Thread: Critical System Errors!
View Single Post
Old 12-04-2006, 07:33 PM   #7 (permalink)
shark3189
Registered User
 
Join Date: Jul 2004
Posts: 85
OS: Windows XP


I have no idea why I haven't updated to SP2, I thought I did a long time ago but apparently I never did. Anyway, here are the logs:

SmitFraudFix v2.127

Scan done at 18:30:50.46, 12/03/2006
Run from C:\Documents and Settings\MD\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"

[HKEY_CLASSES_ROOT\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}\InProcServer32]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\migicons.exe Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VirusBursters\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:31:19 PM 12/03/2006

+ Scan result:



C:\WINDOWS\SYSTEM32\cacore.dll -> Adware.Coupons : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.44:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.45:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.46:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.533:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.54:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.78:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.79:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.80:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.83:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.308:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.309:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.114:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.838:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.172:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.173:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.174:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.175:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.667:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.874:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.875:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.876:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.842:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Quarterserver : Cleaned.
:mozilla.150:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.151:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.155:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.177:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.178:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.179:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.180:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.183:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.184:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.188:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.189:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.190:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.191:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.192:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.193:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.195:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.198:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.200:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.536:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.363:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.364:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.365:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.808:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\default.77v\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Mark's Folder\Soldat\1.3\Speed_Hack.zip/speed_hack/undetected speedhack/c5x1.dll -> Trojan.Agent.a : Cleaned with backup (quarantined).
C:\Mark's Folder\Soldat\1.3\Speed_Hack.zip/speed_hack/undetected speedhack/s3r.dll -> Trojan.Agent.d : Cleaned with backup (quarantined).


::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 04, 2006 9:17:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/12/2006
Kaspersky Anti-Virus database records: 248059
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
I:\

Scan Statistics:
Total number of scanned objects: 125708
Number of viruses found: 11
Number of infected objects: 22 / 0
Number of suspicious objects: 1
Duration of the scan process: 01:22:39

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM32\DRIVERS\sptd0269.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\mIRC\mirc.exe.bak Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03900000.VBN Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00C40000.VBN Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN Infected: Trojan-PSW.Win32.Sagic.15 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN Infected: not-a-virus:PSWTool.Win32.Brutus skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06F40000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06780000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06780000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06780000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06780000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06780000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06F40001.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00FC0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01000000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E80000.VBN Infected: Trojan-Downloader.Win32.Zlob.abw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E80002.VBN Infected: Trojan-Downloader.Win32.Zlob.abw skipped
C:\Documents and Settings\MD\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Temp\~DF3357.tmp Object is locked skipped
C:\Documents and Settings\MD\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\MD\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\MD\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\MD\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MD\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MD\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\System Volume Information\_restore{54A708CC-4098-4B73-B137-FDCCC63519A9}\RP286\change.log Object is locked skipped
C:\hijackthis\backups\backup-20051213-211450-883.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped

Scan process completed.

MD - 12/04/2006@21:27:33.05
running from C:\Documents and Settings\MD\Desktop\Autoruns\

Other users of this machine:
* Administrator

----------------------------------------------------------------------------------

HKLM\System\CurrentControlSet\Services
AVG Anti-Spyware Guard
AVG Anti-Spyware guard
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
Crypkey License
CrypKey NT Service
(Not verified) Kenonic Controls Ltd.
c:\windows\system32\crypserv.exe
DefWatch
Virus Definition Daemon
(Not verified) Symantec Corporation
c:\program files\symantec_client_security\symantec antivirus\defwatch.exe
Norton AntiVirus Server
Provides real-time virus scanning, reporting, and management functionality for Symantec Client Security.
(Not verified) Symantec Corporation
c:\program files\symantec_client_security\symantec antivirus\rtvscan.exe
NVSvc
Provides system and desktop level support to the NVIDIA display driver
(Not verified) NVIDIA Corporation
c:\windows\system32\nvsvc32.exe
Pml Driver HPZ12
PML Driver
(Not verified) HP
c:\windows\system32\hpzipm12.exe
SoundMAX Agent Service (default)
SoundMAX service agent component
(Not verified) Analog Devices, Inc.
c:\program files\analog devices\soundmax\smagent.exe
StyleXPService
StyleXPService Module
c:\program files\tgtsoft\stylexp\stylexpservice.exe
vsmon
Monitors internet traffic and generates alerts for disallowed access.
(Verified) Check Point Software Technologies Inc.
c:\windows\system32\zonelabs\vsmon.exe

HKLM\System\CurrentControlSet\Services
ASAPIW2k
ASAPI
(Not verified) Pinnacle Systems GmbH
c:\windows\system32\drivers\asapiw2k.sys
AVG Anti-Spyware Driver
c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
AvgAsCln
AVG7 Clean Driver
(Not verified) GRISOFT, s.r.o.
c:\windows\system32\drivers\avgascln.sys
BANTExt
c:\windows\system32\drivers\bantext.sys
DCamUSBSQTECH
Universal Serial Bus Camera Driver
(Not verified) Service & Quality Technology.
c:\windows\system32\drivers\sqcaptur.sys
drvmcdb
Device Driver
(Not verified) VERITAS Software, Inc.
c:\windows\system32\drivers\drvmcdb.sys
EagleNT
File not found: C:\WINDOWS\System32\drivers\EagleNT.sys
FGUARD32
Folder Guard Device Driver
(Not verified) WinAbility® Software Corporation
c:\program files\folder guard pro xp\fguard32.sys
FILESpy
File not found: C:\Program Files\BullGuard\filespy.sys
GEARAspiWDM
CD/DVD Class Filter Driver
(Verified) GEAR Software Inc.
c:\windows\system32\drivers\gearaspiwdm.sys
giveio
c:\windows\system32\giveio.sys
imagedrv
NERO IMAGEDRIVE SCSI miniport
(Not verified) Ahead Software AG
c:\windows\system32\drivers\imagedrv.sys
imagesrv
Nero Image Server
(Not verified) Ahead Software AG
c:\windows\system32\drivers\imagesrv.sys
NAVAP
AutoProtect
(Not verified) Symantec Corporation
c:\program files\symantec_client_security\symantec antivirus\navap.sys
NAVAPEL
NAVAPEL
(Not verified) Symantec Corporation
c:\program files\symantec_client_security\symantec antivirus\navapel.sys
NAVENG
AV Engine
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\virusdefs\20061129.017\naveng.sys
NAVEX15
AV Engine
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\virusdefs\20061129.017\navex15.sys
NetworkX
c:\windows\system32\ckldrv.sys
NPF
NPF Driver - TME extensions
(Not verified) Politecnico di Torino
c:\windows\system32\drivers\npf.sys
nv
NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.94
(Not verified) NVIDIA Corporation
c:\windows\system32\drivers\nv4_mini.sys
padenum
Enumerador NTPAD
(Not verified) Windows (R) 2000 DDK provider
c:\windows\system32\drivers\padenum.sys
PCLEPCI
PCLEPCI
(Not verified) Pinnacle Systems GmbH
c:\windows\system32\drivers\pclepci.sys
PxHelp20
Px Engine Device Driver for Windows 2000/XP
(Not verified) Sonic Solutions
c:\windows\system32\drivers\pxhelp20.sys
REGSpy
File not found: C:\Program Files\BullGuard\regspy.sys
RioS10
RioS10.sys
(Not verified) SonicBlue Inc.
c:\windows\system32\drivers\rios10.sys
rxp
File not found: C:\WINDOWS\system32\drivers\rxp.sys
SbcpHid
File not found: C:\WINDOWS\System32\Drivers\SbcpHid.sys
Secdrv
SafeDisc driver
(Not verified) Macrovision Europe Ltd
c:\windows\system32\drivers\secdrv.sys
sfdrv01
StarForce Protection Environment Driver
(Not verified) Protection Technology
c:\windows\system32\drivers\sfdrv01.sys
sfhlp02
StarForce Protection Helper Driver
(Not verified) Protection Technology
c:\windows\system32\drivers\sfhlp02.sys
sfsync02
StarForce Protection Synchronization Driver
(Not verified) Protection Technology
c:\windows\system32\drivers\sfsync02.sys
SMBios
Intel(R) System Management BIOS Driver
(Not verified) Intel Corporation
c:\windows\system32\drivers\smbios.sys
speedfan
SpeedFan Device Driver
(Not verified) Windows (R) 2000 DDK provider
c:\windows\system32\speedfan.sys
sptd
c:\windows\system32\drivers\sptd.sys
srescan
srescan
(Verified) Check Point Software Technologies Inc.
c:\windows\system32\zonelabs\srescan.sys
StyleXPHelper
StyleXP
(Not verified) Windows (R) 2000 DDK provider
c:\program files\tgtsoft\stylexp\stylexphelper.exe
SymEvent
Symantec Event Library
(Verified) Symantec Corporation
c:\program files\symantec\symevent.sys
vaxscsi
SCSI miniport
(Verified) DAEMON Tools Code Signing Services
c:\windows\system32\drivers\vaxscsi.sys
VendorJoystickEnabler
NTPAD Console GamePad Controller for Windows 2000
(Not verified) Triforce
c:\windows\system32\drivers\ntpad.sys
vsdatant
TrueVector Device Driver
(Verified) Check Point Software Technologies Inc.
c:\windows\system32\vsdatant.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
NavLogon
File not found: C:\WINDOWS\System32\NavLogon.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
hpzlnt07
(Not verified) HP
c:\windows\system32\hpzlnt07.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Smapp
SoundMAX System Tray
(Not verified) Analog Devices, Inc.
c:\program files\analog devices\soundmax\smtray.exe
IntelliType
Microsoft IntelliType Pro
(Not verified) Microsoft Corporation
c:\program files\microsoft hardware\keyboard\type32.exe
HPDJ Taskbar Utility
(Not verified) HP
c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
vptray
Symantec AntiVirus
(Not verified) Symantec Corporation
c:\program files\symantec_client_security\symantec antivirus\vptray.exe
dla
Direct Access Component
(Not verified) VERITAS Software, Inc.
c:\windows\system32\dla\tfswctrl.exe
StorageGuard
VERITAS Update Manager
(Not verified) VERITAS Software, Inc.
c:\program files\veritas software\update manager\sgtray.exe
NeroFilterCheck
NeroCheck
(Not verified) Ahead Software Gmbh
c:\windows\system32\nerocheck.exe
AtiPTA
ATI Desktop Control Panel
(Not verified) ATI Technologies, Inc.
c:\windows\system32\atiptaxx.exe
PinnacleDriverCheck
c:\windows\system32\psdrvcheck.exe
USBToolTip
USBTip MFC Application
(Not verified) Pinnacle Systems
c:\program files\pinnacle\shared files\programs\usbtip\usbtip.exe
SunJavaUpdateSched
Java(TM) 2 Platform Standard Edition binary
(Not verified) Sun Microsystems, Inc.
c:\program files\java\jre1.5.0_09\bin\jusched.exe
IntelliPoint
Point32.exe
(Not verified) Microsoft Corporation
c:\program files\microsoft intellipoint\point32.exe
HP Software Update
Hewlett-Packard Product Assistant
(Not verified) Hewlett-Packard Co.
c:\program files\hp\hp software update\hpwuschd2.exe
NvCplDaemon
NVIDIA Display Properties Extension
(Not verified) NVIDIA Corporation
c:\windows\system32\nvcpl.dll
nwiz
NVIDIA nView Wizard, Version 110.09
(Not verified) NVIDIA Corporation
c:\windows\system32\nwiz.exe
NvMediaCenter
NVIDIA Media Center Library
(Not verified) NVIDIA Corporation
c:\windows\system32\nvmctray.dll
Zone Labs Client
Zone Labs Client
(Verified) Check Point Software Technologies Inc.
c:\program files\zone labs\zonealarm\zlclient.exe
QuickTime Task
QuickTime Task
(Not verified) Apple Computer, Inc.
c:\program files\quicktime alternative\qttask.exe
iTunesHelper
iTunesHelper Module
(Verified) Apple Computer, Inc.
c:\program files\itunes\ituneshelper.exe
!AVG Anti-Spyware
AVG Anti-Spyware
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe

HKLM\SOFTWARE\Classes\Protocols\Filter
application/octet-stream
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-complus
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-msdownload
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler
belarc
Belarc VoilaX Control
(Not verified) Belarc, Inc.
c:\program files\belarc\advisor\system\bavoilax.dll
ms-help
Microsoft® Help Data Services Module
(Not verified) Microsoft Corporation
c:\program files\common files\microsoft shared\help\hxds.dll
msnim
MSN Messenger Protocol Handler
(Not verified) Microsoft Corporation
c:\program files\msn messenger\msgrapp.dll

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
n/a
Microsoft .NET IE SECURITY REGISTRATION
(Not verified) Microsoft Corporation
c:\windows\system32\mscories.dll
CRLUpdate
UPDCRL
(Not verified) Microsoft Corporation
c:\windows\system32\updcrl.exe
Power Policy Settings
File not found: setupx.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Printkey2000.lnk
(Not verified) Fred's Software
c:\program files\printkey2000\printkey2000.exe
HP Digital Imaging Monitor.lnk
HP Digital Imaging Monitor
(Not verified) Hewlett-Packard Co.
c:\program files\hp\digital imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk
HP Image Zone
(Not verified) Hewlett-Packard Co.
c:\program files\hp\digital imaging\bin\hpqthb08.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
STYLEXP
StyleXP Application
c:\program files\tgtsoft\stylexp\stylexp.exe

Task Scheduler
Tune-up Application Start.job
File not found: walign
AppleSoftwareUpdate.job
Software Application
(Verified) Apple Computer, Inc.
c:\program files\apple software update\softwareupdate.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
SSVHelper Class
Java(TM) 2 Platform Standard Edition binary
(Not verified) Sun Microsystems, Inc.
c:\program files\java\jre1.5.0_09\bin\ssv.dll
CoTGT_BHO Class
c:\program files\tgtsoft\stylexp\tgt_bho.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
AVG Anti-Spyware 7.5
AVG Anti-Spyware shellexecutehook
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Display Panning CPL Extension
File not found: deskpan.dll
Thumbnails
Thumbnail View Extension
(Not verified) Microsoft Corporation
c:\windows\system32\thumbvw.dll
IntelliType Pro Key Settings Control Panel Property Page
Microsoft IntelliType Pro
(Not verified) Microsoft Corporation
c:\program files\microsoft hardware\keyboard\itcpl.dll
Shell Extensions for RealOne Player
RealPlayer Shell Extensions
(Not verified) RealNetworks, Inc.
c:\program files\real\realone player\rpshell.dll
RD1021/1071 Lyra Personal Audio Player ApplicationsShell Hook
RD1021/1071 Lyra Personal Audio Player Shell Extension
(Not verified) Thomson Inc.
c:\windows\system32\thmsn21h.dll
Default Image Extrator for Properties
Thumbnail View Extension
(Not verified) Microsoft Corporation
c:\windows\system32\thumbvw.dll
LDVP Shell Extensions
Symantec AntiVirus
(Not verified) Symantec Corporation
c:\program files\common files\symantec shared\ssc\vpshell2.dll
WinRAR shell extension
c:\program files\winrar\rarext.dll
DriveLetterAccess
Direct Access Component
(Not verified) VERITAS Software, Inc.
c:\windows\system32\dla\tfswshx.dll
WinZip
WinZip Shell Extension DLL
(Not verified) WinZip Computing, Inc.
c:\program files\winzip\wzshlstb.dll
WinZip
WinZip Shell Extension DLL
(Not verified) WinZip Computing, Inc.
c:\program files\winzip\wzshlstb.dll
WinZip
WinZip Shell Extension DLL
(Not verified) WinZip Computing, Inc.
c:\program files\winzip\wzshlstb.dll
WinZip
WinZip Shell Extension DLL
(Not verified) WinZip Computing, Inc.
c:\program files\winzip\wzshlstb.dll
iTunes
iTunes Mini Player DLL
(Verified) Apple Computer, Inc.
c:\program files\itunes\itunesminiplayer.dll
Fusion Cache
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
IntelliPoint Wireless Control Panel Property Page
ipcplwir.dll
(Not verified) Microsoft Corporation
c:\program files\microsoft intellipoint\ipcplwir.dll
IntelliPoint Wheel Control Panel Property Page
ipcplwhl.dll
(Not verified) Microsoft Corporation
c:\program files\microsoft intellipoint\ipcplwhl.dll
IntelliPoint Activities Control Panel Property Page
ipcplact.dll
(Not verified) Microsoft Corporation
c:\program files\microsoft intellipoint\ipcplact.dll
IntelliPoint Buttons Control Panel Property Page
ipcplbtn.dll
(Not verified) Microsoft Corporation
c:\program files\microsoft intellipoint\ipcplbtn.dll
NvCpl DesktopContext Class
NVIDIA Display Properties Extension
(Not verified) NVIDIA Corporation
c:\windows\system32\nvcpl.dll
Desktop Explorer
NVIDIA Desktop Explorer, Version 110.09
(Not verified) NVIDIA Corporation
c:\windows\system32\nvshell.dll
Desktop Explorer Menu
NVIDIA Desktop Explorer, Version 110.09
(Not verified) NVIDIA Corporation
c:\windows\system32\nvshell.dll
nView Desktop Context Menu
NVIDIA Desktop Explorer, Version 110.09
(Not verified) NVIDIA Corporation
c:\windows\system32\nvshell.dll
Play on my TV helper
NVIDIA Display Properties Extension
(Not verified) NVIDIA Corporation
c:\windows\system32\nvcpl.dll
EditPlus Context Menu Handler
c:\program files\editplus 2\eppshell.dll
ShellLink for Application References
Application Deployment Support Library
(Not verified) Microsoft Corporation
c:\windows\system32\dfshim.dll
Shell Icon Handler for Application References
Application Deployment Support Library
(Not verified) Microsoft Corporation
c:\windows\system32\dfshim.dll
PowerISO
PowerISOShell DLL
(Not verified) PowerISO Computing, Inc.
c:\program files\poweriso\pwrisosh.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Microsoft Outlook Custom Icon Handler
Microsoft Outlook Shell Hook for Start/Find
(Not verified) Microsoft Corporation
c:\program files\microsoft office\office\olkfstub.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions
AIM
AOL Instant Messenger
(Verified) America Online, Inc.
c:\program files\aim\aim.exe
Messenger
Messenger
(Not verified) Microsoft Corporation
c:\program files\messenger\msmsgs.exe

Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
AIM 6.0
AOL Instant Messenger
Apple Software Update
ATI Display Driver
AVG Anti-Spyware 7.5
Azureus
BearShare
Belarc Advisor 7.0
CCleaner (remove only)
Cheating-Death 4.33.4
CIS RecordNow DX
CIS RecordNow DX Update Manager
CleanUp!
Command & Conquer Red Alert 2
Command && Conquer Red Alert 2 - Yuri's Revenge
DFX for Windows Media Player
DivX
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
dvdSanta 4.00
EditPlus 2
EVEREST Corporate Edition v2.50
EVGA Display Driver
Folder Guard
GameSpy Arcade
HijackThis 1.99.1
HP Extended Capabilities 4.7
HP Image Zone 4.7
hp instant support
HP PSC & OfficeJet 4.7
HP Software Update
IMSI Applications
InterActual Player
Internet Explorer Q831167
iPod for Windows 2006-03-23
iPod Updater 2004-11-15
Ipswitch WS_FTP Professional 2006
iTunes
J2SE Development Kit 5.0 Update 9
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_05
JCreator LE 3.50
Kaspersky Online Scanner
LEGO Star Wars II
LimeWire 4.10.9
LiveUpdate 1.90 (Symantec Corporation)
Logitech Gaming Software
Macro Express 3
Macromedia Shockwave Player
Media Library Management Wizard
Microangelo Toolset 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft IntelliType Pro 2.2
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office FrontPage 2003
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Web Publishing Wizard 1.53
mIRC
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (1.5)
Mozilla Firefox (2.0)
MSN Messenger 7.5
MSXML 6.0 Parser
MUSICMATCH® Jukebox
Nero 6 Ultra Edition
Oblivion
Panda ActiveScan
Passware Kit 6.1
Personal License Update Wizard for Windows Media Player
PowerDVD
PowerISO
PrintKey2000
PrintMaster Platinum 4.00
QuickTime
QuickTime Alternative 1.75
RD1021/1071 Lyra Personal Audio Player Applications
RealPlayer
Rio Music Manager
SC-KeyLog 2.25
Soldat 1.3
Sony DVD Architect 3.0c
SoundMAX
SpeedFan (remove only)
Spy Sweeper
Spybot - Search & Destroy 1.3.1 TX
SpywareBlaster v3.2
Steam
Studio 9
StyleXP (remove only)
SwiftSwitch
The Games Factory
Update for Windows XP (KB898461)
VERITAS DLA
Viewpoint Media Player
Vitalize!
Web Savings from Ebates
Westwood Shared Internet Components
Windows Installer 3.0 (KB884016)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB842773
Windows XP Uninstall
WinRAR archiver
WinZip
Wolverine-Theme.zip
Xfire (remove only)
XviD 1.1 final uninstall
ZoneAlarm Pro

Logfile of HijackThis v1.99.1
Scan saved at 9:30:39 PM, on 12/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\fredmh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164431353828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F865F4B-9048-4E25-9760-06632857B582}: NameServer = 167.206.245.82,167.206.245.83
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
shark3189 is offline