Thread: Klone and Trojan Generic2.IRY - Lots of PopUps
View Single Post
Old 12-05-2006, 11:43 PM   #7 (permalink)
HardEight
Registered User
 
Join Date: Mar 2005
Posts: 37
OS: XP Pro


Thanks very much , lots of logs here for you


VirusTotal:
STATUS: FINISHEDComplete scanning result of "035871.exe", received in VirusTotal at 12.04.2006, 17:49:18 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.46 12.04.2006 DIAL/Generic
Authentium 4.93.8 12.01.2006 Possibly a new variant of W32/Dialer-Adult-based!Maximus
Avast 4.7.892.0 12.04.2006 Win32:Dialer-647
AVG 386 12.04.2006 Potentially harmful program Dialer.AGU
BitDefender 7.2 12.04.2006 no virus found
CAT-QuickHeal 8.00 12.04.2006 Trojan.Horst.pp
ClamAV devel-20060426 12.04.2006 no virus found
DrWeb 4.33 12.04.2006 no virus found
eSafe 7.0.14.0 12.03.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.75 12.03.2006 no virus found
eTrust-Vet 30.3.3230 12.04.2006 no virus found
Ewido 4.0 12.04.2006 Dialer.BTV
Fortinet 2.82.0.0 12.04.2006 suspicious
F-Prot 3.16f 12.01.2006 Possibly a new variant of W32/Dialer-Adult-based!Maximus
F-Prot4 4.2.1.29 12.01.2006 W32/Dialer-Adult-based!Maximus
Ikarus 1.0.26 12.04.2006 no virus found
Kaspersky 4.0.2.24 12.04.2006 not-a-virus:Porn-Dialer.Win32.BTV
McAfee 4910 12.04.2006 potentially unwanted program Dialer-gen
Microsoft 1.1804 12.04.2006 no virus found
NOD32v2 1899 12.04.2006 a variant of Win32/Dialer.BTV
Norman 5.80.02 12.04.2006 no virus found
Panda 9.0.0.4 12.03.2006 Dialer.Gen
Prevx1 V2 12.04.2006 no virus found
Sophos 4.12.0 12.04.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.127 12.01.2006 Dialer/Generic
UNA 1.83 12.04.2006 no virus found
VBA32 3.11.1 12.04.2006 Porn-Dialer.Win32.BTV
VirusBuster 4.3.15:9 12.04.2006 no virus found


Aditional Information
File size: 43720 bytes
MD5: 4d15af518b5a97d4540c3581c07854f8
SHA1: 68b57c09c169eb199a4936cd536352ab7c9575e0
packers: UPX
packers: UPX
packers: UPX
packers: UPX
packers: UPX




STATUS: FINISHEDComplete scanning result of "activate.exe", received in VirusTotal at 12.04.2006, 17:58:50 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.46 12.04.2006 no virus found
Authentium 4.93.8 12.01.2006 no virus found
Avast 4.7.892.0 12.04.2006 no virus found
AVG 386 12.04.2006 no virus found
BitDefender 7.2 12.04.2006 no virus found
CAT-QuickHeal 8.00 12.04.2006 no virus found
ClamAV devel-20060426 12.04.2006 no virus found
DrWeb 4.33 12.04.2006 no virus found
eSafe 7.0.14.0 12.03.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.75 12.03.2006 no virus found
eTrust-Vet 30.3.3230 12.04.2006 no virus found
Ewido 4.0 12.04.2006 no virus found
Fortinet 2.82.0.0 12.04.2006 suspicious
F-Prot 3.16f 12.01.2006 no virus found
F-Prot4 4.2.1.29 12.01.2006 no virus found
Ikarus 1.0.26 12.04.2006 no virus found
Kaspersky 4.0.2.24 12.04.2006 no virus found
McAfee 4910 12.04.2006 no virus found
Microsoft 1.1804 12.04.2006 no virus found
NOD32v2 1899 12.04.2006 no virus found
Norman 5.80.02 12.04.2006 no virus found
Panda 9.0.0.4 12.03.2006 no virus found
Prevx1 V2 12.04.2006 no virus found
Sophos 4.12.0 12.04.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.127 12.01.2006 no virus found
UNA 1.83 12.04.2006 no virus found
VBA32 3.11.1 12.04.2006 no virus found
VirusBuster 4.3.15:9 12.04.2006 no virus found


Aditional Information
File size: 17408 bytes
MD5: 1afaffc2c4f7ce27d0462e2fd8b172be
SHA1: 7ddb07747cb1b38b861ea7f908f9f08a51dbf624
packers: UPX
packers: UPX
packers: UPX






Vundofix:


VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 2:40:32 AM 12/5/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...





AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:10:45 AM 12/5/2006

+ Scan result:



C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP309\A0032037.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP309\A0032038.dll -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032068.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032077.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032083.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032073.dll -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032076.dll -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032080.dll -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Amy\laptop\Downloads\035871.exe -> Dialer.BTV : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032065.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032066.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032069.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032071.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032074.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032078.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032079.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032082.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\pda\finished\Marilis Crack\AllMarilisCrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\pda\finished\PDA\Marilis Crack\AllMarilisCrk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).


::Report end







Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 05, 2006 10:34:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/12/2006
Kaspersky Anti-Virus database records: 248329
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 100761
Number of viruses found: 8
Number of infected objects: 15 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:19:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\3M\PSNotes\PSNData Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012006120520061206\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8864.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE919.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\DESKTOP2\kmd.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\DESKTOP2\kmd.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\DESKTOP2\kmd.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\DESKTOP2\kmd.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\DESKTOP2\kmd.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa skipped
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\DESKTOP2\kmd.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\DESKTOP2\kmd.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
C:\Documents and Settings\All Users\Documents\Amy\laptop\DOCs\Amy\DESKTOP2\kmd.exe Inno: infected - 7 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_638.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_68.trc Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP308\A0031826.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032067.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032070.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032072.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032075.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP310\A0032081.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP317\A0033539.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\System Volume Information\_restore{3B2AB1B0-D8DC-4BE8-8217-75BFF4BC3FD8}\RP318\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.









HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:06 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\AOL\1129469933\ee\AOLSoftware.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.6--2050537322.dll
O3 - Toolbar: &Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.6--2050537322.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129469933\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Note&book) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6--2050537322.dll/gn_menu1.html
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.6--2050537322.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1129404190136
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129470622156
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
HardEight is offline