Tech Support banner
Status
Not open for further replies.
1 - 20 of 22 Posts

·
Registered
Joined
·
24 Posts
Discussion Starter · #1 ·
i'm having some big problem with my computer. for a couple of days now there is a process running called svh0st.exe , which i tried to delete, though he keeps popping back. other than that there are some of other viruses who keeps coming back, like trojan-downloader.win32.zlob.*** and mainly Trojan-PSW.Win32.Small.br. i am deleting them rapidly but they just refuse to dissapear.
as i'm writing this message my computer started bleeping out of nowhere. now, maybee it's because i'm doing the second online system scan(i have a pretty slow connection, but i'm doing it anyway).
other than that(and i really don't know if it's the thread for it, but i'm just taking the opportnity and if it is unappropriate then i'm sorry and just ignore it) sometimes(actually, almost always) when i am trying to close my internet connection my computer gets stuck and can't shut down, no matter what i do.
and my computer is generally very VERY slow(but maybee it's vecause it's not that powerful).

now, i'm no expert or even close to it in anything related to computers, but i have the following security programs installed(don't know how useful they are, but out of the ones iv'e had through the years these are the best i encountered yet. any suggestion would be welcomed happily):
AVS (active virus shield) - powered by kaspersky v.6.0.0.303
SpywareGuard
CCleaner and Recuva(just installed it today)
Spysweeper(also installed today, not active right now because of high CPU usage)
ad-aware SE personal
advanced uninstaller pro
cleandisk
spywareBlaster
spybot S&D
and CWS shredder

i did all steps before posting this thread and still the svc0host.exe is running and the viruses keeps popping.

i think i need to note that earlier today, i tried to install, and later uninstall zonealarm and another program which install file is es_iwne.exe(i'm not opening it since don't want to start dealing with that again->since they didn't work and did a lot of problems) and at some point ccleaner, cleandisk, and advanced uninstaller stopped showing me any programs installed on my copmuter, and even the add/remove had only about a third of my programs listed(not to mention the xp fixes from windows update).
cclean actually list some programs - but they are mostly the oldest one on my computer.

my HJTL:
Logfile of HijackThis v1.99.1
Scan saved at 23:52:39, on 04/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SVCH0ST.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152545086790
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152545222025
O16 - DPF: {7006F7BB-E789-4CAB-8D3D-1CE415A545D6} (ZoogyChat Control) - http://www.zoogy.co.il/asp/ZoogyChat.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.zofim.org.il/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab52520.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57D4A567-1A2C-42FB-B1EE-74DD4D65A269}: NameServer = 194.90.1.5 212.143.212.143
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

my computer info:
pentium 4 2.26GHZ
504mb of RAM, 1.60 GHZ (have no idea what it means, just copying the my computer->right click->properties info)


thanks in advance! and sorry if it's a bit too long...^_^"...

thank you thank you thank you!
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #2 ·
by the way, the second online search found troj_generic.z(1 infection)
and hktl_patcher.c(2 infections).
(removed)
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #3 ·
bump.

now i'm having more and more problems - the Bookmarks tab appears transparat or something(can see through it, and can't see what anything on the list is. the words doesen't appear), the same problem is accuring with the file, edit etc... tab's on programs such as word, excel etc...
thanks again in advance
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello dsnapiri, our apologies for the oversight of your thread.

While there's no malware presenting itself in your HijackThis log, your detailed description has provided the information I need to get started. :sayyes:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please download SmitfraudFix (by S!Ri) to your Desktop. Do not run it yet.

----------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Disable SpySweeper as it will interfere with the fixes below:

Right click on the SpySweeper icon in your taskbar and select 'Exit'.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

----------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

----------------------------------------------------

Run CCleaner being sure that the Temporary and Temporary Internet files are designated to be cleaned.

----------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"


Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

----------------------------------------------------

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

----------------------------------------------------

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

----------------------------------------------------

Reboot into Normal Mode.

