed up. Reading the postings, i ran all the scans and removed the following.
(There was one file on the Panda log - Dialer detected: Dialer.Gen - Path: C:\PaperPort11\Other\PagisConverter\German\data1.cab[convproc.exe] and the same on the "English". When i ran the active scan, it said that it needed permission to gain access to the file??? Do i need to remove anything from the hijack log? Thanks.

Log from Malwarebytes:

Malwarebytes' Anti-Malware 1.11
Database version: 712

Scan type: Full Scan (C:\|E:\|G:\|H:\|)
Objects scanned: 224797
Time elapsed: 2 hour(s), 16 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bszip.dll (Trojan.Agent) -> Quarantined and deleted successfully.

I tried FSecure to see if any other files were infected - log:

Scanning Report
02 May 2008 23:01:32 - 02:50:20
Computer name: AMD
Scanning type: Perform full computer check
Target: C:\ E:\ G:\ H:\ + system + rootkits


--------------------------------------------------------------------------------

Result: 73 malware found
Tracking Cookie (cookie)
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@zedo[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@tribalfusion[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@specificclick[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@real[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@questionmarket[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@live365[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@linksynergy[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@hitbox[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@fastclick[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@doubleclick[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@bluestreak[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@atdmt[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@advertising[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@adrevolver[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@2o7[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@247realmedia[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][3].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][4].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@spylog[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@mediaplex[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@tacoda[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@serving-sys[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@revsci[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@revenue[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@realmedia[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@overstock[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][3].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@casalemedia[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@buy[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@bizrate[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@apmebf[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@about[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@statcounter[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@indextools[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@roiservice[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@insightexpressai[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@kontera[2].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\al@com[1].txt Action: quarantined
C:\Documents and Settings\Al\Cookies\[email protected][1].txt Action: quarantined

I removed the Fsecure trial and install the panda trial.

Panda Internet Security 2008 incident report
Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All
INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan complete On-demand antivirus scan 05/04/08 08:23:59 Scan: Scanning the whole syste
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:58:53 Disinfected Path: Personal Folders\Saved\recharge \Recharge 10-25-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:58:53 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 10-24-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:58:52 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-31-99.doc
Virus detected: W97M/Class.D On-demand antivirus scan 05/04/08 07:58:52 Disinfected Path: Personal Folders\Saved\FW: \Broadcast-Sharon 3-19-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:58:52 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-26-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:58:52 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-27-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:58:52 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-29-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:58:52 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-3-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:58:52 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-17-99.doc
Hacking tool detected: Exploit/iFrame On-demand antivirus scan 05/04/08 07:56:17 Notified Path: Personal Folders\Sent Items\RE: A funny website
Virus detected: W97M/Class.D On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\FW: \Broadcast-Sharon 3-19-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-26-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-27-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-29-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-3-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-31-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\recharge \Recharge 10-25-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 10-24-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/04/08 07:52:26 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-17-99.doc
Hacking tool detected: Exploit/iFrame On-demand antivirus scan 05/04/08 07:50:38 Notified Path: Personal Folders\Sent Items\RE: A funny website
Dialer detected: Dialer.Gen On-demand antivirus scan 05/04/08 00:21:35 Notified Path: C:\PaperPort11\Other\PagisConverter\German\data1.cab[convproc.exe]
Dialer detected: Dialer.Gen On-demand antivirus scan 05/04/08 00:21:35 Notified Path: C:\PaperPort11\Other\PagisConverter\English\data1.cab[convproc.exe]
Scan started On-demand antivirus scan 05/03/08 23:47:01 Scan: Scanning the whole syste
Scan complete On-demand antivirus scan 05/03/08 23:46:00 Scan: Scanning the whole syste
Scan started On-demand antivirus scan 05/03/08 23:45:35 Scan: Scanning the whole syste
Scan complete On-demand antivirus scan 05/03/08 23:44:28 Scan: Scanning the whole syste
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:34:02 Disinfected Path: Personal Folders\Saved\recharge \Recharge 10-25-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:34:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 10-24-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:34:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-31-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:34:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-17-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:34:01 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-3-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:34:01 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-29-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:34:01 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-26-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:34:01 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-27-99.doc
Virus detected: W97M/Class.D On-demand antivirus scan 05/03/08 23:34:01 Disinfected Path: Personal Folders\Saved\FW: \Broadcast-Sharon 3-19-99.doc
Hacking tool detected: Exploit/iFrame On-demand antivirus scan 05/03/08 23:31:22 Notified Path: Personal Folders\Sent Items\RE: A funny website
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\recharge \Recharge 10-25-99.doc
Virus detected: W97M/Class.D On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\FW: \Broadcast-Sharon 3-19-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-26-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-27-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 7-29-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-3-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 10-24-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-31-99.doc
Virus detected: W97M/Ethan.BE On-demand antivirus scan 05/03/08 23:27:02 Disinfected Path: Personal Folders\Saved\Recharge\Recharge 8-17-99.doc
Hacking tool detected: Exploit/iFrame On-demand antivirus scan 05/03/08 23:25:00 Notified Path: Personal Folders\Sent Items\RE: A funny website
Hacking tool detected: Exploit/iFrame On-demand antivirus scan 05/03/08 23:25:00 Notified Path: Personal Folders\Sent Items\RE: A funny website
Scan started On-demand antivirus scan 05/03/08 22:26:04 Scan: Scanning the whole syste
Scan complete On-demand antivirus scan 05/03/08 22:25:22 Scan:
Scan started On-demand antivirus scan 05/03/08 22:25:05 Scan:
Update Update system 05/03/08 22:24:48 Correct Threat signatures
Update Update system 05/03/08 22:24:42 Correct Total threat signatures: 1845238
Enabled Antivirus protection 05/03/08 22:19:50 Correct
Than ran the hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:01 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://support.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Recorder.exe] [INSTALLDIR]Recorder.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://192.168.1.115...amPlayerWeb.ocx
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206865492558
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206865483074
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://rsf.ourlinksy...24/PlayerPT.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} (YBUICtrl.FloatWnd.1) - http://racing.youbet...ls/YBUICtrl.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) - http://support.magic...dows-i586-p.exe
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINDOWS\system32\slpservice.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 15541 bytes
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP