|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-26-2005, 09:41 AM
|
#1 (permalink) |
|
General Manager (Administrator)
|
Analyst needs Analysis
Hi Guys
Someone other than me check out this log please. It looks clean to me but my system is dead slow. This is a new phenomenon. It was perfect up to a few weeks ago. Logfile of HijackThis v1.99.1 Scan saved at 05:36:06, on 06/26/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\System32\snmp.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\Explorer.EXE C:\WINNT\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP PSC 500 NT\scanning\hpodlb08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJK\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fnb.co.za/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Absa O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [WheelMouse] C:\WHEELM~1\wh_exec.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\Icq.exe -trayboot O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HP ODLB08.lnk = C:\Program Files\Hewlett-Packard\HP PSC 500 NT\scanning\hpodlb08.exe O4 - Global Startup: Forget Me Not.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C32885-7702-4D8B-8C42-8F34412DA775}: NameServer = 168.210.2.2 196.14.239.2 O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
__________________
Know where you're going in life. You may already be there 
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-26-2005, 12:29 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: May 2005
Posts: 140
OS: XP
|
Horse,
After looking around the room to see if this was a set up....lol Everything APPEARS to be in order. I only see this R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = that need fixin with HJT, did not see any suspcious entries. If you want to run silent hunters or RK files, i will take a look at that for you :D Excal
__________________
|
|
|
|
|
06-27-2005, 12:02 AM
|
#3 (permalink) |
|
General Manager (Administrator)
|
Thanks Tom
LOL@setup. Not at all - it's always better to get other opinions when dealing with your own system. Kinda like a Doctor treating his own family or mechanic working on his own car. They don't generally. Anyhow I will run a couple of programs when I get back from my business trip on Wednesday. Thanks for taking the time.
__________________
Know where you're going in life. You may already be there
|
|
|
|
|
07-03-2005, 07:04 AM
|
#5 (permalink) |
|
General Manager (Administrator)
|
I've run the following logs as requested by Microbell:-
Silent Runners "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINNT\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."] "IgfxTray" = "C:\WINNT\System32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINNT\System32\hkcmd.exe" ["Intel Corporation"] "WheelMouse" = "C:\WHEELM~1\wh_exec.exe" [empty string] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "NeroCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "Synchronization Manager" = "C:\WINNT\system32\mobsync.exe /logon" [MS] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINNT\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\nvshell.dll" ["NVIDIA Corporation"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "aČ Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\Audiodev.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data] INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! "BootExecute" = "autocheck autochk * sprestrt sprestrt" [file not found], [MS], [file not found], [MS], [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"] TDS-3\(Default) = "{E8ADA3E1-CE9B-44A0-A165-997304EF4E18}" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\tds3shl.dll" [empty string] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"] TDS-3\(Default) = "{E8ADA3E1-CE9B-44A0-A165-997304EF4E18}" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\tds3shl.dll" [empty string] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINNT\System32\sstext3d.scr" [MS] Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup "SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "HP ODLB08" -> shortcut to: "C:\Program Files\Hewlett-Packard\HP PSC 500 NT\scanning\hpodlb08.exe" ["Hewlett-Packard Co."] "Forget Me Not" -> shortcut to: "C:\Program Files\Broderbund\AG Crafts\agremind.exe" ["Broderbund Properties LLC"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 30 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Driver Helper Service, NVSvc, "C:\WINNT\System32\nvsvc32.exe" ["NVIDIA Corporation"] TrueVector Internet Monitor, vsmon, "C:\WINNT\system32\ZONELABS\vsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:\WINNT\system32\wdfmgr.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 13 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 28 seconds. ---------- (total run time: 78 seconds) Startup List StartupList report, 07/03/2005, 02:46:36 PM StartupList version: 1.52.2 Started from : C:\HJK\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\System32\snmp.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\Explorer.EXE C:\WINNT\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP PSC 500 NT\scanning\hpodlb08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\HJK\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] HP ODLB08.lnk = C:\Program Files\Hewlett-Packard\HP PSC 500 NT\scanning\hpodlb08.exe Forget Me Not.lnk = ? Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE IgfxTray = C:\WINNT\System32\igfxtray.exe HotKeysCmds = C:\WINNT\System32\hkcmd.exe WheelMouse = C:\WHEELM~1\wh_exec.exe NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize NeroCheck = C:\WINNT\system32\NeroCheck.exe nwiz = nwiz.exe /install AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINNT\system32\ctfmon.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: *Registry value not found* -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINNT\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINNT\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub [{4b218e3e-bc98-4770-93d3-2731b9329278}] * StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6A5110B5-E14B-4268-A065-EF89FF33C325}] * StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\fxsocm.inf,Fax.Install.PerUser [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINNT\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINNT\System32\sstext3d.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINNT\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINNT\Explorer\Explorer.exe: not present C:\WINNT\System\Explorer.exe: not present C:\WINNT\System32\Explorer.exe: not present C:\WINNT\Command\Explorer.exe: not present C:\WINNT\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: *Registry value not found* .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINNT - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINNT\Java\classes\dajava.cab OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd [Microsoft Office Template and Media Control] InProcServer32 = C:\PROGRA~1\MICROS~3\OFFICE11\IEAWSDC.DLL CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab [MSSecurityAdvisor Class] InProcServer32 = C:\WINNT\System32\mssecadv.dll CODEBASE = http://download.microsoft.com/downlo...?1092072665359 [Office Update Installation Engine] InProcServer32 = C:\WINNT\opuc.dll CODEBASE = http://office.microsoft.com/officeup...ntent/opuc.cab [HouseCall Control] InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab [Java Plug-in 1.4.2_05] InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll CODEBASE = http://java.sun.com/products/plugin/...ndows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.co...203.3830671296 [CRAVOnline Object] InProcServer32 = C:\WINNT\Downloaded Program Files\ravonline.dll CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab [Java Plug-in 1.4.2_05] InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll CODEBASE = http://java.sun.com/products/plugin/...ndows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINNT\system32\macromed\flash\flash.ocx CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINNT\System32\mswsock.dll NameSpace #2: C:\WINNT\System32\winrnr.dll NameSpace #3: C:\WINNT\System32\mswsock.dll NameSpace #4: C:\WINNT\System32\nwprovau.dll Protocol #1: C:\WINNT\system32\mswsock.dll Protocol #2: C:\WINNT\system32\mswsock.dll Protocol #3: C:\WINNT\system32\mswsock.dll Protocol #4: C:\WINNT\system32\rsvpsp.dll Protocol #5: C:\WINNT\system32\rsvpsp.dll Protocol #6: C:\WINNT\system32\mswsock.dll Protocol #7: C:\WINNT\system32\mswsock.dll Protocol #8: C:\WINNT\system32\mswsock.dll Protocol #9: C:\WINNT\system32\mswsock.dll Protocol #10: C:\WINNT\system32\mswsock.dll Protocol #11: C:\WINNT\system32\mswsock.dll Protocol #12: C:\WINNT\system32\mswsock.dll Protocol #13: C:\WINNT\system32\mswsock.dll Protocol #14: C:\WINNT\system32\mswsock.dll Protocol #15: C:\WINNT\system32\mswsock.dll Protocol #16: C:\WINNT\system32\mswsock.dll Protocol #17: C:\WINNT\system32\mswsock.dll Protocol #18: C:\WINNT\system32\mswsock.dll Protocol #19: C:\WINNT\system32\mswsock.dll Protocol #20: C:\WINNT\system32\mswsock.dll Protocol #21: C:\WINNT\system32\mswsock.dll Protocol #22: C:\WINNT\system32\mswsock.dll Protocol #23: C:\WINNT\system32\mswsock.dll Protocol #24: C:\WINNT\system32\mswsock.dll Protocol #25: C:\WINNT\system32\mswsock.dll Protocol #26: C:\WINNT\system32\mswsock.dll Protocol #27: C:\WINNT\system32\mswsock.dll Protocol #28: C:\WINNT\system32\mswsock.dll Protocol #29: C:\WINNT\system32\mswsock.dll Protocol #30: C:\WINNT\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Intel(r) 82801DB/DBM Audio Driver Service (WDM): system32\drivers\ac97ich4.sys (manual start) Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system) Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system) Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start) Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system) ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start) AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart) AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system) AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system) AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system) AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart) basic2: System32\DRIVERS\HSF_BSC2.sys (manual start) Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) InCD Storage Helper Driver: System32\DRIVERS\bsstor.sys (system) Closed Caption Decoder: system32\drivers\ccdecode.sys (manual start) CD-ROM Driver: System32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (disabled) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start) COM+ System Application: C:\WINNT\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Disk Driver: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Logical Disk Manager Driver: System32\DRIVERS\dmio.sys (system) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) MS IEEE-1284.4 Driver: System32\DRIVERS\Dot4.sys (manual start) Print Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Prt.sys (manual start) Scan Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Scan.sys (manual start) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) Intel(R) PRO Adapter Driver: System32\DRIVERS\e100bnt5.sys (manual start) Accton EN5251 Series Chip Based Fast Ethernet Adapter Windows Driver: System32\DRIVERS\EN5251N5.SYS (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart) ewido security suite driver: \??\C:\Program Files\ewido\security suite\guard.sys (system) ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (autostart) Fallback: System32\DRIVERS\HSF_FALL.sys (autostart) Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start) VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start) Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart) Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system) Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start) Scroll Mouse Driver: System32\DRIVERS\gmfiltr.sys (manual start) Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start) Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) HPoPar08: \SystemRoot\System32\drivers\HPoPar08.SYS (autostart) HSFHWBS2: System32\DRIVERS\HSFBS2S2.sys (manual start) HSF_DP: System32\DRIVERS\HSFDPSP2.sys (manual start) hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system) ialm: System32\DRIVERS\ialmnt5.sys (manual start) IdeBusDr: System32\DRIVERS\IdeBusDr.sys (system) Intel(r) Ultra ATA Controller: System32\DRIVERS\IdeChnDr.sys (system) IIS Admin: C:\WINNT\System32\inetsrv\inetinfo.exe (autostart) CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system) IMAPI CD-Burning COM Service: C:\WINNT\System32\imapi.exe (manual start) Intel Processor Driver: System32\DRIVERS\intelppm.sys (system) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) IPSEC driver: System32\DRIVERS\ipsec.sys (system) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system) K56: System32\DRIVERS\HSF_K56K.sys (autostart) Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart) mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Media Manager Indexer: C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe (manual start) NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start) Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start) Mouse Class Driver: System32\DRIVERS\mouclass.sys (system) BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start) WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start) Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start) Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS Interface: System32\DRIVERS\netbios.sys (system) NetBios over Tcpip: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) 1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) nv: system32\DRIVERS\nv4_mini.sys (manual start) nv4: System32\DRIVERS\nv4.sys (manual start) NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system) Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start) Parallel class driver: System32\DRIVERS\parallel.sys (disabled) Parallel port driver: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart) WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Processor Driver: System32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start) Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start) Remote Desktop Help Session Manager: C:\WINNT\system32\sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start) Serial port driver: System32\DRIVERS\serial.sys (system) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Simple Mail Transfer Protocol (SMTP): C:\WINNT\System32\inetsrv\inetinfo.exe (autostart) SNMP Service: %SystemRoot%\System32\snmp.exe (autostart) SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start) Raw Socket Lock Driver: \??