----------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

----------------------------------------------------

Please run this online scan to search for any other files that may be lurking. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan[*] Click on
located at the bottom of the page.[*] A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *[*] Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*[/list]Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


----------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------


Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------

Then post the following logs in your next reply...

c:\rapport.txt
AVG A/S log
Panda log
C:\ComboFix.txt
New Hijackthis log
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #8 ·
thanks, but not everything's alright

thank you for your help! :pray:
i did everything(even though it was quite unclear in which mode should i do the avg scan, so i did it on normal mode).
most of the stuff are allright now(like the tabs of the favourites, file, edit etc... and i last saw the jbhook.dll infection after the avg scan(which was a few hours ago)), but my computer still running extremely slow...:sigh:
which of my security programs should be running always(and their shields)?
here are the logs:
SmitFraudFix v2.141

Scan done at 15:28:48.14, Sun 02/11/2007
Run from C:\Documents and Settings\xp 2005\™…Œ‡� „’�…ƒ„\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:49:39 11/02/2007

+ Scan result:



C:\WINDOWS\Downloaded Program Files\launcher.ocx -> Adware.I2ISolutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0162728.exe -> Backdoor.Haxdoor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP232\A0165753.dll -> Backdoor.Haxdoor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP232\A0165835.dll -> Backdoor.Haxdoor : Cleaned with backup (quarantined).
[1216] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Cleaned with backup (quarantined).
[2044] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Error during cleaning.
[240] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Cleaned with backup (quarantined).
[296] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Error during cleaning.
[308] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Cleaned with backup (quarantined).
[332] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Error during cleaning.
[372] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Error during cleaning.
[424] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Cleaned with backup (quarantined).
[556] C:\WINDOWS\system32\jbhook.dll -> Downloader.Delf.mm : Error during cleaning.
[2036] C:\WINDOWS\system32\SVCH0ST.EXE -> Trojan.VB.jy : Cleaned with backup (quarantined).


::Report end

(panda report):
Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\xp 2005\שולחן העבודה\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\xp 2005\שולחן העבודה\דורון\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\xp 2005\שולחן העבודה\דורון\קבצי התקנה\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Bck/TclockBased.A Disinfected C:\Program Files\TClock\tclock.exe
Virus:Trj/Downloader.MPZ Disinfected C:\WINDOWS\system32\2.exe
combofix:
"xp 2005" - 07-02-11 18:24:51 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\xp 2005\™…Œ‡� „’�…ƒ„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\KB95842.log
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\REGEDIT.com
C:\Program Files\Common Files\{C0781~1
C:\WINDOWS\system32\components
C:\WINDOWS\system32\jbloader.dll


((((((((((((((((((((((((((((((( Files Created from 2007-01-11 to 2007-02-11 ))))))))))))))))))))))))))))))))))


2007-02-11 17:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-02-11 17:00 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-02-11 15:28 2,160 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-11 15:15 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-11 15:15 <DIR> d-------- C:\Program Files\Grisoft
2007-02-04 22:56 <DIR> d-------- C:\DOCUME~1\XP2005~1\.housecall6.6
2007-02-04 21:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1.XP-\Application Data\Lavasoft
2007-02-04 21:00 786,432 --ah----- C:\DOCUME~1\ADMINI~1.XP-\NTUSER.DAT
2007-02-04 21:00 <DIR> dr------- C:\DOCUME~1\ADMINI~1.XP-\š”˜‰ˆ „š‡Œ„
2007-02-04 21:00 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Webroot
2007-02-04 21:00 <DIR> d-------- C:\DOCUME~1\ADMINI~1.XP-\™…Œ‡� „’�…ƒ„
2007-02-04 16:14 <DIR> d-------- C:\WINDOWS\Prefetch
2007-02-04 16:09 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-02-04 15:44 <DIR> d-------- C:\Program Files\Recuva
2007-02-04 15:09 <DIR> d-------- C:\Program Files\CCleaner
2007-02-04 14:50 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-04 14:50 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-04 14:50 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-04 14:50 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-04 14:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-02-04 14:49 <DIR> d-------- C:\Program Files\Webroot
2007-02-04 14:49 <DIR> d-------- C:\DOCUME~1\XP2005~1\Application Data\Webroot
2007-02-04 14:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-02-04 14:43 950,272 --a------ C:\WINDOWS\system32\contfilt.dll
2007-02-04 14:43 41,984 --a------ C:\WINDOWS\killproc.exe
2007-02-04 14:43 19,898 --a------ C:\WINDOWS\winsbak.reg
2007-02-04 14:43 145,408 --a------ C:\WINDOWS\R.COM
2007-02-04 14:43 136,668 --a------ C:\WINDOWS\winsbak2.reg
2007-02-04 14:43 135,168 --a------ C:\WINDOWS\system32\T.COM
2007-02-04 14:43 118,784 --a------ C:\WINDOWS\system32\mwnsp.dll
2007-02-04 14:43 <DIR> d-------- C:\Program Files\Common Files\MicroWorld
2007-02-04 14:43 <DIR> d-------- C:\DOCUME~1\REMOTE~1\š”˜‰ˆ „š‡Œ„
2007-02-04 14:43 <DIR> d-------- C:\DOCUME~1\REMOTE~1\™…Œ‡� „’�…ƒ„
2007-02-04 14:43 <DIR> d-------- C:\DOCUME~1\REMOTE~1\Documents
2007-02-04 14:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\š”˜‰ˆ „š‡Œ„
2007-02-04 14:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\™…Œ‡� „’�…ƒ„
2007-02-04 14:43 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Documents
2007-02-04 14:42 9,488 --a------ C:\WINDOWS\sporder.dll
2007-02-04 14:42 7,680 --a------ C:\WINDOWS\sporder.exe
2007-02-04 14:42 40,448 --a------ C:\WINDOWS\inst_tsp.exe
2007-02-04 14:42 339,968 --a------ C:\WINDOWS\system32\mwtsp.dll
2007-02-04 14:42 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
2007-02-04 14:42 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
2007-02-04 14:42 <DIR> d-------- C:\WINDOWS\system32\FLCSS.EXE
2007-02-04 14:39 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-04 14:38 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-01-18 16:12 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-18 16:09 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-18 16:08 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-01-18 16:08 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-18 16:08 273,664 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-01-18 16:08 26,112 --a------ C:\WINDOWS\system32\irmon.dll
2007-01-18 16:08 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-01-18 16:08 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-01-18 16:08 151,552 --a------ C:\WINDOWS\system32\irftp.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-11 18:01 -------- d-------- C:\Program Files\tclock
2007-02-11 18:01 -------- d-------- C:\Program Files\spywareguard
2007-02-11 17:58 -------- d-------- C:\Program Files\msn messenger
2007-02-10 20:28 41440 --a------ C:\WINDOWS\system32\perfc00d.dat
2007-02-10 20:28 251694 --a------ C:\WINDOWS\system32\perfh00d.dat
2007-02-09 02:59 -------- d-------- C:\Program Files\mozilla firefox
2007-02-07 00:02 -------- d-------- C:\Program Files\emule
2007-02-04 15:41 -------- d-------- C:\Program Files\ewido anti-malware
2007-02-04 14:56 -------- d-------- C:\Program Files\spywareblaster
2007-02-04 14:49 -------- d-------- C:\Documents and Settings\xp 2005\Application Data\webroot
2007-01-30 14:51 -------- d-------- C:\Program Files\microsoft
2006-12-30 18:28 -------- d-------- C:\Documents and Settings\xp 2005\Application Data\ppstream
2006-12-19 15:13 -------- d-------- C:\Program Files\checkpoint
2006-12-16 03:17 -------- d-------- C:\Documents and Settings\xp 2005\Application Data\check point
2006-11-22 22:49 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2006-11-22 22:49 122880 --a------ C:\WINDOWS\system32\pdfmona.dll
2006-11-19 19:13 320 --a------ C:\WINDOWS\system32\lps.dat
2006-11-19 17:01 0 --a------ C:\WINDOWS\system32\kgctini.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
"PaperPort PTD"="\"C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe\""
"SetDefPrt"="\"C:\\Program Files\\Brother\\Brmfl04b\\BrStDvPt.exe\""
"ControlCenter2.0"="\"C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe\" /autorun"
"DSLAGENTEXE"="\"dslagent.exe\" USB"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Tray Application.lnk]
"path"="C:\\Documents and Settings\\All Users\\תפריט התחלה\\תוכניות\\הפעלה\\Tray Application.lnk"
"backup"="C:\\WINDOWS\\pss\\Tray Application.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETEXC~1\\NETEXT~1.EXE "
"item"="Tray Application"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^xp 2005^תפריט התחלה^תוכניות^הפעלה^SpywareGuard.lnk]
"path"="C:\\Documents and Settings\\xp 2005\\תפריט התחלה\\תוכניות\\הפעלה\\SpywareGuard.lnk"
"backup"="C:\\WINDOWS\\pss\\SpywareGuard.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SPYWAR~2\\sgmain.exe "
"item"="SpywareGuard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanDiskAutoRun]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cleandisk"
"hkey"="HKLM"
"command"="c:\\yenicag\\cleandiskpro\\cleandisk.exe -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dslagent"
"hkey"="HKLM"
"command"="dslagent.exe USB"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gsicon"
"hkey"="HKLM"
"command"="gsicon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VPTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ecbf2ca-67a8-11db-9656-009096300101}]
Shell\AutoRun\command F:\autorun.exe


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-11 18:30:46

Logfile of HijackThis v1.99.1
Scan saved at 18:46:28, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152545086790
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152545222025
O16 - DPF: {7006F7BB-E789-4CAB-8D3D-1CE415A545D6} (ZoogyChat Control) - http://www.zoogy.co.il/asp/ZoogyChat.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57D4A567-1A2C-42FB-B1EE-74DD4D65A269}: NameServer = 194.90.1.5 212.143.212.143
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


thanks again!
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's important that you carry out the steps in the order listed below.

