Thread: syswrk.a trojan
View Single Post
Old 02-13-2007, 12:32 AM   #3 (permalink)
bzzkarat
Registered User
 
Join Date: Nov 2006
Posts: 18
OS: XP


Hi...here's the reports you requested. Thanks...my pc is running a little faster.

"BzzKarat" - 07-02-13 10:43:23 Service Pack 2
ComboFix 07-02-11.1.1 - Running from: "C:\Documents and Settings\BzzKarat\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\8980953.exe
C:\DOCUME~1\BzzKarat\RavMonLog
C:\Program Files\Microsoft 0ffice


((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 01:01 <DIR> d-------- C:\!Submit
2007-02-12 00:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-11 11:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-02-11 00:25 <DIR> d-------- C:\Program Files\RFlow Collector
2007-02-05 18:13 98,356 --a------ C:\WINDOWS\system32\MSJTER32.DLL
2007-02-05 18:13 965,904 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2007-02-05 18:13 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2007-02-05 18:13 722,192 --a------ C:\WINDOWS\system32\VB40032.DLL
2007-02-05 18:13 59,504 --a------ C:\WINDOWS\system32\VBDB32.DLL
2007-02-05 18:13 398,416 --a------ C:\WINDOWS\system32\Vbrun300.DLL
2007-02-05 18:13 33,552 --a------ C:\WINDOWS\system32\MSJINT32.DLL
2007-02-05 18:13 309,520 --a------ C:\WINDOWS\system32\MSWNG300.DLL
2007-02-05 18:13 26,000 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-02-05 18:13 245,520 --a------ C:\WINDOWS\system32\MSRD2X32.DLL
2007-02-05 18:13 244,496 --a------ C:\WINDOWS\system32\VBAR2232.DLL
2007-02-05 18:13 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL
2007-02-05 18:13 133,904 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2007-02-05 18:13 133,392 --a------ C:\WINDOWS\system32\MFCO30.DLL
2007-02-05 18:13 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2007-02-05 18:13 108,032 --a------ C:\WINDOWS\system32\MFCUIA32.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 10:47 -------- d-------- C:\DOCUME~1\BzzKarat\Application Data\free download manager
2007-02-13 01:12 -------- d-------- C:\Program Files\msn messenger
2007-02-13 01:12 -------- d-------- C:\Program Files\free download manager
2007-02-13 01:12 -------- d-------- C:\Program Files\athan
2007-02-13 01:11 -------- d-------- C:\Program Files\bitcomet
2007-02-13 00:23 -------- d-------- C:\Program Files\rockwell software
2007-02-12 23:48 -------- d-------- C:\Program Files\Common Files\rockwell
2007-02-12 23:19 -------- d--h----- C:\Program Files\installshield installation information
2007-02-12 23:02 -------- d-------- C:\Program Files\backburner 2
2007-02-12 22:50 -------- d-------- C:\DOCUME~1\BzzKarat\Application Data\my games
2007-02-12 00:59 -------- d-------- C:\Program Files\grisoft
2007-02-11 16:13 -------- d-------- C:\Program Files\spywareblaster
2007-02-10 23:38 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-10 23:38 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-10 23:38 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-29 22:26 -------- d-------- C:\DOCUME~1\BzzKarat\Application Data\avg7
2007-01-27 22:43 -------- d---s---- C:\DOCUME~1\BzzKarat\Application Data\microsoft
2007-01-10 23:39 -------- d-------- C:\DOCUME~1\BzzKarat\Application Data\sports interactive
2007-01-10 23:14 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-09 22:54 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-09 22:54 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-09 22:54 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-08 20:19 -------- d-------- C:\DOCUME~1\BzzKarat\Application Data\olympus
2007-01-08 17:10 -------- d-------- C:\Program Files\olympus
2007-01-08 17:08 -------- d-------- C:\Program Files\pixela
2006-12-28 22:12 -------- d-------- C:\Program Files\k-lite codec pack
2006-12-18 09:53 2880 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2006-12-07 14:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-20 13:29 0 --a------ C:\WINDOWS\powerreg.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"nwiz"="nwiz.exe /install"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MOUSE"="C:\\WINDOWS\\System32\\Mousexp.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Gainward"="C:\\WINDOWS\\TBPanel.exe /A"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Athan"="C:\\Program Files\\Athan\\Athan.exe"
"HPWT myPrintMileage Agent"="C:\\Program Files\\Hewlett-Packard\\HP Business Inkjet 1000\\Toolbox\\mpm.exe"
"C-Media Mixer"="Mixer.exe /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{407e7e6d-af11-11da-96c3-0000e2551602}]
Shell\Auto\command I:\infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45cef234-3248-11db-97b5-0000e2551602}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45cef235-3248-11db-97b5-0000e2551602}]
Shell\Auto\command K:\RavMonE.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6aaec76-2b52-11db-97ac-0000e2551602}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6f0c17c-286a-11db-97a7-0000e2551602}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-13 10:48:44

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:56:43 PM 2/13/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).


::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 13, 2007 3:28:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/02/2007
Kaspersky Anti-Virus database records: 267160
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan Statistics:
Total number of scanned objects: 129874
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:04:01

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\BzzKarat\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\History\History.IE5\MSHist012007021320070214\index.dat Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\Temp\Free Download Manager\tic484.tmp Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\Temp\Free Download Manager\tic5.tmp Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\Temp\~DFE8A0.tmp Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\Temp\~DFEA8A.tmp Object is locked skipped
C:\Documents and Settings\BzzKarat\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BzzKarat\ntuser.dat Object is locked skipped
C:\Documents and Settings\BzzKarat\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\flexlm\ptc_d Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-02-13.12-59-59.log Object is locked skipped
C:\Program Files\flexlm\licensing\ptclmgrd.log Object is locked skipped
C:\Program Files\Free Download Manager\fdm.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{98A1AF4B-A418-4588-A710-FBBE8F9F8E88}\RP12\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 3:29:46 PM, on 2/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\flexlm\i486_nt\obj\lmgrd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\flexlm\i486_nt\obj\ptc_d.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Mousexp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\TBPanel.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 1000\Toolbox\mpm.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\mdm.exe
C:\Documents and Settings\BzzKarat\Desktop\Spyware Center\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [MOUSE] C:\WINDOWS\System32\Mousexp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [HPWT myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Business Inkjet 1000\Toolbox\mpm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitComet.lnk = C:\Program Files\BitComet\BitComet.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex..._v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130437619578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Unknown owner - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: FLEXlm server for PTC - GLOBEtrotter Software Inc. - C:\Program Files\flexlm\i486_nt\obj\lmgrd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
bzzkarat is offline