\C:\WINNT\System32\socketlock.sys (autostart) SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart) Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) System Restore Filter Driver: System32\DRIVERS\sr.sys (system) System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Still Serial Digital Camera Driver: system32\DRIVERS\serscan.sys (manual start) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Software Bus Driver: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINNT\System32\dllhost.exe /Processid:{F8E6D7FF-FBC3-4B89-9066-01CDD72603F7} (manual start) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system) Terminal Device Driver: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINNT\System32\tlntsvr.exe (manual start) Tones: System32\DRIVERS\HSF_TONE.sys (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microsoft AGPv3.5 Filter: system32\DRIVERS\uagp35.sys (system) Windows User Mode Driver Framework: C:\WINNT\system32\wdfmgr.exe (autostart) Microcode Update Driver: System32\DRIVERS\update.sys (manual start) Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start) USB 2.0 Root Hub Support: System32\DRIVERS\usbhub20.sys (manual start) USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start) Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start) V124: System32\DRIVERS\HSF_V124.sys (autostart) VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) vsdatant: System32\vsdatant.sys (system) TrueVector Internet Monitor: C:\WINNT\system32\ZONELABS\vsmon.exe -service (autostart) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Wide Web Publishing: %SystemRoot%\System32\inetsrv\inetinfo.exe (autostart) Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) WheelMouse Upper Filter Driver: System32\DRIVERS\whmice2k.sys (manual start) winachsf: System32\DRIVERS\HSFCXTS2.sys (manual start) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI Performance Adapter: C:\WINNT\System32\wbem\wmiapsrv.exe (manual start) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Intel(R) Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (system) Intel(R) Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINNT\System32\webcheck.dll SysTray: C:\WINNT\System32\stobject.dll PostBootReminder: C:\WINNT\system32\SHELL32.dll CDBurn: C:\WINNT\system32\SHELL32.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 37,822 bytes Report generated in 0.156 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only StartDreck Log StartDreck (build 2.1.7 public stable) - 2005-07-03 @ 14:08:00 (GMT +02:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Administrator at DEREKV »Registry »Run Keys »Current User »Run *ctfmon.exe=C:\WINNT\system32\ctfmon.exe »RunOnce »Default User »Run *NvMediaCenter=RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit *AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE »RunOnce *^SetupICWDesktop=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop *tscuninstall=%systemroot%\system32\tscupgrd.exe »Local Machine »Run *SoundMan=SOUNDMAN.EXE *IgfxTray=C:\WINNT\System32\igfxtray.exe *HotKeysCmds=C:\WINNT\System32\hkcmd.exe *WheelMouse=C:\WHEELM~1\wh_exec.exe *NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize *NeroCheck=C:\WINNT\system32\NeroCheck.exe *nwiz=nwiz.exe /install *Synchronization Manager=%SystemRoot%\system32\mobsync.exe /logon *AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP *Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime *Zone Labs Client=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINNT\System32\mshta.exe "%1" %* +.htm *FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.html *FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *SpywareGuardDLBLOCK.CBrowserHelper/{4A368E80-174F-4872-96B5-0B27DDD11DB2} `InprocServer32=C:\Program Files\SpywareGuard\dlprotect.dll *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar2.dll »Files »Autostart Folders »Current User *C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk »Default User *C:\WINNT\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP ODLB08.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini *C:\msdos.sys *C:\config.sys *C:\WINNT\system32\config.nt *C:\autoexec.bat *C:\WINNT\system32\autoexec.nt *C:\WINNT\wininit.ini *C:\WINNT\system32\drivers\etc\hosts »System/Drivers »Running Processes +0=<idle> +4=<system> +332=\SystemRoot\System32\smss.exe +388=\??\C:\WINNT\system32\csrss.exe +412=\??\C:\WINNT\system32\winlogon.exe +456=C:\WINNT\system32\services.exe +468=C:\WINNT\system32\lsass.exe +704=C:\WINNT\system32\svchost.exe +752=C:\WINNT\system32\svchost.exe +788=C:\WINNT\System32\svchost.exe +828=C:\WINNT\System32\svchost.exe +904=C:\WINNT\System32\svchost.exe +956=C:\WINNT\system32\spoolsv.exe +1056=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe +1084=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe +1144=C:\Program Files\ewido\security suite\ewidoctrl.exe +1280=C:\WINNT\System32\inetsrv\inetinfo.exe +1304=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe +1332=C:\WINNT\System32\nvsvc32.exe +1432=C:\WINNT\System32\snmp.exe +1464=C:\WINNT\System32\svchost.exe +1484=C:\WINNT\system32\wdfmgr.exe +1568=C:\WINNT\system32\ZONELABS\vsmon.exe +248=C:\WINNT\System32\alg.exe +1928=C:\WINNT\Explorer.EXE +2288=C:\WINNT\SOUNDMAN.EXE +560=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe +1744=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe +2296=C:\WINNT\system32\ctfmon.exe +928=C:\Program Files\Hewlett-Packard\HP PSC 500 NT\scanning\hpodlb08.exe +2596=C:\Program Files\SpywareGuard\sgmain.exe +732=C:\Program Files\SpywareGuard\sgbhp.exe +3860=C:\Program Files\Internet Explorer\IEXPLORE.EXE +932=C:\Documents and Settings\Administrator\My Documents\Derek\Derek File\Security Programs\StartDreck.exe »NT Services *Alerter Alerter - disabled *Application Layer Gateway Service ALG running on demand *Application Management AppMgmt - on demand *ASP.NET State Service aspnet_state - on demand *Windows Audio AudioSrv running auto *AVG7 Alert Manager Server Avg7Alrt running auto *AVG7 Update Service Avg7UpdSvc running auto *Background Intelligent Transfer Service BITS - on demand *Computer Browser Browser running auto *Indexing Service cisvc - disabled *ClipBook ClipSrv - disabled *COM+ System Application COMSysApp - on demand *Cryptographic Services CryptSvc running auto *DCOM Server Process Launcher DcomLaunch running auto *DHCP Client Dhcp running auto *Logical Disk Manager Administrative Service dmadmin - on demand *Logical Disk Manager dmserver running auto *DNS Client Dnscache running auto *Error Reporting Service ERSvc running auto *Event Log Eventlog running auto *COM+ Event System EventSystem running on demand *ewido security suite control ewido security suite running auto *ewido security suite guard ewido security suite - auto *Fast User Switching Compatibility FastUserSwitchingCom - on demand *Fax Fax - auto *Help and Support helpsvc running auto *Human Interface Device Access HidServ - disabled *HTTP SSL HTTPFilter - on demand *IIS Admin IISADMIN running auto *IMAPI CD-Burning COM Service ImapiService - on demand *Server lanmanserver running auto *Workstation lanmanworkstation running auto *TCP/IP NetBIOS Helper LmHosts running auto *Machine Debug Manager MDM running auto *Messenger Messenger - disabled *Media Manager Indexer MMIndexer - on demand *NetMeeting Remote Desktop Sharing mnmsrvc - on demand *Distributed Transaction Coordinator MSDTC - on demand *Windows Installer MSIServer - on demand *Network DDE NetDDE - disabled *Network DDE DSDM NetDDEdsdm - disabled *Net Logon Netlogon - on demand *Network Connections Netman running on demand *Network Location Awareness (NLA) Nla running on demand *NT LM Security Support Provider NtLmSsp - on demand *Removable Storage NtmsSvc - auto *NVIDIA Driver Helper Service NVSvc running auto *Office Source Engine ose - on demand *Plug and Play PlugPlay running auto *IPSEC Services PolicyAgent running auto *Protected Storage ProtectedStorage running auto *Remote Access Auto Connection Manager RasAuto - on demand *Remote Access Connection Manager RasMan running on demand *Remote Desktop Help Session Manager RDSessMgr - on demand *Routing and Remote Access RemoteAccess - disabled *Remote Registry RemoteRegistry running auto *Remote Procedure Call (RPC) Locator RpcLocator - on demand *Remote Procedure Call (RPC) RpcSs running auto *QoS RSVP RSVP - on demand *Security Accounts Manager SamSs running auto *Smart Card SCardSvr - on demand *Task Scheduler Schedule running auto *Secondary Logon seclogon running auto *System Event Notification SENS running auto *Windows Firewall/Internet Connection Sharing (I SharedAccess running auto `CS) *Shell Hardware Detection ShellHWDetection running auto *Simple Mail Transfer Protocol (SMTP) SMTPSVC running auto *SNMP Service SNMP running auto *SNMP Trap Service SNMPTRAP - on demand *Print Spooler Spooler running auto *System Restore Service srservice running auto *SSDP Discovery Service SSDPSRV - disabled *Windows Image Acquisition (WIA) stisvc running auto *MS Software Shadow Copy Provider SwPrv - on demand *Performance Logs and Alerts SysmonLog - on demand *Telephony TapiSrv running on demand *Terminal Services TermService running on demand *Themes Themes running auto *Telnet TlntSvr - on demand *Distributed Link Tracking Client TrkWks running auto *Windows User Mode Driver Framework UMWdf running auto *Universal Plug and Play Device Host upnphost - disabled *Uninterruptible Power Supply UPS - on demand *Utility Manager UtilMan - on demand *TrueVector Internet Monitor vsmon running auto *Volume Shadow Copy VSS - on demand *Windows Time W32Time running auto *World Wide Web Publishing W3SVC running auto *WebClient WebClient running auto *Windows Management Instrumentation winmgmt running auto *Portable Media Serial Number Service WmdmPmSN - on demand *Windows Management Instrumentation Driver Exten Wmi - on demand `sions *WMI Performance Adapter WmiApSrv - on demand *Security Center wscsvc running auto *Automatic Updates wuauserv running auto *Wireless Zero Configuration WZCSVC - on demand *Network Provisioning Service xmlprov - on demand »Application specific
__________________
Know where you're going in life. You may already be there
|
|
|
|
|
07-03-2005, 11:55 AM
|
#6 (permalink) |
|
General Manager (Administrator)
|
Mwav
Herewith a Mwav log as well
bject "Gator Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "precisiontime Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "PerfectNav Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Browser Hijack Object Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\AcDcToday.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\AcPreview.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\bridge.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\InstBanr.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\InstFred.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\jao.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\MSNChat45.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\WSDownloader.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\WSPhotoUploader.OCX". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\System32\iuctl.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\System32\iuctl.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\VBA\VBA332.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\System32\spool\drivers\w32x86\HpoVcm08.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\System32\spool\drivers\w32x86\HpoMem08.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\System32\spool\drivers\w32x86\HpoMlc08.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\System32\spool\drivers\w32x86\HpoPar08.sys". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\System32\spool\drivers\w32x86\HpoPml08.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\System32\spool\drivers\w32x86\HpoHid08.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\RTCDLL.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\Works Shared\mswkscal.wcd". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\MSNChat45.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\jao.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\bridge.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\Setup.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\IGDI.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\WSDownloader.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\WSPhotoUploader.OCX". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\AcPreview.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\AcDcToday.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\InstBanr.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\InstFred.ocx". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\Setup.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\IGDI.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{00120070-B1BA-11CE-ABC6-F5B2E79D9E3F}" refers to invalid object "C:\Program Files\Logitech\QuickCam\ltscr12n.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{00120074-B1BA-11CE-ABC6-F5B2E79D9E3F}" refers to invalid object "C:\Program Files\Logitech\QuickCam\ltscr12n.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{00120075-B1BA-11CE-ABC6-F5B2E79D9E3F}" refers to invalid object "C:\Program Files\Logitech\QuickCam\ltscr12n.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{00120076-B1BA-11CE-ABC6-F5B2E79D9E3F}" refers to invalid object "C:\Program Files\Logitech\QuickCam\ltscr12n.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{00120077-B1BA-11CE-ABC6-F5B2E79D9E3F}" refers to invalid object "C:\Program Files\Logitech\QuickCam\ltscr12n.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{36B4D77E-1B50-43cd-952A-87A4EF495336}" refers to invalid object "C:\Program Files\Logitech\QuickCam\LIU_PROD.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{3933DE4F-3551-11D3-AB53-00A0C976D016}" refers to invalid object "C:\Program Files\Logitech\QuickCam\Update.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{5AD1D981-41CE-11D8-B3F2-00C0262658EB}" refers to invalid object "C:\Program Files\TuneUp and Optimizer\histogram.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{6B17EA02-30DE-4216-9674-FD508CA413C7}" refers to invalid object "C:\Program Files\TuneUp and Optimizer\HCSAnalogClock.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{7B52EDC9-205E-4A92-83E3-E618768A5753}" refers to invalid object "C:\Program Files\TuneUp and Optimizer\ZShredder.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{B2E996C4-EA2F-489E-8B3B-E9B10B3C2E9C}" refers to invalid object "C:\Program Files\TuneUp and Optimizer\Sis_X.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0}" refers to invalid object "C:\WINNT\System32\P2P Networking\MARSHAL4.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{CD7DA9CA-09DF-4f47-A140-20FCAAC659D5}" refers to invalid object "C:\Program Files\Logitech\QuickCam\LIU_UPD.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{E9AEE625-5EC8-11d3-AB53-00A0C976D016}" refers to invalid object "C:\Program Files\Logitech\QuickCam\LVMAVI.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F852086B-10E6-4743-9A3F-D8257A0A59E3}" refers to invalid object "C:\Program Files\DAP\DAPBHO.dll". Action Taken: No Action Taken. Entry "HKCR\ACDCTODAY.AcDcTodayCtrl.1" refers to invalid object "{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122}". Action Taken: No Action Taken. Entry "HKCR\ACPREVIEW.AcPreviewCtrl.1" refers to invalid object "{F281A59C-7B65-11D3-8617-0010830243BD}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\DAPBHO.DAPHelper" refers to invalid object "{0000CC75-ACF3-4cac-A0A9-DD3868E06852}". Action Taken: No Action Taken. Entry "HKCR\DAPBHO.DAPHelper.1" refers to invalid object "{0000CC75-ACF3-4cac-A0A9-DD3868E06852}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. File C:\Documents and Settings\All Users\Documents\Games\123free.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\All Users\Documents\Games\DX-Ball\dxball.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Derek\Derek File\Security Programs\plvx2cleaner.