Tech Support Forum - View Single Post

lonewolf2002 · 04-19-2006, 01:37 PM

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@112.2o7[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@adopt.hbmediapro[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@anm.co[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@c2.gostats[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@dist.belnk[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@errorsafe[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@gostats[1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@microsofteup.112.2o7[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@paypopup[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@toplist[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.burstbeacon[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.errorsafe[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@xmts[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@112.2o7[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@adopt.hbmediapro[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@anm.co[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@c2.gostats[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@dist.belnk[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@errorsafe[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@gostats[1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@microsofteup.112.2o7[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@paypopup[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@toplist[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.burstbeacon[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.errorsafe[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@xmts[1].txt
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\chrisg\Desktop\notepad files walkthrus some tech\EvID4226Patch223d-en.zip[EvID4226Patch.exe]
Virus:Eicar.Mod

Sorry about late update, Here is panda log i have not cleaned anything yet as ithink the virus is associated with pest patrol and is to do with testing pest patrol but please do correct me if im wrong.

And here is latest hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 20:38:34, on 19/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1141068812390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141068802906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Thanks for help

04-19-2006, 01:37 PM	#3 (permalink)
lonewolf2002 Registered User Join Date: Apr 2006 Posts: 5 OS: XP PRO	Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@112.2o7[2].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@adopt.hbmediapro[1].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@anm.co[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@belnk[1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@c2.gostats[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@dist.belnk[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@errorsafe[2].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@gostats[1].txt Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@microsofteup.112.2o7[1].txt Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@paypopup[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@toplist[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.burstbeacon[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.errorsafe[2].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.myaffiliateprogram[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@xiti[1].txt Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@xmts[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@112.2o7[2].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@adopt.hbmediapro[1].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@anm.co[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@belnk[1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@c2.gostats[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@dist.belnk[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@errorsafe[2].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@gostats[1].txt Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@microsofteup.112.2o7[1].txt Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@paypopup[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@toplist[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.burstbeacon[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.errorsafe[2].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@www.myaffiliateprogram[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@xiti[1].txt Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\chrisg\Cookies\chrisg@xmts[1].txt Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\chrisg\Desktop\notepad files walkthrus some tech\EvID4226Patch223d-en.zip[EvID4226Patch.exe] Virus:Eicar.Mod Sorry about late update, Here is panda log i have not cleaned anything yet as ithink the virus is associated with pest patrol and is to do with testing pest patrol but please do correct me if im wrong. And here is latest hijack this log. Logfile of HijackThis v1.99.1 Scan saved at 20:38:34, on 19/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe C:\Program Files\Lexmark X5100 Series\lxbabmon.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe D:\downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1141068812390 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141068802906 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe Thanks for help