Tech Support banner
Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
hi,
i dont know whats wrong with my comp, but it keeps shutting down by itself when i am in normal mode. but its fine in the safe mode. dont know whats causing this. here is my hijackthis log. also i tried reformatting my computer. but everytime when i am in the window setup, it jumps back out to another blue page saying that my harddrive might have a virus/might be corrupted. also it saids "Stop: 0x0000007B (0xF7A2963C, 0xc0000034, 0x00000000, 0x00000000)" :4-dontkno



Logfile of HijackThis v1.99.1
Scan saved at 9:58:19 PM, on 15/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\WINDOWS\system32\IESHEL~1.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ʵÓÃËÑË÷ - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ʵÓÃËÑË÷¹¤¾ßÌõ2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RavUptepys] C:\DOCUME~1\OWNER\LOCALS~1\Temp\QQshow.exe
O4 - HKLM\..\Run: [g9d5tcu31rj] C:\WINDOWS\alga.exe
O4 - HKLM\..\Run: [1gg] C:\WINDOWS\iexpl0re.exe
O4 - HKLM\..\Run: [icugelkukqcv] C:\WINDOWS\winlog0n.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [IEBarUp] RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\NTService32.dll" ,Run
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SyrxMy] C:\WINDOWS\system32\iexp1ore.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7c0e94151d7847099abd2af471a07aff
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7c0e94151d7847099abd2af471a07aff
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows NT Service32 - Unknown owner - C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Start (file missing)
 

·
Registered
Joined
·
2,335 Posts
Hello 6leafdom, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.



IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.


----------------------------------------

You have a very nasty Chinese Spyware infection which we are going to attempt to clean.


----------------------------------------

DOWNLOADS


ComboFix


1. Download this file - You MUST save it to your desktop

COMBOFIX

----------------------------------------

SAFE MODE RE-BOOT

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

----------------------------------------

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

----------------------------------------

SYSTEM RE-BOOT

Reboot into Normal Mode.

----------------------------------------

After running ComboFix, please download and run this program:

SRENG

It will produce a log. Please post that log

----------------------------------------

FOLLOW-UP

Please return and post these items in the order listed:

c:combofix.txt
SRENG log
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #3 ·
hi, first of all thanks for helping...but i have some problem

After the combofix finish running in the safe mode, computer restarts. but as soon as i am in the normal mode and the combofix is running, my computer shuts down all of a sudden. this also happen to me before i receive help from you. i tried it a couple of times but same thing happens. so i run the got the log for combofix and SREng in *SAFE MODE* instead of normal.


(combofix log)

"OWNER" - 07-01-16 23:33:02 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\OWNER"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\2.exe
C:\WINDOWS\system32\4.exe
C:\WINDOWS\system32\eeeeee.ini
C:\WINDOWS\system32\eeeeee1.ini
C:\WINDOWS\system32\01.exe
C:\WINDOWS\system32\03.exe
C:\WINDOWS\system32\05.exe
C:\WINDOWS\system32\06.exe
C:\WINDOWS\system32\08.exe
C:\WINDOWS\system32\2.exe
C:\WINDOWS\system32\4.exe
C:\WINDOWS\system32\gosiv.dll
C:\WINDOWS\system32\wbem\ewseb.dll
C:\WINDOWS\system32\drivers\cjhdhdbc.sys
C:\Documents and Settings\All Users\Templates\temp.exe
C:\Program Files\Common Files\System\Updaterun.exe
C:\WINDOWS\system32\advport.dll
C:\WINDOWS\system32\cdnprot.dat
C:\WINDOWS\system32\drivers\cdnprot.sys
C:\WINDOWS\system32\drivers\msprotect.sys
C:\WINDOWS\system32\IeBar1.dll
C:\WINDOWS\system32\IEShell32.dll
C:\WINDOWS\system32\rundllfromwin2000.exe
C:\WINDOWS\system32\Score.txt
C:\WINDOWS\system32\twunk32.exe
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\system32\xpdhcp.dll
C:\WINDOWS\IEXPL0RE.exe
C:\WINDOWS\toolsp.exe
C:\WINDOWS\alga.exe
C:\Program Files\CNNIC
C:\Program Files\DeskAdTop
C:\Program Files\superutilbar
C:\WINDOWS\TEMP\Cache
C:\WINDOWS\system32\CharSet.dll
C:\WINDOWS\system32\CreateDomTree.dll
C:\WINDOWS\system32\NTService32.dll
C:\WINDOWS\system32\WebPageParser.dll
C:\WINDOWS\Downloaded Program Files\902595