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Derek\Derek File\Security Programs\aawsepersonal1.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Derek\Derek File\Security Programs\zlsSetup_55_094_000.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Derek\Derek File\Security Programs\aawsepersonal2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Derek\Games\123free.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Derek\Games\DX-Ball\dxball.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Downloads\myphotos.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Downloads\CWordZap\163c.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Administrator\My Documents\Downloads\qq.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\ICQ\UNWISE32.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Broderbund\AG Scrapbooks\Unlock\SSD\SS4DlxDl.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Broderbund\AG Crafts\Unlock\SSD\SS4DlxDl.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\QQ\Africa1\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins\vx2cleaner\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{9984A1CC-D2E5-4212-8129-06E402D0F1B8}\RP14\A0001303.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{9984A1CC-D2E5-4212-8129-06E402D0F1B8}\RP16\A0001350.exe tagged as "not-a-virus:AdWare.WildTangent.a". Action Taken: No Action Taken. File C:\System Volume Information\_restore{9984A1CC-D2E5-4212-8129-06E402D0F1B8}\RP39\A0004148.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{9984A1CC-D2E5-4212-8129-06E402D0F1B8}\RP39\A0004151.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\System Volume Information\_restore{9984A1CC-D2E5-4212-8129-06E402D0F1B8}\RP63\A0012045.exe tagged as "not-a-virus:AdWare.NavExcel". Action Taken: No Action Taken. File C:\System Volume Information\_restore{9984A1CC-D2E5-4212-8129-06E402D0F1B8}\RP63\A0012046.exe tagged as "not-a-virus:AdWare.NavExcel.b". Action Taken: No Action Taken. File C:\System Volume Information\_restore{9984A1CC-D2E5-4212-8129-06E402D0F1B8}\RP63\A0012047.dll tagged as "not-a-virus:AdWare.NavExcel.f". Action Taken: No Action Taken.
__________________
Know where you're going in life. You may already be there
|
|
|
|
|
07-03-2005, 12:03 PM
|
#7 (permalink) |
|
Moderator, Microsoft Support
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2
|
Silent Runners will have to be left to MicroBell
 The mwav log is pretty clean. You can use ccleaner to help tidy up orphaned registry entries: Please download CCleaner via this website: http://www.ccleaner.com/ccdownload.asp When you have installed it, click on the Registry tab and then click Scan for issues. When it has finished scanning click Fix selected issues. (You can do this a few times). Please run an online virus scan at Panda ActiveScan. Save the results and bring them with you in your next post. And don't forget to ask MicroBell to check SR log
__________________
  |
|
|
|
|
07-03-2005, 06:42 PM
|
#8 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
Oh my. I went through your logs twice to make sure. I got really bad news!! Your clean!! Eeeeeeeeeek
Derek..navigate to this registry key.. HKLM\System\CurrentControlSet\Control\Session Manager Don't click the + button under that folder. Click file...export key and save it as "all file types" and name it session.txt. I need a list of the commands in the right window under that Session Manager folder. Attach that file to your next post (Don't post the contents as it's to big)
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
  Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
07-04-2005, 02:31 PM
|
#10 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
*sigh* Clean...
OK.. Post that Panda scan that POADB asked for and delete your TEMP files as was suggested. Open your printer icon and purge ANY print jobs. Open taskmanager whenever you feel the issue is occuring and see if their is one process using very high CPU Usage and if so..let me know which one Descibe when the issue appears... Slow boot up? Slow loading web pages?...ect I need to see what hardware/software is in your system. Click start....run...type in msinfo32. Once that loads..click...file export and save the txt (name it whatever). Attach that file to your next post. (Should be 300+KB) in size...so you'll need to attach it as well. Download GetServices http://www.bleepingcomputer.com/file...etservices.zip Unzip to a folder and run the getservices.bat file. Once complete..post that log that was created.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
07-07-2005, 11:38 AM
|
#11 (permalink) |
|
General Manager (Administrator)
|
Hi Dave
My problem is slow loading web pages. I've attached a report by Everest for you to muddle thru.................67 pages in all but it contains every conceivable part of my system. I will attach the getservice log in the next post. I will run a Panda scan just before I log off later on.
__________________
Know where you're going in life. You may already be there
Last edited by Horse; 05-12-2009 at 01:17 PM. |
|
|
|
| Thread Tools | |
|
|
