Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple trojans - virus - system so slow [CLOSED]


  • This topic is locked This topic is locked

#1
Pakamit

Pakamit

    New Member

  • Member
  • Pip
  • 6 posts
I am new to the site and am impressed by the help you have given others with similar problems. I have done everything on your list for malware removal. Cleanup - Ad-Aware SE - CWShredder - Spybot - Ewido Security - AAVG - and Windows Update. I have rebooted and run HIJack This.

I am running Windows XP- Home Edition - Version 2002 SP1

Intel Celeron Processor - 902 MHZ - 120 MB Ram

I do use a linksys wireless-g 2.4 ghz broadband router for my laptop.

These problems are on my desktop unit , which is the one I have listed above.

My system is extremely slow...worse than any dialup!

Below is the HIJack This log.

Thanks for any help you can give me.

_______

Logfile of HijackThis v1.99.1
Scan saved at 10:00:07 AM, on 8/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\System32\lxamsp32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Pakamit\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://channels.aimt.../aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://red.clientapp.../ie/defaults/sb

/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Microsoft Internet Explorer
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: - {CF34E49F-AB6E-43C7-8409-7785D8BAC325} -

C:\WINDOWS\lbbho.dll (file missing)
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program

Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program

Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program

Files\LexmarkX63\ACMonitor_X63.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: &Google Search -

res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -

res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MyPoints -

file://C:\Program

Files\MyPointsPointAlert\System\Temp\mypoints_script0.ht

m
O8 - Extra context menu item: Open with &ZipScan -

C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O8 - Extra context menu item: Similar Pages -

res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -

res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: Ali Baba Slots TM by pogo -

http://slots.pogo.co...ts/alibaba-ob-a

ssets.cab
O16 - DPF: Arcsoft Web Uploader -

http://www.cartogra....dFileApplet.cab
O16 - DPF: Euchre by pogo -

http://euchre.pogo.c...chre/euchre-ob-

assets.cab
O16 - DPF: Hearts by pogo -

http://hearts.pogo.c...arts/hearts-ob-

assets.cab
O16 - DPF: Jungle Gin by pogo -

http://gin.pogo.com/...in-ob-assets.ca

b
O16 - DPF: Mah Jong Garden by pogo -

http://mahjong2.pogo...mahjong/mahjong

-ob-assets.cab
O16 - DPF: Multiline Slots by pogo -

http://game6.pogo.co...lots/mlslots-ob

-assets.cab
O16 - DPF: Phlinx by pogo -

http://flinger.pogo....linger/flinger-

ob-assets.cab
O16 - DPF: Pirate's Gold by pogo -

http://swashbucks11.....26/piratesgold

/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo -

]http://popfu.pogo.com/applet-5.9.4.22/popfu/popfu-ob-[bleep]

ets.cab
O16 - DPF: Sweet Tooth TM by pogo -

http://sweettooth.po...8/sweettooth/sw

eettooth-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo -

]http://peaks.pogo.com/applet-5.9.0.25/peaks/peaks-ob-[bleep]

ets.cab
O16 - DPF: Tumble Bees by pogo -

http://jumbee.pogo.c...mbee/jumbee-ob-

assets.cab
O16 - DPF: World Class Solitaire by pogo -

http://klondike.pogo...worldclass/worl

dclass-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.game...ents/y/potd_x.c

ab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.syma...Content/vc/bin/

AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A}

(Microsoft.WinRep) -

https://webresponse..../ActiveX/winrep

.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -

http://security.syma...Content/common/

bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai...61001/housecall.

trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM

Access Support) -

https://www.ibm.com/...common/download

/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} -

http://www.therealye...live/ezinit.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A}

(SDCInstaller Class) -

http://www.stamps.co...amps/stamps.cab?

r=0.0726318359375&file=stamps.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

(PopCapLoader Object) -

http://zone.msn.com/...popcaploader_v5

.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN

Money Ticker) -

http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}

(McFreeScan Class) -

http://download.mcaf.../vso/en-us/tool

s/mcfscan/1,5,0,4330/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}

(IMDownloader Class) -

http://www2.incredim...p/downloader/im

loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D}

(Hotmail Attachments Control) -

http://by12fd.bay12....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN

Chat Control 4.5) -

http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: MCPClient - C:\Program

Files\Common Files\Stardock\mcpstub.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner

- C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ewido security suite control - ewido

networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido

networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark

International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service

(SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Pakamit and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

when you post back, can you ensure that there is no spaces in the HiJackThis log, it makes it very difficult to read.

If you have resolved this issue please let us know.

thanks,

:tazz:

Excal
  • 0

#3
Pakamit

Pakamit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your quick response to my request for help. Here is the hijack this log that I just ran:

Logfile of HijackThis v1.99.1
Scan saved at 4:48:02 PM, on 8/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\System32\lxamsp32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: - {CF34E49F-AB6E-43C7-8409-7785D8BAC325} - C:\WINDOWS\lbbho.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.co...a-ob-assets.cab
O16 - DPF: Arcsoft Web Uploader - http://www.cartogra....dFileApplet.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.co...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11....d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.po...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/...ad/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2} - http://www.therealye...live/ezinit.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...330/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12....ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
You log looks pretty good, are you having more problems?