((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\2.exe
C:\WINDOWS\system32\4.exe
C:\WINDOWS\system32\eeeeee.ini
C:\WINDOWS\system32\eeeeee1.ini
C:\WINDOWS\system32\01.exe
C:\WINDOWS\system32\03.exe
C:\WINDOWS\system32\05.exe
C:\WINDOWS\system32\06.exe
C:\WINDOWS\system32\08.exe
C:\WINDOWS\system32\2.exe
C:\WINDOWS\system32\4.exe
C:\WINDOWS\system32\gosiv.dll
C:\WINDOWS\system32\wbem\ewseb.dll
C:\WINDOWS\system32\drivers\cjhdhdbc.sys
C:\Documents and Settings\All Users\Templates\temp.exe
C:\Program Files\Common Files\System\Updaterun.exe
C:\WINDOWS\system32\advport.dll
C:\WINDOWS\system32\cdnprot.dat
C:\WINDOWS\system32\drivers\cdnprot.sys
C:\WINDOWS\system32\drivers\msprotect.sys
C:\WINDOWS\system32\IeBar1.dll
C:\WINDOWS\system32\IEShell32.dll
C:\WINDOWS\system32\rundllfromwin2000.exe
C:\WINDOWS\system32\Score.txt
C:\WINDOWS\system32\twunk32.exe
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\system32\xpdhcp.dll
C:\WINDOWS\IEXPL0RE.exe
C:\WINDOWS\toolsp.exe
C:\WINDOWS\alga.exe
C:\Program Files\CNNIC
C:\Program Files\DeskAdTop
C:\Program Files\superutilbar
C:\WINDOWS\TEMP\Cache
C:\WINDOWS\system32\CharSet.dll
C:\WINDOWS\system32\CreateDomTree.dll
C:\WINDOWS\system32\NTService32.dll
C:\WINDOWS\system32\WebPageParser.dll
C:\WINDOWS\Downloaded Program Files\902595
C:\WINDOWS\system32\CharSet.dll
C:\WINDOWS\system32\CreateDomTree.dll
C:\WINDOWS\system32\NTService32.dll
C:\WINDOWS\system32\WebPageParser.dll
C:\WINDOWS\Downloaded Program Files\902595


((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))


2007-01-16 23:39 <DIR> d-------- C:\7d536094dcedf1e91091d7b0af91
2007-01-16 23:34 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-13 21:44 <DIR> d-------- C:\DOCUME~1\OWNER\WINDOWS
2007-01-13 17:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Google
2007-01-13 17:41 <DIR> d-------- C:\DOCUME~1\OWNER\Application Data\Adobe
2007-01-13 16:56 <DIR> d-------- C:\Program Files\HJT
2007-01-13 16:55 218,112 --a------ C:\Program Files\HijackThis.exe
2007-01-13 16:27 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-01-13 16:27 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-01-13 16:27 <DIR> d-------- C:\Program Files\Trojan Remover
2007-01-13 16:27 <DIR> d-------- C:\DOCUME~1\OWNER\Application Data\Simply Super Software
2007-01-13 16:21 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-01-13 16:21 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-01-13 16:21 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-01-13 16:21 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-01-13 16:21 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-13 16:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-01-13 16:20 <DIR> d-------- C:\DOCUME~1\OWNER\Application Data\PC Tools
2007-01-13 15:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-13 15:56 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-13 15:25 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-12 21:32 <DIR> d--hs---- C:\WINDOWS\CSC
2007-01-12 16:25 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-30 17:47 <DIR> d-------- C:\DOCUME~1\OWNER\Application Data\Help
2006-12-26 09:14 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-26 09:14 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-26 09:14 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-26 09:14 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-24 17:31 <DIR> d-------- C:\Program Files\Total War
2006-12-23 20:20 <DIR> d-------- C:\Program Files\Common Files\DirectX
2006-12-23 20:11 <DIR> d-------- C:\Program Files\EA GAMES
2006-12-23 20:08 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-23 20:08 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-23 20:08 <DIR> d-------- C:\Program Files\DivX
2006-12-23 20:08 <DIR> d-------- C:\DOCUME~1\OWNER\Application Data\DivX
2006-12-23 19:22 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-12-23 19:22 126,976 --a------ C:\WINDOWS\War3Unin.exe
2006-12-23 19:19 <DIR> d-------- C:\Program Files\Warcraft III
2006-12-22 17:50 <DIR> d-------- C:\Program Files\BitComet
2006-12-22 17:50 <DIR> d-------- C:\Downloads
2006-12-22 16:56 <DIR> d-------- C:\Program Files\Install Creator Pro
2006-12-22 16:53 <DIR> d-------- C:\Program Files\Microsoft Games
2006-12-19 17:09 276,792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2006-12-19 17:09 276,792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2006-12-19 17:09 25,400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2006-12-19 17:09 25,400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2006-12-19 17:09 247,096 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2006-12-19 17:09 247,096 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2006-12-19 16:47 <DIR> d-------- C:\DOCUME~1\OWNER\Application Data\MSN6
2006-12-19 16:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\MSN6
2006-12-18 21:39 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-12-18 21:39 <DIR> d-------- C:\Program Files\PlayPianoTODAY


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-16 23:32 -------- d-------- C:\Documents and Settings\OWNER\Application Data\free download manager
2007-01-15 21:46 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-13 17:41 -------- d-------- C:\Documents and Settings\OWNER\Application Data\adobe
2007-01-13 16:27 -------- d-------- C:\Documents and Settings\OWNER\Application Data\simply super software
2007-01-13 16:20 -------- d-------- C:\Documents and Settings\OWNER\Application Data\pc tools
2007-01-13 16:02 -------- d-------- C:\Documents and Settings\OWNER\Application Data\avg7
2007-01-01 15:11 -------- d---s---- C:\Documents and Settings\OWNER\Application Data\microsoft
2006-12-30 17:50 -------- d-------- C:\Documents and Settings\OWNER\Application Data\divx
2006-12-30 17:47 -------- d-------- C:\Documents and Settings\OWNER\Application Data\help
2006-12-26 09:14 -------- d-------- C:\Program Files\picasa2
2006-12-26 09:14 -------- d-------- C:\Program Files\google
2006-12-22 17:50 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2006-12-19 16:48 -------- d-------- C:\Documents and Settings\OWNER\Application Data\msn6
2006-12-15 17:27 -------- d-------- C:\Program Files\free download manager
2006-12-15 17:14 -------- d-------- C:\Program Files\guitar pro 5
2006-12-12 08:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-12 08:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 08:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 08:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 08:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 08:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 08:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 08:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 08:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-12 08:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-12 08:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 08:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-12 08:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 08:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 08:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 08:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 08:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 08:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-11 21:05 -------- d-------- C:\Documents and Settings\OWNER\Application Data\microsoft web folders
2006-12-11 21:04 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-11 17:22 -------- d-------- C:\Program Files\mozilla firefox
2006-12-11 17:22 -------- d-------- C:\Documents and Settings\OWNER\Application Data\mozilla
2006-12-10 19:01 48768 --a------ C:\WINDOWS\system32\s32evnt1.dll
2006-12-10 19:01 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-10 19:01 -------- d-------- C:\Program Files\symantec
2006-12-10 18:17 -------- d-------- C:\Program Files\norton internet security
2006-12-10 17:26 -------- d--h----- C:\Program Files\installshield installation information
2006-12-10 17:26 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-10 17:26 -------- d-------- C:\Program Files\brother
2006-12-10 17:23 -------- d-------- C:\Program Files\scansoft
2006-12-10 17:23 -------- d-------- C:\Program Files\Common Files\scansoft shared
2006-12-10 14:38 -------- d-------- C:\Documents and Settings\OWNER\Application Data\macromedia
2006-12-09 20:26 -------- d-------- C:\Program Files\directx
2006-12-09 20:25 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-09 20:24 -------- d-------- C:\Program Files\yahoo!
2006-12-09 20:24 -------- d-------- C:\Program Files\windows media components
2006-12-09 20:24 -------- d-------- C:\Program Files\logitech
2006-12-09 20:24 -------- d-------- C:\Program Files\Common Files\fotowire
2006-12-09 20:24 -------- d-------- C:\Documents and Settings\OWNER\Application Data\fotowire
2006-12-09 20:23 81920 -r------- C:\WINDOWS\bwunin-6.1.4.36-8876480l.exe
2006-12-09 20:20 27924 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-12-09 20:18 -------- d-------- C:\Program Files\musicmatch
2006-12-09 20:17 90112 -r------- C:\WINDOWS\bwunin-6.1.0.155-8876480l.exe
2006-12-09 20:17 -------- d-------- C:\Program Files\desktop messenger
2006-12-09 19:47 -------- d-------- C:\Program Files\messengerplus! 3
2006-12-09 19:41 -------- d-------- C:\Program Files\njstar communicator
2006-12-09 19:41 -------- d-------- C:\Documents and Settings\OWNER\Application Data\njstar
2006-12-09 19:29 -------- d-------- C:\Program Files\itunes
2006-12-09 19:29 -------- d-------- C:\Program Files\ipod
2006-12-09 19:29 -------- d-------- C:\Program Files\apple software update
2006-12-09 19:26 -------- d-------- C:\Program Files\ephpod
2006-12-09 18:53 -------- d-------- C:\Documents and Settings\OWNER\Application Data\google
2006-12-09 18:40 -------- d-------- C:\Program Files\quicktime
2006-12-09 18:40 -------- d-------- C:\Documents and Settings\OWNER\Application Data\apple computer
2006-12-09 18:12 -------- d-------- C:\Documents and Settings\OWNER\Application Data\real
2006-12-09 18:11 -------- d-------- C:\Program Files\real
2006-12-09 18:11 -------- d-------- C:\Program Files\Common Files\xing shared
2006-12-09 18:11 -------- d-------- C:\Program Files\Common Files\real
2006-12-09 18:09 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-09 18:02 -------- d-------- C:\Program Files\lavasoft
2006-12-09 17:57 159734 --a------ C:\WINDOWS\google pack screensaver uninstaller.exe
2006-12-09 17:52 -------- d-------- C:\Program Files\windows live toolbar
2006-12-09 17:51 -------- d-------- C:\Program Files\msn messenger
2006-12-09 16:00 -------- d-------- C:\Program Files\Common Files\nero
2006-12-09 15:59 -------- d-------- C:\Program Files\ahead
2006-12-09 15:58 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-09 15:56 -------- d-------- C:\Program Files\cyberlink
2006-12-09 15:29 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-09 15:29 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-12-09 15:29 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-09 15:29 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-09 15:29 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-12-09 15:29 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-09 15:29 18240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-09 15:29 -------- d-------- C:\Program Files\grisoft
2006-12-09 14:39 -------- d-------- C:\Program Files\intel
2006-12-09 14:36 294912 --a------ C:\WINDOWS\hidewin.exe
2006-12-09 14:35 -------- d-------- C:\Program Files\realtek
2006-12-09 14:26 -------- d-------- C:\Documents and Settings\OWNER\Application Data\identities
2006-12-09 14:20 0 -rahs---- C:\MSDOS.SYS
2006-12-09 14:20 0 -rahs---- C:\IO.SYS
2006-12-09 14:20 0 --a------ C:\CONFIG.SYS
2006-12-09 14:20 0 --a------ C:\AUTOEXEC.BAT
2006-12-09 14:19 -------- d--h----- C:\Program Files\windowsupdate
2006-12-09 14:18 -------- d-------- C:\Program Files\movie maker
2006-12-09 14:18 -------- d-------- C:\Program Files\Common Files\mssoap
2006-12-09 14:17 -------- d-------- C:\Program Files\windows nt
2006-12-09 14:17 -------- d-------- C:\Program Files\online services
2006-12-09 14:17 -------- d-------- C:\Program Files\msn gaming zone
2006-12-09 14:17 -------- d-------- C:\Program Files\messenger
2006-12-09 06:06 -------- d-------- C:\Program Files\Common Files\speechengines
2006-12-09 06:06 -------- d-------- C:\Program Files\Common Files\odbc
2006-12-09 06:05 62 --ahs---- C:\Documents and Settings\OWNER\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
"LDM"="C:\\Program Files\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"SyrxMy"="C:\\WINDOWS\\system32\\iexp1ore.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"MMTray"="C:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mm_tray.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVCOMS.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"g9d5tcu31rj"="C:\\WINDOWS\\alga.exe"
"1gg"="C:\\WINDOWS\\iexpl0re.exe"
"icugelkukqcv"="C:\\WINDOWS\\winlog0n.exe"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}"=""
"{85AB7248-BC6D-44D3-BEC3-39858DC3CA88}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - OWNER.job

Completion time: 07-01-16 23:49:54


SREng Log

Code:
2007-01-16,23:53:58

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe>  [(Verified)Google Inc.]
    <LDM><C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe>  [N/A]
    <MessengerPlus3><"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart>  [(Verified)Patchou]
    <Free Download Manager><C:\Program Files\Free Download Manager\fdm.exe -autorun>  [N/A]
    <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
    <SyrxMy><C:\WINDOWS\system32\iexp1ore.exe>  [N/A]
    <Spyware Doctor><"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q>  [(Verified)PC Tools Research Pty Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <AlcWzrd><ALCWZRD.EXE>  [(Verified)RealTek Semicoductor Corp.]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <AVG7_CC><C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP>  [GRISOFT, s.r.o.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  [Google]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)RealNetworks, Inc.]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Computer, Inc.]
    <MessengerPlus3><"C:\Program Files\MessengerPlus! 3\MsgPlus.exe">  [(Verified)Patchou]
    <zBrowser Launcher><C:\Program Files\Logitech\iTouch\iTouch.exe>  [Logitech Inc.                    ]
    <EM_EXEC><C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE>  [Logitech Inc.                    ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL>  [Google]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
    <{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win>  [N/A]
    <{85AB7248-BC6D-44D3-BEC3-39858DC3CA88}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\MySysInfo.wmp>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Google Updater]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk --> C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [Google]><N>
[Logitech Desktop Messenger]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
Services
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler][Stopped/Auto Start]
  <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
[AVG7 Alert Manager Server / Avg7Alrt][Stopped/Auto Start]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Stopped/Auto Start]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[BrSplService / Brother XP spl Service][Stopped/Auto Start]
  <C:\WINDOWS\system32\brsvc01a.exe><brother Industries Ltd>
[Symantec Event Manager / ccEvtMgr][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Symantec Lic NetConnect service / CLTNetCnService][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[COM Host / comHost][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"><Symantec Corporation>
[GoogleDesktopManager / GoogleDesktopManager][Stopped/Manual Start]
  <"C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe"><Google>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod Service / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Symantec IS Password Validation / ISPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Norton Internet Security\isPwdSvc.exe"><Symantec Corporation>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[PC Tools Spyware Doctor / SDhelper][Stopped/Auto Start]
  <C:\Program Files\Spyware Doctor\sdhelp.exe><PC Tools Research Pty Ltd>
[Symantec Core LC / Symantec Core LC][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><Symantec Corporation>
[Symantec AppCore Service / SymAppCore][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"><Symantec Corporation>

==================================
Drivers
[AVG7 Kernel / Avg7Core][Stopped/System Start]
  <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Stopped/System Start]
  <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Stopped/System Start]
  <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG7 Clean Driver / AvgClean][Running/System Start]
  <\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[edcfbebd / edcfbebd][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\edcfbebd.sys><N/A>
[Symantec Eraser Control driver / eeCtrl][Stopped/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ibdegbid / ibdegbid][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ibdegbid.sys><N/A>
[File Security Kernel Anti-Spyware Driver / ikhfile][Stopped/System Start]
  <system32\drivers\ikhfile.sys><PCTools Research Pty Ltd.>
[Kernel Anti-Spyware Driver / ikhlayer][Stopped/System Start]
  <system32\drivers\ikhlayer.sys><PCTools Research Pty Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[iTouch Keyboard Filter / itchfltr][Running/Manual Start]
  <system32\DRIVERS\itchfltr.sys><Logitech Inc.>
[ITEATAPI_Service_Install / iteatapi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iteatapi.sys><Integrated Technology Express, Inc.>
[Logitech PS/2 Mouse Filter Driver / l8042pr2][Running/Manual Start]
  <system32\DRIVERS\L8042Pr2.sys><Logitech>
[Logitech Keyboard Class Filter Driver / LKbdFlt2][Running/Manual Start]
  <system32\DRIVERS\LKbdFlt2.sys><Logitech>
[Logitech Mouse Class Filter Driver / LMouFlt2][Running/Manual Start]
  <system32\DRIVERS\LMouFlt2.sys><Logitech>
[NAVENG / NAVENG][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070112.052\NAVENG.SYS><Symantec Corporation>
[NAVEX15 / NAVEX15][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070112.052\NAVEX15.SYS><Symantec Corporation>
[Logitech QuickCam Pro 3000(PID_08B0) / PhilCam8116][Stopped/Manual Start]
  <system32\DRIVERS\CamDrL21.sys><Philips Semiconductors>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SPBBCDrv / SPBBCDrv][Stopped/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SRTSP / SRTSP][Stopped/Manual Start]
  <System32\Drivers\SRTSP.SYS><Symantec Corporation>
[SRTSPL / SRTSPL][Stopped/Manual Start]
  <System32\Drivers\SRTSPL.SYS><Symantec Corporation>
[SRTSPX / SRTSPX][Stopped/System Start]
  <System32\Drivers\SRTSPX.SYS><Symantec Corporation>
[SYMDNS / SYMDNS][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070112.005\SymIDSCo.sys><Symantec Corporation>
[SYMNDIS / SYMNDIS][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Stopped/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll, Symantec Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet>
[PCTools Site Guard]
  {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} <C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll, PC Tools>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[PCTools Browser Monitor]
  {B56A7D7D-6927-48C8-A975-17DF180C71AC} <C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[FDMIECookiesBHO Class]
  {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <C:\Program Files\Free Download Manager\iefdmcks.dll, N/A>
[PCTools Browser Monitor]
  {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} <C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Show Norton Toolbar]
  {90222687-F593-4738-B738-FBEE9C7B26DF} <C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll, Symantec Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll, Symantec Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PCTools Site Guard]
  {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} <C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll, PC Tools>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Google Updater Class]
  {77980A0F-9360-442F-9942-74FE3DC13BC8} <C:\Program Files\Google\Google Updater\1.4.697.28342\ci.dll, Google>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Show Norton Toolbar]
  {90222687-F593-4738-B738-FBEE9C7B26DF} <C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll, Symantec Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PCTools Browser Monitor]
  {B56A7D7D-6927-48C8-A975-17DF180C71AC} <C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll, PC Tools>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[FDMIECookiesBHO Class]
  {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <C:\Program Files\Free Download Manager\iefdmcks.dll, N/A>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WAX Moniker Class]
  {CD3AFA83-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[OfficeObj Class]
  {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[&D&ownload &with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&D&ownload all video with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&D&ownload all with BitComet]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&Windows Live Search]
  <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Download all with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dlall.htm, N/A>
[Download selected with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dlselected.htm, N/A>
[Download with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dllink.htm, N/A>
[Open in new background tab]
  <res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?7c0e94151d7847099abd2af471a07aff, N/A>
[Open in new foreground tab]
  <res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?7c0e94151d7847099abd2af471a07aff, N/A>

==================================
Running Processes
[PID: 508][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1476][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MySysInfo.wmp]  [N/A, N/A]
[PID: 756][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MySysInfo.wmp]  [N/A, N/A]
[PID: 1364][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 256][C:\PROGRA~1\FREEDO~1\fdm.exe]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MySysInfo.wmp]  [N/A, N/A]
    [C:\Program Files\Free Download Manager\iefdmcks.dll]  [N/A, N/A]
[PID: 408][C:\DOCUME~1\OWNER\LOCALS~1\Temp\Rar$EX00.953\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MySysInfo.wmp]  [N/A, N/A]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
API HOOK
N/A

==================================
 

·
Registered
Joined
·
2,335 Posts
I intended Combofix to be run in Safe Mode, but it appears you did not save and run it from your desktop. Would you either move it to your desktop or d/l another copy and save it to desktop, run it again and post a new log.

Also, please do not post logs in code. It's very hard to read.
 

·
Registered
Joined
·
2,335 Posts
Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.



IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

We're doing good. On to Round #2.


----------------------------------------

Please submit these files for examination, one at a time:

Click on this link: Malware Submission

Please repeat the above steps for this file: C:\Program Files\Common Files\Microsoft Shared\MSINFO\MySysInfo.wmp

----------------------------------------

REGISTRY FIX

Download the attached leaf.zip file at the bottom of this post to your desktop. Double click on the zip folder,
then double click on the .reg file within.
Click yes to allow it to merge into your registry.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 – TEMP FILE CLEANING


Please download Cleanup! and install it. You will use this later.

Alternative link Cleanup Alt


*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.



AVG Anti-Spyware 7.5



Please download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"





  1. Install AVG Anti-Spyware 7.5.
  2. Double-click the icon on Desktop to launch AVG A-S 7.5
  3. On the top of the main screen click Shield
  4. Click the word active to change it to inactive
  5. On the top of the main screen click Update.
  6. Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  7. I also recommend changing the "Update interval" to something more reasonable like 12 hours.



KILLBOX


Download KillBox (it's important that you get version v2.0.0.175)
Do not run it yet.

----------------------------------------


SAFE MODE RE-BOOT

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

----------------------------------------

FIXES AND DELETIONS


UNHIDE HIDDEN FILES

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

----------------------------------------

KILLBOX


Launch KillBox.exe & select the following options:




  • Delete on Reboot
  • All files (if available)
Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:


C:\Program Files\Internet Explorer\IEXPLORE.win
C:\Program Files\Common Files\Microsoft Shared\MSINFO\MySysInfo.wmp
C:\WINDOWS\iun6002.exe
C:\WINDOWS\bwunin-6.1.4.36-8876480l.exe
C:\WINDOWS\bwunin-6.1.0.155-8876480l.exe




In Killbox, go to the File menu, and choose Paste from Clipboard
*Click on the dropdown menu next to Full Path of File to Delete field.
*Verify that the filenames you pasted are found there.

Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File


Click the RED X button.

Click Yes at the 'Delete on Reboot' prompt. Click NO at the Pending Operations prompt. (Do not allow reboot)

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid."
when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

----------------------------------------

RUNNING SCANNERS


Cleanup

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
  • Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program and DO NOT reboot when prompted.


AVG Anti-Spyware 7.5

  • Run AVG A-s with it's updated definitions: (...it's important that all windows must be closed)
    This scan can take quite a while to run, so be prepared.
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.



  • When the scan is complete click Recommended Action and change it to Quarantine (1),
  • If not click Recommended Action and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)

When done, click the Save Scan Report button. (4) then click Save Report As and save it to your desktop.

IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.



Note: DO NOT USE the computer while AVG A/S is scanning. If Explorer or the Control Panel are opened some malware types will
reinfect your system or will not be cleaned properly.

----------------------------------------

SYSTEM RE-BOOT

Reboot into Normal Mode.

----------------------------------------


ON-LINE SCANS

Perform an online scan with Internet Explorer with Panda ActiveScan

  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


----------------------------------------

FOLLOW-UP

Please return and post these items in the order listed:


AVG A/S
Panda scan
A new HJT log run in Normal Mode


Please note: In order to properly see what is on your system, all HJT logs must be run in the normal mode

Please let me know how your system is behaving.
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #8 ·
i have another question...before i tried reformating my computer. but when i am in the "window setup" page my computer jumps back out to another page saying
Stop: 0x0000007B (0xF7A2963C, 0xc0000034, 0x00000000, 0x00000000)
do you know how i can fix this so i can proceed on my reformating instead?
 

·
Registered
Joined
·
2,335 Posts
I really don't think you need to reformat, since we're getting the malware out of your system. This will wipe out all of your files/folders.

However, that is your choice. As for the error, please post your question in the Windows XP Support forum. Those folks will be better able to answer your question.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top