Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page very slow computer
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-09-2006, 06:58 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 21
OS: XP


very slow computer
my computer is running extremely slowly and ive been told it is spyware by the windows xp forum and by microsoft error reporting. ive done the 5 steps and nothing seems to be working. start-up, accessing files and usb devices, windows media player and opening programs are all slow and ie regularly freezes. here is my hjt log...

Logfile of HijackThis v1.99.1
Scan saved at 7:52:13 PM, on 9/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bluetooth\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\winroute\WinRServ.exe
C:\Program Files\Softex\winroute\WinRoute.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145169215468
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Bin\hsppp.dll (file missing)
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - D:\Bin\EZTOOL~B.DLL (file missing)
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Bin\hsppp.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Bin\hsppp.dll (file missing)
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Bin\hsppp.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Bluetooth\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Softex WinRoute Service (WinRServ) - Unknown owner - C:\Program Files\Softex\winroute\WinRServ.exe
Thanks very much
srtendulkar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-10-2006, 03:18 PM   #2 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Please open IE and go to
Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2006, 12:18 AM   #3 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 21
OS: XP


kaspersky scanner
i cant run the kaspersky online scanner at all. i click on the online scanner and the window pops up with the privacy stuff, then when i click on accept the message at the bottom of the window says 'error on page'. is there anything i can do with hjt because the internet and internet explorer arent running well on this computer??
I eventually got the scanner to work

my computer also keeps trying to connect to dial-up when the local area connection icon is showing in the system tray and i can access the internet via broadband. any ideas why?

thanks
Last edited by srtendulkar; 07-11-2006 at 12:22 AM. Reason: problem solved
srtendulkar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2006, 05:41 AM   #4 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 21
OS: XP


kaspersky online scanner log
here is my kaspersky log, thanks

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 11, 2006 8:27:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/07/2006
Kaspersky Anti-Virus database records: 206386
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 87051
Number of viruses found: 1
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:46:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07042006-151622.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-7C-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PCUser\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\PCUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\PCUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\PCUser\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A699D843-1683-40DA-B3DA-6A9AE519D53E} Object is locked skipped
C:\Documents and Settings\PCUser\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PCUser\Local Settings\Temp\~DFD0FB.tmp Object is locked skipped
C:\Documents and Settings\PCUser\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PCUser\Local Settings\Temporary Internet Files\Content.IE5\QIYKUJW9\RegCureSetup_46[1].exe/stream/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\PCUser\Local Settings\Temporary Internet Files\Content.IE5\QIYKUJW9\RegCureSetup_46[1].exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\PCUser\Local Settings\Temporary Internet Files\Content.IE5\QIYKUJW9\RegCureSetup_46[1].exe NSIS: infected - 2 skipped
C:\Documents and Settings\PCUser\ntuser.dat Object is locked skipped
C:\Documents and Settings\PCUser\ntuser.dat.LOG Object is locked skipped
C:\Program Files\RegCure\uninst.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\RegCure\uninst.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\RegCure\uninst.exe NSIS: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DESKTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F903972B-6AC1-40B3-BD84-C1D20D5FA62F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\ntuser.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd2013.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00002.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\TMP000000171FD4BED70B0E36EE Object is locked skipped
C:\WINDOWS\Temp\ZLT0764a.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0764d.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
srtendulkar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2006, 11:05 AM   #5 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Download WinPFind-Unzip it to the desktop, but do not run it yet

You will need to update Ewido to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Run a full system scan with AVG.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Double click WinPFind.exe

* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!

Reboot back to Normal Mode!

In your next post please include:
  • Ewido Log
  • WinPfind.txt
  • A new Hijackthis! Log
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-13-2006, 07:17 AM   #6 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 21
OS: XP


logs!!
hijack this:
file of HijackThis v1.99.1
Scan saved at 10:52:00 PM, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bluetooth\BTNtService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\winroute\WinRServ.exe
C:\Program Files\Softex\winroute\WinRoute.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145169215468
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Bin\hsppp.dll (file missing)
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - D:\Bin\EZTOOL~B.DLL (file missing)
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Bin\hsppp.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Bin\hsppp.dll (file missing)
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\Bin\hsppp.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Bluetooth\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Softex WinRoute Service (WinRServ) - Unknown owner - C:\Program Files\Softex\winroute\WinRServ.exe

ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:57:40 AM 13/07/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@ads1.revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\PCUser\Cookies\pcuser@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end

winpfind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts


Checking %System% folder...
aspack 18/03/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26/05/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22/07/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 5/12/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 3/02/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll
aspack 31/03/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
PEC2 31/03/2003 10:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 27/06/2006 11:32:36 AM 620180 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 27/06/2006 11:32:36 AM 620180 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 19/06/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 9/06/2006 11:19:50 AM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/06/2006 11:19:50 AM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 5:56:36 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 5:56:44 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 31/03/2003 10:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 24/05/2006 1:39:30 PM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 24/05/2006 1:39:30 PM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 24/05/2006 1:39:30 PM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 24/05/2006 1:39:30 PM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 4/08/2004 3:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
PEC2 25/03/2005 4:18:48 PM 82148 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/07/2006 10:20:56 PM S 2048 C:\WINDOWS\bootstat.dat
13/07/2006 7:59:02 AM S 64 C:\WINDOWS\CSC\00000001
13/07/2006 2:55:02 PM H 5940743 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\177a0a3ee2a74d751a47fb42dbaad1a3\BIT6.tmp
13/07/2006 3:25:20 PM H 832416 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2f5091478db83d722d22c4811bef3fca\BIT1.tmp
13/07/2006 3:20:20 PM H 153861 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\38a59c1e879dafc6440d36b2ce245280\BIT4.tmp
13/07/2006 3:10:12 PM H 150147 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\76264d26d12a4446f379953ddeb75721\BIT2.tmp
13/07/2006 3:30:26 PM H 5390865 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\77f4a7b4504671edbc254973ae878a53\BIT5.tmp
13/07/2006 3:00:06 PM H 220361 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7bc9ebeb01afcf4d7a7b3a98e67eb8bd\BIT7.tmp
13/07/2006 3:05:10 PM H 151014 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8ac62a9d2e9d52e6ea908a91aec665f9\BIT8.tmp
13/07/2006 3:15:14 PM H 3323918 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\aa1f035c63889c4612955e0e52139aa5\BIT3.tmp
13/07/2006 7:35:38 PM H 48882 C:\WINDOWS\system32\vsconfig.xml
9/07/2006 2:53:04 PM H 4212 C:\WINDOWS\system32\zllictbl.dat
22/06/2006 9:18:30 PM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
30/05/2006 2:16:00 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 5:15:12 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
2/06/2006 6:28:56 AM S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
17/05/2006 11:24:42 AM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat
19/06/2006 4:20:58 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
13/07/2006 10:21:02 PM H 16384 C:\WINDOWS\system32\config\default.LOG
13/07/2006 10:21:36 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
13/07/2006 10:20:58 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
13/07/2006 10:21:40 PM H 81920 C:\WINDOWS\system32\config\software.LOG
13/07/2006 10:21:04 PM H 1179648 C:\WINDOWS\system32\config\system.LOG
13/07/2006 8:00:16 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
23/06/2006 6:27:26 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\045c9b84-cd35-4644-8992-5afcc03c6df7
23/06/2006 6:27:26 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
4/06/2006 1124 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8a88b36a-d68b-49bf-9a76-7e581ea8a79c
4/06/2006 1124 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
13/07/2006 10:24:18 PM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
13/07/2006 10:19:52 PM H 6 C:\WINDOWS\Tasks\SA.DAT
9/07/2006 8:07:30 PM H 0 C:\WINDOWS\Temp\MpCmdRun-91-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock
9/07/2006 8:07:30 PM H 0 C:\WINDOWS\Temp\MpCmdRun-91-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock

Checking for CPL files...
Microsoft Corporation 4/08/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
20/08/2002 4:40:22 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 21/06/2005 4:46:18 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation16/06/2004 6:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Sun Microsystems, Inc. 12/04/2006 10:22:16 PM 34304 C:\WINDOWS\SYSTEM32\javacpl.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 31/03/2003 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 31/03/2003 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 31/03/2003 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 13/12/2005 6:52:34 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 26/08/1996 1:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Microsoft Corporation 4/08/2004 5:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 31/03/2003 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4/08/2004 5:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 31/03/2003 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 31/03/2003 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 31/03/2003 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 31/03/2003 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Socket Communications Inc. 4/08/2003 4:05:14 PM R 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl
Intel Corporation 14/05/2002 7:24:56 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/11/2005 6:27:12 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/11/2005 4:49:06 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/06/2006 7:01:06 PM 1759 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
10/11/2005 6:27:12 AM HS 84 C:\Documents and Settings\PCUser\Start Menu\Programs\Startup\desktop.ini
2/07/2006 2:59:06 PM 256000 C:\Documents and Settings\PCUser\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Checking files in %USERPROFILE%\Application Data folder...
8/07/2006 1:38:58 PM HS 40 C:\Documents and Settings\PCUser\Application Data\.zreglib
10/11/2005 4:49:06 PM HS 62 C:\Documents and Settings\PCUser\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.6.0\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
AGRSMMSG AGRSMMSG.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
type32 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.6.0\bin\jusched.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Zone Labs Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
!ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
NBJ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk
item BlueSoleil
command C:\Program Files\Bluetooth\BlueSoleil.exe
location Common Startup
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools
item DAEMON Tools
command "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
hkey HKLM
key Run
item DAEMON Tools
command "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
hkey HKLM
key Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
item QuickTime Task
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
hkey HKLM
key Run
item QuickTime Task
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
hkey HKLM
key Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
item RealTray
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
hkey HKLM
key Run
item RealTray
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
hkey HKLM
key Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\µTorrent
item µTorrent
command "C:\Program Files\utorrent\utorrent.exe"
hkey HKEY
key Run
item µTorrent
command "C:\Program Files\utorrent\utorrent.exe"
hkey HKEY
key Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/07/2006 10:31:41 PM

thanks for all the help so far!!
srtendulkar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-13-2006, 03:36 PM   #7 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Unfortunately I'm seeing very little there that could be the source of your problem, we'll give it one last go to see if anything turns up.

Open HijackThis, click Config, then click Misc Tools.
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Download GMER to your desktop.
  • Right Click the Zip and Select Extract All.
  • Open GMER and Click the Tab labeled RootKit.
  • Now Click Scan, it will take a while for the scan to complete.
  • Once done, Copy the results to Notepad and post them in the next reply.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-16-2006, 03:18 AM   #8 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 21
OS: XP


more logs
GMER:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-15 13:35:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8238E8C0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 81B0AEB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [EF5E8A80] vsdatant.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8238E0E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8238E0E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8238E0E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8238E0E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [EF5E8A80] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823D8270
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82090970
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81C8DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 81C8DEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{5B8837EA-DC0D-429B-A3E8-E57E3BCCB709} IRP_MJ_CREATE 81D72DB8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81D72DB8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81D72DB8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [EF5E8A80] vsdatant.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8238EB78
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [EF5E8A80] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 81DB0B48
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [EF5E8A80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [EF5E8A80] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81DB0B48
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 81DB0B48
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 81CAF0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 81CAF0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 81CAF0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 81CAF0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 81CAF0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 81CAF0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 81CAF0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823D8270
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 81CB0EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 81B0AEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81B0E5B0