Open HiJackthis and do a scan. Check off the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: - {CF34E49F-AB6E-43C7-8409-7785D8BAC325} - C:\WINDOWS\lbbho.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


click FIX CHECKED. then close HJT and reboot

Run this online virus scan: ActiveScan - Please save and post the results from the scan!
  • 0

#5
Pakamit

Pakamit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the active scan. My computer is still running slow in opening different programs and windows. If this doesn't work is there anything else that we can check on?
Thanks again for your help.


Incident Status Location

Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\SYSTEM32\osmim.dll
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\SYSTEM32\osconfig.dll
Dialer:dialer.bny No disinfected C:\WINDOWS\pcconfig.dat
Spyware:spyware/bargainbuddy No disinfected C:\Program Files\Net2Phone CommCenter\CC_Versn.dll
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bg.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\c.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ce.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\q.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bi.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bl.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bo.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\i.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\r.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bt.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\b.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\d.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\f.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\l.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\s.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\a.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\m.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\n.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\j.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\p.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\w.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\x.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\y.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bu.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ba.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bb.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\be.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bf.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bh.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cb.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bj.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bk.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cf.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bn.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bp.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\br.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bs.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ch.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bw.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\bx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\t.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\by.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ca.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cj.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cd.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cg.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cn.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ci.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cu.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ck.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cv.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cm.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\co.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cs.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cp.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cq.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cr.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ct.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\da.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\cz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\db.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dc.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dd.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\de.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\u.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dv.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\df.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\di.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dw.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dl.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dx.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dm.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dn.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dp.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dy.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dr.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ds.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dt.class
Adware:Adware/MoeMoney No disinfected C:\Program Files\MyPointsPointAlert\System\Code\dz.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\du.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\ed.class
Adware:Adware/TopMoxie No disinfected C:\Program Files\MyPointsPointAlert\System\Code\h.class
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Pakamit,


Did you put this program on your computer? MyPointsPointAlert

The reason I ask is it is considered bad casued of its dubious privacy policy.
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\pcconfig.dat
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "no".

    Do that for the following files also, until you get to the last one, then click "yes" when HJT asks you to reboot.
C:\Program Files\Net2Phone CommCenter\CC_Versn.dll
C:\WINDOWS\SYSTEM32\osmim.dll
C:\WINDOWS\SYSTEM32\osconfig.dll



Thanks,

:tazz:

Excal
  • 0

#7
Pakamit

Pakamit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I did that last step and rebooted. I did put the mypoints on the computer but really don't need it if it is messing things up.

Also I have 36 running processing when i open windows task manager. the cpu usage ranges from 8% to 84 % and the commit charge is 172412K / 2448. It also shows in the performance tab the physical memory (k) as total 122352 - available 25396 ( this changes) and system cache 42496. I don't know what any of this means. I only had two appications showing as running when these figures were obtained - the geeks to go site and the mozilla start page.

Again thanks for your help.
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Create a Startup List:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notebook onto your post
Silent Runners:
  • Please click this link to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
  • Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

  • NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
    For some time it will look like nothing is happening. Just keep waiting.
  • Once it's done it will create a log. A window will come up telling you when it's saved. Please post that log here

  • 0

#9
Pakamit

Pakamit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here is the hijack this log with the startup list.

StartupList report, 8/17/2005, 10:46:26 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\System32\lxamsp32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Pakamit\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
PrinTray = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
lxamsp32.exe = lxamsp32.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Ali Baba Slots TM by pogo]
CODEBASE = http://slots.pogo.co...a-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Ali Baba Slots TM by pogo.osd

[Arcsoft Web Uploader]
CODEBASE = http://www.cartogra....dFileApplet.cab
OSD = C:\WINDOWS\Downloaded Program Files\readfile.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Euchre by pogo]
CODEBASE = http://euchre.pogo.c...e-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Euchre by pogo.osd

[Hearts by pogo]
CODEBASE = http://hearts.pogo.c...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Hearts by pogo.osd

[Jungle Gin by pogo]
CODEBASE = http://gin.pogo.com/...n-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Jungle Gin by pogo.osd

[Mah Jong Garden by pogo]
CODEBASE = http://mahjong2.pogo...g-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Mah Jong Garden by pogo.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Multiline Slots by pogo]
CODEBASE = http://game6.pogo.co...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Multiline Slots by pogo.osd

[Phlinx by pogo]
CODEBASE = http://flinger.pogo....r-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd

[Pirate's Gold by pogo]
CODEBASE = http://swashbucks11....d-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pirate's Gold by pogo.osd

[Pop Fu by pogo]
CODEBASE = http://popfu.pogo.co...u-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pop Fu by pogo.osd

[Sweet Tooth TM by pogo]
CODEBASE = http://sweettooth.po...h-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Sweet Tooth TM by pogo.osd

[Tri-Peaks by pogo]
CODEBASE = http://peaks.pogo.co...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tri-Peaks by pogo.osd

[Tumble Bees by pogo]
CODEBASE = http://jumbee.pogo.c...e-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tumble Bees by pogo.osd

[World Class Solitaire by pogo]
CODEBASE = http://klondike.pogo...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\World Class Solitaire by pogo.osd

[Yahoo! Pool 2]
CODEBASE = http://download.game...ts/y/potd_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd

[{00000161-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros.../i386/msaud.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...ector/swdir.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.micr...b?1082836187349

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yaho...s/yinst0401.cab

[{32564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/wmv8dmo.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[Microsoft.WinRep]
InProcServer32 = C:\WINDOWS\System32\Winrep.dll
CODEBASE = https://webresponse....iveX/winrep.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[IBM Access Support]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IbmEgath.dll
CODEBASE = https://www.ibm.com/...ad/IbmEgath.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft...free/asinst.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...38101.434525463

[{A1337CC4-FF8E-11D1-9C48-00A0CC20E0D2}]
CODEBASE = http://www.therealye...live/ezinit.cab

[SassCln Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll
CODEBASE = http://www.microsoft.../20/SassCln.CAB

[SDCInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SDCInstall.dll
CODEBASE = http://www.stamps.co...file=stamps.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://active.macrom...abs/swflash.cab

[PopCapLoader Object]
CODEBASE = http://zone.msn.com/...aploader_v5.cab

[MSN Money Ticker]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ticker13.ocx
CODEBASE = http://fdl.msn.com/p.../v13/ticker.cab

[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcaf...330/mcfscan.cab

[IMDownloader Class]
CODEBASE = http://www2.incredim...er/imloader.cab

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = http://by12fd.bay12....ex/HMAtchmt.ocx

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AOL Connectivity Service: C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-DillaCdaC11BA: C:\WINDOWS\System32\drivers\CDAC11BA.EXE (disabled)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CdaC15BA: \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (autostart)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
mchInjDrv: \??\C:\DOCUME~1\Pakamit\LOCALS~1\Temp\mc21.tmp (disabled)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
PORTMON: \??\C:\Documents and Settings\Pakamit\Desktop\PORTMSYS.SYS (manual start)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Logitech QuickCam Express: System32\DRIVERS\LVCM.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver: System32\DRIVERS\Rtlnic51.sys (manual start)
Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver: System32\DRIVERS\Rtlnicxp.sys (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (manual start)
SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
SpeakerPhone: System32\DRIVERS\HSF_SPKP.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{73D71FAA-62EE-4807-85FA-BB42B0283EEB} (manual start)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
trid3d: System32\DRIVERS\trid3dm.sys (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
USB Remote NDIS Network Device Driver: System32\DRIVERS\usb8023.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
VIA AC'97 Audio Controller (WDM): system32\drivers\viaudio.sys (manual start)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

0aMCPClient: C:\Program Files\Common Files\Stardock\MCPCore.dll
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\System32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 39,429 bytes
Report generated in 2.113 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



______________________________________________________________________

Here is the silent runner log:

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" ["Lexmark"]
"lxamsp32.exe" = "lxamsp32.exe" ["Lexmark International"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"THGuard" = ""C:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\upnpui.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FC6ABB6A-36E7-4622-841B-23687F423AE8}" = "ZipScanE"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ZipScan Evaluation\zscom.dll" ["Adrian Bhagat"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Stardock\MCPCore.dll" ["Stardock"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! MCPClient\DLLName = "C:\Program Files\Common Files\Stardock\mcpstub.dll" ["Stardock"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZipScanEval\(Default) = "{FC6ABB6A-36E7-4622-841B-23687F423AE8}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ZipScan Evaluation\zscom.dll" ["Adrian Bhagat"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
QuickFinderMenu\(Default) = "{C0E10002-0028-0002-C0E1-C0E1C0E1C0E1}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Corel\WORDPE~1\programs\pfse90.dll" ["Novell, Inc., c/o Corel Corporation Limited"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZipScanEval\(Default) = "{FC6ABB6A-36E7-4622-841B-23687F423AE8}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ZipScan Evaluation\zscom.dll" ["Adrian Bhagat"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Pakamit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Pakamit" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents And Settings\All Users\Start Menu\Programs\Startup
"AcBtnMgr_X63.exe" -> shortcut to: "C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe" ["Jetsoft Development Company"]
"ACMonitor_X63.exe" -> shortcut to: "C:\Program Files\LexmarkX63\ACMonitor_X63.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
---------------------------
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Delete bad service:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • click on "delete an NT service"
  • Copy and paste this in the box: mchInjDrv
  • Click "ok", then reboot
I think it would serve you well to clean your registry!
  • Please dowload: RegSeeker.
  • Click on "Clean The Registry" in the left panel.
  • Check all boxes (make sure the backup box in the lower left corner is selected!).
  • After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
  • Click "Quit RegSeeker".
Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, then it's clean!


also post me a fresh Silentrunners, ensure its completely done before grabbing the log, otherwise it will be incomplete.....thanks!


Excal
  • 0

#11
Pakamit

Pakamit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
am not able to delete that file mchInjDrv. message is "make sure the name is correct and it isn't running. should i go ahead and do the reg clean?
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
thats fine...yes go ahead


Excal
  • 0

#13
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP