Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware, still on my comp? [CLOSED]


  • This topic is locked This topic is locked

#1
Jajo

Jajo

    Member

  • Member
  • PipPip
  • 56 posts
I have so many spyware removal tools trying to get "ICanNews" and "Aurora" and "YourSiteBar" and a trojan called nameswitch or something like that. Here is my Hijackthis log: please help me
Logfile of HijackThis v1.99.1
Scan saved at 3:57:44 PM, on 7/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\paugrate.exe
c:\windows\system32\lfjqrkk.exe
C:\Program Files\AceHide Free\AceHideFree.exe
C:\WINDOWS\System32\panmp32.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Justin\My Documents\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [qsng3mh] paugrate.exe
O4 - HKLM\..\Run: [lsbpmey] c:\windows\system32\lfjqrkk.exe r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [bB4mRgN7T] panmp32.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

If you can, Please help me. Thank you so much
-Justin
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Jajo and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
Jajo

Jajo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hey Excal, and thank you for helping me. Here's a fresh one.
Logfile of HijackThis v1.99.1
Scan saved at 9:54:49 AM, on 7/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\vfuvdlu.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Justin\My Documents\Hijackthis\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [cjbysvt] c:\windows\system32\vfuvdlu.exe r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120519197046
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

-Jajo
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Jajo,

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [cjbysvt] c:\windows\system32\vfuvdlu.exe r
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
SpyKiller is considered not to be a trusted Spyware Program, Rogue SpywareList


7. click the Fix Checked box

8. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

SpyKiller

9. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\SpyKiller

10. Please remove just the files from the following paths using Windows Explorer (if present):

:\windows\system32\vfuvdlu.exe

11. Run the program CleanUp!

12. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

13. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#5
Jajo

Jajo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hey Excal,

I checked the Hijacks, and deleted spywarekiller, but I cannot do the online virus scan. This computer has been temporarily put offline. It will be back online in about 2 weeks. But I dont think I can wait that long. Is there any other way I can get this done without activscan?
-Jajo
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Post me a new HiJackthis log please ;)

Basically the idea of the online scanner is to see if the malware that was infecting your machine left any random files behind. Do you have the ability to download a program?

If so can you do this:

Download Escan: http://www.mwti.net/...e_utilities.asp
Better to disable your own virusscanner while performing the next scan.

In scan-options, check everything.
also, scan all files
When done, click scan.

When the scan is done, you'll get an option to make a log. You'll get a long log.
Open that log and copy and paste all the lines/files where it says 'infected' in your next reply.

Don't copy and paste the lines from infected files that are present in recovery or backupfolders from antispywarescanner (eg adaware, spybot s&d) or your virusscanner. Those I don't need.
I don't need the infected files/lines that are present in your System Volume Information-folder.
I just want all the other infected ones apart from those above.

Thanks,

:tazz:

Excal
  • 0

#7
Jajo

Jajo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hey Excal, I am running the scan as we speak. I am going to have to finish this later. I have to go put a new radiator in my car. I will be back soon, If not today, then tomorrow. See you then :tazz:
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok, i will be here :tazz:



Excal
  • 0

#9
Jajo

Jajo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Alright here you go, Hijack log and the scan infect log:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:36 PM, on 7/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Justin\My Documents\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120519197046
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

SCAN:
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "FunWebProducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ToolBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\olepro32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\RICHTX32.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00014C0D-B007-4448-B89B-4EC3E857961D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\System32\scrrun.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}" refers to invalid object "C:\WINDOWS\System32\scrrun.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}" refers to invalid object "C:\WINDOWS\System32\scrrun.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22803C10-1FD3-11D5-BE64-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\g2p.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{250B0184-3052-4EFB-AAA7-24429B8C0627}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\CTABRI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}" refers to invalid object "C:\WINDOWS\System32\scrrun.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}" refers to invalid object "C:\WINDOWS\System32\RICHTX32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E97BE17-3300-4A4F-B380-5988DD771F1F}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\ares.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5696745A-F3BD-11D4-8A1D-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6833E600-F6D8-11D4-8A1F-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6EDA439D-F7C7-11d4-8A20-001083023C0D}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\IE_NDS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{724bb6a4-e526-450f-affa-ab9b45129111}" refers to invalid object "C:\WINDOWS\System32\wmv9dmod.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}" refers to invalid object "C:\WINDOWS\System32\RICHTX32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\System32\scrrun.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}" refers to invalid object "C:\WINDOWS\System32\scrrun.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{94432542-D41F-4C80-918D-1BFC90CED8A5}" refers to invalid object "C:\WINDOWS\system32\moexcl40.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOCUME~1\Justin\LOCALS~1\Temp\CMDLIN~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}" refers to invalid object "C:\WINDOWS\System32\RICHTX32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}" refers to invalid object "C:\WINDOWS\System32\RICHTX32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3852604-B619-11d6-94EC-00047521F020}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\nmpxchat\nmpxchat.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E981D791-F499-4837-A483-5AB22F1C548F}" refers to invalid object "C:\PROGRA~1\AMERIC~1.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}" refers to invalid object "C:\WINDOWS\System32\scrrun.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}" refers to invalid object "C:\WINDOWS\System32\mscomctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}" refers to invalid object "C:\WINDOWS\System32\mscomct2.ocx". Action Taken: No Action Taken.
Entry "HKCR\Context.test" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
Entry "HKCR\Context.test.1" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MoneySide.BrowserHelperObject" refers to invalid object "{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}". Action Taken: No Action Taken.
Entry "HKCR\MoneySide.BrowserHelperObject.10" refers to invalid object "{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\PopCapLoader.PopCapLoaderCtrl2.1" refers to invalid object "{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\Documents and Settings\Justin\My Documents\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\aim\unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\ICQ\UNWISE32.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\Common\unypsr.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\Installs\ymsgrie.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\Messenger\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\YPSR\unypsr.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\YPSR\updates\ypsr_prog_01.14.00_us_setup3_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP26\A0009885.exe infected by "Trojan-Downloader.Win32.Qoologic.p" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP26\A0010874.exe infected by "Trojan-Downloader.Win32.Qoologic.p" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP31\A0016163.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP31\A0016168.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0016197.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0016198.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0016199.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0016204.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0017204.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0017205.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0017206.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0017220.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0018221.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0018229.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0019229.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0019237.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP32\A0019244.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP33\A0019256.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP33\A0019269.exe tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP33\A0019276.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP33\A0019277.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP33\A0019278.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP33\A0019284.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP33\A0019291.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP34\A0020291.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP34\A0020292.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP34\A0020303.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP34\A0020304.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP34\A0020322.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP34\A0020330.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP34\A0020336.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.


Well there they are. Sorry it took so long, fords....heh...Anyways lets see what we can do.
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Not to bad, alot of invalid registry keys. Need to clean out your registry for sure!
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\Program Files\aim\unwise32.exe
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "no".

    Do that for the following files also, until you get to the last one, then click "yes" when HJT asks you to reboot.

C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
C:\Program Files\ICQ\UNWISE32.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE
C:\Program Files\Yahoo!\Common\unypsr.exe
C:\Program Files\Yahoo!\Installs\ymsgrie.exe
C:\Program Files\Yahoo!\Messenger\UNWISE.EXE
C:\Program Files\Yahoo!\YPSR\unypsr.exe
C:\Program Files\Yahoo!\YPSR\updates\ypsr_prog_01.14.00_us_setup3_.exe



reboot

I think it would serve you well to clean your registry!
  • Please dowload: RegSeeker.
  • Click on "Clean The Registry" in the left panel.
  • Check all boxes (make sure the backup box in the lower left corner is selected!).
  • After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
  • Click "Quit RegSeeker".
Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, then it's clean!
  • 0

Advertisements


#11
Jajo

Jajo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Alright, I did all of that. Need to see another hijack log or anything? Just to make sure its running smoothly.
  • 0

#12
Jajo

Jajo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Something wierd is happening also. . . I get this message that says: "This application has failed to start because OLEPRO32.DLL was not found. Re-installing the application may fix this problem." And on the top it says its a program called, "smc.exe". Whatever that is. . .
  • 0

#13
Jajo

Jajo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
That regseeker is not taking away, "YourSiteBar", Dang thing....If you could help me out with that, I would be greatley appreciative.
  • 0

#14
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
SMC is Sygate firewall. Do you have that? Or did you have it?

Let me see a start up list:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notebook onto your post
Thanks,

:tazz:

Excal
  • 0

#15
Jajo

Jajo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Ok, here it is. And that spyware called "YourSiteBar" is still here. I dont know how to get the dang thing off the registry.


StartupList report, 7/13/2005, 9:44:13 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Justin\My Documents\Hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Justin\My Documents\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Justin\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*No subkeys found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Anti-Virus Web Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....467&clcid=0x409

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yaho...nst_current.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.micros...b?1120519197046

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Java Plug-in 1.3.1]
InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1\bin\npjava131.dll
CODEBASE = http://java.sun.com/...all-131-win.cab

[Java Plug-in 1.3.1_02]
InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\npjava131_02.dll
CODEBASE = http://java.sun.com/...-131_02-win.cab

[Java Plug-in 1.5.0_01]
InProcServer32 = C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HSFHWBS2: System32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sygate Personal Firewall Pro: C:\Program Files\Sygate\SPF\smc.exe (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{76282031-B882-45B7-9A58-3683AC1B900C} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Driver for GPX TEC100 MP3 Players: System32\DRIVERS\TEC100.sys (manual start)
Teefer for NT: SYSTEM32\Drivers\Teefer.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SyGate for NT, wg3n: \SystemRoot\SYSTEM32\Drivers\wg3n.sys (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
wpsdrvnt: \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (system)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 30,364 bytes
Report generated in 0.234 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP