can you check my log please?

[Caralin]

hi, i think my PC is clean however i did click on a clicker trojan eariler today and my AV renamed it and i deleted it. it's just been about 6 months since i checked with HJT.

i have checked the 15s and they are OK, but i don't know what *.punk .ru is. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 05:37:05, on 27/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\4476822\program\fsbwsys.exe
C:\Program Files\Anti-Virus\FSGK32.EXE
C:\Program Files\Common\FSMA32.EXE
C:\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Common\FSMB32.EXE
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common\FCH32.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common\FAMEH32.EXE
C:\Program Files\FWES\Program\fsdfwd.exe
C:\Program Files\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Common\FSM32.EXE
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\FSGUI\fsguiexe.exe
C:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\Program Files\F-Secure Anti-Virus\4476822\Program\fspex.exe
C:\Program Files\BinarySense\HDDlife\HDDlife.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Defraggers\Buzzsaw.exe
C:\Program Files\ID-Blaster Plus\idblasterplus.exe
C:\Standalones\MJRegWatcher\RegWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Proxomitron\Proxomitron.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\JGsoft\EditPadLite\EditPad.exe
C:\Fixes & Tests\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080;https=127.0.0.1:8080
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -CC
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Tray Pilot Lite] "C:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe"
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlife.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Shortcut to Buzzsaw.exe.lnk = C:\Defraggers\Buzzsaw.exe
O4 - Startup: Shortcut to idblasterplus.exe.lnk = C:\Program Files\ID-Blaster Plus\idblasterplus.exe
O4 - Startup: Shortcut to RegWatcher.exe.lnk = C:\Standalones\MJRegWatcher\RegWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Watcher logon time.lnk = C:\Program Files\watcher\watcher.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\openselectedurl.htm
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google.htm
O8 - Extra context menu item: Search Current News - file://\program files\powershell-xp3\search5.htm
O8 - Extra context menu item: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp3\search3.htm
O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp3\search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O15 - Trusted Zone: http://www.artistdirect.com (HKLM)
O15 - Trusted Zone: http://www.bruitdimage.com (HKLM)
O15 - Trusted Zone: http://www.ce-infosys.com.sg (HKLM)
O15 - Trusted Zone: http://www.deathclock.com (HKLM)
O15 - Trusted Zone: http://support.f-secure.com (HKLM)
O15 - Trusted Zone: http://www.google.co.uk (HKLM)
O15 - Trusted Zone: http://www.gvhsoftware.org (HKLM)
O15 - Trusted Zone: http://www.homecomputermagazine.com (HKLM)
O15 - Trusted Zone: http://www.kaspersky.com (HKLM)
O15 - Trusted Zone: http://www.last.fm (HKLM)
O15 - Trusted Zone: http://amdwallpapers.lunarpages.com (HKLM)
O15 - Trusted Zone: http://www.majorgeeks.com (HKLM)
O15 - Trusted Zone: http://us.mcafee.com (HKLM)
O15 - Trusted Zone: http://movies.msn.com (HKLM)
O15 - Trusted Zone: http://www.mwti.net (HKLM)
O15 - Trusted Zone: http://safari.oreilly.com (HKLM)
O15 - Trusted Zone: http://www.podcast.net (HKLM)
O15 - Trusted Zone: http://minnesota.publicradio.org (HKLM)
O15 - Trusted Zone: http://*.punk.ru (HKLM)
O15 - Trusted Zone: http://www.scenestars.net (HKLM)
O15 - Trusted Zone: http://search.singingfish.com (HKLM)
O15 - Trusted Zone: http://www.sonymusiceurope.com (HKLM)
O15 - Trusted Zone: http://prdownloads.sourceforge.net (HKLM)
O15 - Trusted Zone: http://security.symantec.com (HKLM)
O15 - Trusted Zone: http://*.talksport.co.uk (HKLM)
O15 - Trusted Zone: http://www.talksport.net (HKLM)
O15 - Trusted Zone: http://www.theconnection.org (HKLM)
O15 - Trusted Zone: http://housecall.trendmicro.com (HKLM)
O15 - Trusted Zone: http://www.uponone.com (HKLM)
O15 - Trusted Zone: http://www.virginradio.co.uk (HKLM)
O15 - Trusted Zone: http://www.wilderssecurity.com (HKLM)
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - Trusted Zone: http://download.zonelabs.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119569225599
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Common\FSMA32.EXE
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Port Reporter (PortReporter) - Unknown owner - C:\Program Files\PortReporter\portreporter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Omerr]

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

[Caralin]

hi, Omerr :) there's a chance the log is clean. i am familiar with my HJT logs and to me it looks clean. i just need a second opinion because in the past i have thought i had a clean log and then noticed after awhile that it wasn't. so if it's easier for you to ask me something about the log, then to look it up, please ask :) thank you.

[MicroBell]

Did you put those websites listed in the 015 entry in your "Trusted Zone"??

[Caralin]

hi, MicroBell. yes i did put them there. they are either activex control sites or moments of madness - sites that didn't work properly in FF or Opera, i wanted them to work so i put them in the trusted zone.

[Omerr]

Hello and welcome to TSF.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.Please do NOT change any of those settings until we finish the fixing process.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. Do NOT run it yet.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -


Please remember to close all other windows, including browsers then click Fix checked.

Next run a full scan in Ewido. Post the log from the Ewido scan here.

Reboot your system in Normal Mode.

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make. It can be enabled when your clean.

• Open Microsoft AntiSpyware.
• Click on Tools, Settings.
• In the left pane, click on Real-time Protection.
• Under Startup Options uncheck Enable the Microsoft AntiSpyware Security
• Agents on startup (recommended).
• Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
• After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
• Right click on the Microsoft AntiSpyware icon on the taskbar and select
• Shutdown Microsoft AntiSpyware

Please use Panda ActiveScan at <http://www.pandasoftware.com/products/activescan>. Give us the scan’s log.

Please scan again with HijackThis to get a new log.
Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Now give us a new HijackThis Analyzer log, along with Panda ActiveScan’s log & Ewido's log, so we can make sure your system is clean.

[Caralin]

hi, here is the ewido log you asked for, i ignored what it found as i installed these things and they are safe...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 18:41:46, 29/08/2005
+ Report-Checksum: 8E991E7B

+ Scan result:

C:\Documents and Settings\My Documents\Downlaods\john-16w.zip/john-16/run/john.exe -> Not-A-Virus.HackTool.John : Ignored
C:\Documents and Settings\My Documents\Downlaods\john-16w.zip/john-16/run/john-k6.zip/john.exe -> Not-A-Virus.HackTool.John : Ignored
C:\Documents and Settings\My Documents\Downlaods\john-16w.zip/john-16/run/john-mmx.zip/john.exe -> Not-A-Virus.HackTool.John : Ignored
C:\Fixes & Tests\TrojanSimulator.zip/TrojanSimulator.exe -> Not-A-Virus.TrojanSimulator : Ignored
C:\Fixes & Tests\TrojanSimulator.zip/TSServ.exe -> Not-A-Virus.TrojanSimulator : Ignored


::Report End

i put pandasoftware in my trusted zone and got as far as picking where to scan (local drives) then nothing happened. i scanned with my on demand AV instead, it was clean.

here is the HJT report you asked for :)