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 0EADB5883E0945CD71BD301B742C41F7B73A7726F854BB0DDC4CA9710692A7BF21A958BF79EDA78510EC767BBE04A7C8E27B977A1DBFC0B2A80A07C74514FB81C31D9D03B6D84DEB3A297E51F8A3F61B4BBD8B581ABFADADE13CC05007B08F524EA2CB9FAE41F06C536B830AF62A72C902F0A26F013FE5E668EB5D9DBCB9104E8AFE3DA6CD8226F3324D5557C39AAEB28A28C134980927500A47F5810863FB16B496DF6D3459CFF2A10E57B0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A6A0AC4980AC7933BA7FD869164D6794621D3034885BE70DE73265718F19899BE0F2E014882899CAFD401010E5CDE2E17B33D940EC2D2EF4C2A2E2134199BB10DF55A73B410BFAF74827677B340D1CF868D0D978C1D3794393BE3822C5CFBA5B2BEA162A685D60192ED58B8788F70EB306852813FD8D2E63B21BC3A62352610BB6F28F59AC2FBCFCE1D58241E1B75D4463C111CE0C3CC9062E33B5AFCC5B1EF02D10C74834341235CB15A7373099C11DC2D9346B49E5D7A3C3E4124FB0CA7623EB4AC97B14C4791C84612A7C588F89F79C8884AD09B4FBF0EB72B3192CA3FE7D048C7376DB5C9FC9DBF10DA9B32C16D09CEACA5D8F756B6F4B0245A8120BE49B3B2776C6081BC39FD3DB265A8FAADC662181A34

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{214086DF-EE6D-4E78-8CFA-98271DB824CD}

---- EOF - GMER 1.0.10 ----

HJT uninstall:

3GP Video Converter 3
Ad-Aware SE Personal
Adobe Acrobat 5.0
Agere Systems PCI Soft Modem
AMR Converter Pro
AVG Free Edition
AVS Video Tools 5.2
BlueSoleil
Borland Delphi 7
Civilization III
CleanUp!
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto
Creative Zen Touch
DivX
DivX Converter
DivX Player
DivX Web Player
ewido anti-spyware 4.0
Google Earth
Google Toolbar for Internet Explorer
Google Video Player
Hazard Perception Test Demo
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
Internet Access
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
Lavasoft VX2 Cleaner
Macromedia Flash Player 8
Macromedia Shockwave Player
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework SDK (English) 1.1
Microsoft AntiSpyware
Microsoft Office Professional Edition 2003
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows XP Video Decoder Checkup Utility
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MP3 WAV Converter 3.12
MSN Messenger 7.5
Nero Suite
O&O Defrag Professional Edition
Panda ActiveScan
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PowerISO
Pro Evolution Soccer 5
QuickTime
RealPlayer Basic
RegCure 1.0.0.43
Registry Mechanic 5.2
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Sensible Soccer 2006
SigmaTel AC97 Audio Drivers
Spybot - Search & Destroy 1.4
The Sims 2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
VideoLAN VLC media player 0.8.5
WinAce Archiver
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Tray Control
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Winroute
XviD 1.1 final uninstall
Zen Touch Media Explorer (for PlaysForSure devices)
ZoneAlarm
srtendulkar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-16-2006, 12:55 PM   #9 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Unfortunately your log is clean, at this point your problem is no longer malware related. If you decide to go back to your thread in hardware you may want to mention this driver, sptd.sys. My research shows it appears to be related to Daemon Tools which I do not see in your Add/Remove programs list.

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-17-2006, 05:34 AM   #10 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 21
OS: XP


i am up to date with the updates, except for one relating to daylight savings time which continues to not install properly. i have tried this many times and it still doesnt work. other than that, i ensure updates are completed.

i had daemon tools but uninstalled it cos i didnt need it any more. is it worth trying to remove that driver now??

thanks for all your help. what other problems could be causing the computer to run so slowly. i have also run registry mechanic and defragged the hdd, and put 15gb of stuff onto an external hdd because we thought thats wat was causing the problem.

do torrent applications cause any problems to the computer? i have had bittorrent and now have utorrent.
srtendulkar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-17-2006, 01:15 PM   #11 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


It is very possible that the driver is what is slowing things down, I would check with the XP guys and see what they think. Let them know you've been checked over by the security team and you're all clean.

I am not sure what effects your torrent applications would have on your computer, this is about as far as we go with regards to P2P advice:
P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation. I’ll leave the decision to you.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2006, 09:00 PM   #12 (permalink)
Registered User
 
Join Date: Jul 2005
Posts: 21
OS: XP


thanks!!
i have had a look on the net and people are having problems with that sptd.sys file so i will delete it and see if that helps. i dont have haemon tools anyway so it shouldnt matter. thanks very much for pointing this out and for all of the help with this problem!!
srtendulkar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:38 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85