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 19:17:39, on 29/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\4476822\program\fsbwsys.exe
C:\Program Files\Anti-Virus\FSGK32.EXE
C:\Program Files\Common\FSMA32.EXE
C:\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\Common\FSMB32.EXE
C:\Program Files\Common\FCH32.EXE
C:\Program Files\Common\FAMEH32.EXE
C:\Program Files\FWES\Program\fsdfwd.exe
C:\Program Files\Anti-Virus\fsav32.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Common\FSM32.EXE
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\FSGUI\fsguiexe.exe
C:\Program Files\F-Secure Anti-Virus\4476822\Program\fspex.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe
C:\Program Files\BinarySense\HDDlife\HDDlife.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Defraggers\Buzzsaw.exe
C:\Program Files\ID-Blaster Plus\idblasterplus.exe
C:\Standalones\MJRegWatcher\RegWatcher.exe
C:\Program Files\JGsoft\EditPadLite\EditPad.exe
C:\Proxomitron\Proxomitron.exe
C:\Documents and Settings\iceni\Desktop\HJT Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080;https=127.0.0.1:8080
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -CC
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Tray Pilot Lite] "C:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe"
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlife.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Shortcut to Buzzsaw.exe.lnk = C:\Defraggers\Buzzsaw.exe
O4 - Startup: Shortcut to idblasterplus.exe.lnk = C:\Program Files\ID-Blaster Plus\idblasterplus.exe
O4 - Startup: Shortcut to RegWatcher.exe.lnk = C:\Standalones\MJRegWatcher\RegWatcher.exe
O4 - Startup: Watcher logon time.lnk = C:\Program Files\watcher\watcher.exe
O8 - Extra context menu item: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\openselectedurl.htm
O8 - Extra context menu item: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google.htm
O8 - Extra context menu item: Search Current News - file://\program files\powershell-xp3\search5.htm
O8 - Extra context menu item: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp3\search3.htm
O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp3\search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O15 - Trusted Zone: http://www.artistdirect.com (HKLM)
O15 - Trusted Zone: http://www.bruitdimage.com (HKLM)
O15 - Trusted Zone: http://www.ce-infosys.com.sg (HKLM)
O15 - Trusted Zone: http://www.deathclock.com (HKLM)
O15 - Trusted Zone: http://support.f-secure.com (HKLM)
O15 - Trusted Zone: http://www.google.co.uk (HKLM)
O15 - Trusted Zone: http://www.gvhsoftware.org (HKLM)
O15 - Trusted Zone: http://www.homecomputermagazine.com (HKLM)
O15 - Trusted Zone: http://www.kaspersky.com (HKLM)
O15 - Trusted Zone: http://www.last.fm (HKLM)
O15 - Trusted Zone: http://amdwallpapers.lunarpages.com (HKLM)
O15 - Trusted Zone: http://www.majorgeeks.com (HKLM)
O15 - Trusted Zone: http://us.mcafee.com (HKLM)
O15 - Trusted Zone: http://movies.msn.com (HKLM)
O15 - Trusted Zone: http://www.mwti.net (HKLM)
O15 - Trusted Zone: http://safari.oreilly.com (HKLM)
O15 - Trusted Zone: http://www.pandasoftware.com (HKLM)
O15 - Trusted Zone: http://www.podcast.net (HKLM)
O15 - Trusted Zone: http://minnesota.publicradio.org (HKLM)
O15 - Trusted Zone: http://*.punk.ru (HKLM)
O15 - Trusted Zone: http://www.scenestars.net (HKLM)
O15 - Trusted Zone: http://search.singingfish.com (HKLM)
O15 - Trusted Zone: http://www.sonymusiceurope.com (HKLM)
O15 - Trusted Zone: http://prdownloads.sourceforge.net (HKLM)
O15 - Trusted Zone: http://security.symantec.com (HKLM)
O15 - Trusted Zone: http://*.talksport.co.uk (HKLM)
O15 - Trusted Zone: http://www.talksport.net (HKLM)
O15 - Trusted Zone: http://www.theconnection.org (HKLM)
O15 - Trusted Zone: http://housecall.trendmicro.com (HKLM)
O15 - Trusted Zone: http://housecall60.trendmicro.com (HKLM)
O15 - Trusted Zone: http://www.uponone.com (HKLM)
O15 - Trusted Zone: http://www.virginradio.co.uk (HKLM)
O15 - Trusted Zone: http://www.wilderssecurity.com (HKLM)
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - Trusted Zone: http://download.zonelabs.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119569225599
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Common\FSMA32.EXE
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Port Reporter (PortReporter) - Unknown owner - C:\Program Files\PortReporter\portreporter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


End of KRC HijackThis Analyzer Log.
====================================================================

i'm going to remove this below vvv, thank you for your help

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab

[MicroBell]

Has you issues been resolved? I see nothing bad in the log.

[Caralin]

hi, MicroBell. everything appears to be fine. thank you very much for your help. :)