***************************************************

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if it exists:

TClock

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Folder

C:\Program Files\tclock

--------------------------------------------------------------------

I'd like you to run another online scan at BitDefender this time:

Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Leave the scanning options at default and press "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and post it in your next reply along with a new Hijack This log
---------------------------------------------------------------

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.

--------------------------------------------------------------------

Please download SREng.

**You may receive a message "The bandwidth limit for this site has been exceeded", please keep trying--eventually you'll get through.

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it.

You may have to rename SREngLOG.log to SREngLOG.txt to upload it.

-----------------------------------------------------

Please include the following in your next reply:

BitDefender log
Uninstall_list.txt
SREng log
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #10 ·
thanks again

thanks again.
here are the logs:
BitDefender Online Scanner



Scan report generated at: Mon, Feb 12, 2007 - 16:59:04





Scan path: A:\;C:\;D:\;







Statistics

Time
02:07:01

Files
578013

Folders
4893

Boot Sectors
3

Archives
2740

Packed Files
68985




Results

Identified Viruses
4

Infected Files
13

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
13




Engines Info

Virus Definitions
420356

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)=>(ZIP Sfx s)
Updated

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 1)
Update failed

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 27)
Infected with: Trojan.Downloader.3346.A

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 27)
Disinfection failed

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 27)
Deleted

C:\old D\ãåøåï\ùéøéí\kmd172_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab
Update failed

C:\old D\ãåøåï\ùéøéí\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\old D\ãåøåï\ùéøéí\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\old D\ãåøåï\ùéøéí\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\old D\ãåøåï\ùéøéí\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)
Updated

C:\old D\ãåøåï\ùéøéí\kmd202gu_en.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)
Update failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0159731.exe
Infected with: Backdoor.Darkproxy.A

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0159731.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0159731.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0159732.exe
Infected with: Backdoor.Darkproxy.A

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0159732.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0159732.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0160730.exe
Infected with: Backdoor.Darkproxy.A

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0160730.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0160730.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0160731.exe
Infected with: Backdoor.Darkproxy.A

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0160731.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0160731.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0164727.exe
Infected with: Backdoor.Darkproxy.A

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0164727.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0164727.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0164728.exe
Infected with: Backdoor.Darkproxy.A

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0164728.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP231\A0164728.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP232\A0165737.exe
Infected with: Backdoor.Darkproxy.A

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP232\A0165737.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP232\A0165737.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP232\A0165738.exe
Infected with: Backdoor.Darkproxy.A

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP232\A0165738.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP232\A0165738.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP324\A0261052.exe
Infected with: BehavesLike:Win32.FileInfector

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP324\A0261052.exe
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP324\A0261052.exe
Deleted

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP324\A0261053.com
Infected with: BehavesLike:Win32.FileInfector

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP324\A0261053.com
Disinfection failed

C:\System Volume Information\_restore{C50A59AD-9926-48C3-845D-4A5DD584A75F}\RP324\A0261053.com
Deleted


hijackthis uninstall list:

AVG Anti-Spyware 7.5
HijackThis 1.99.1
Mozilla Firefox (1.5.0.9)
Panda ActiveScan

i wasen't sure if i was supposed to post another hijackthis log, so i'm posting one just in case:
Logfile of HijackThis v1.99.1
Scan saved at 17:57:24, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [DSLAGENTEXE] ; dslagent.exe USB
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CleanDiskAutoRun] ; c:\yenicag\cleandiskpro\cleandisk.exe -boot
O4 - HKLM\..\Run: [GSICONEXE] ; gsicon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] ; C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152545086790
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152545222025
O16 - DPF: {7006F7BB-E789-4CAB-8D3D-1CE415A545D6} (ZoogyChat Control) - http://www.zoogy.co.il/asp/ZoogyChat.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57D4A567-1A2C-42FB-B1EE-74DD4D65A269}: NameServer = 194.90.1.5 212.143.212.143
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

and again, thanks!:smile:

-the webroot spysweeper keeps popping(just opening its window in main screen) - is it normal?
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
What language is your Windows Operating System?

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.


Please tell me what issues remain.
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #12 ·
thanks again for the quick reply.
my operating system's language is hebrew.

the hijackthis uninstall log:
AVG Anti-Spyware 7.5
HijackThis 1.99.1
Mozilla Firefox (1.5.0.9)
Panda ActiveScan


the only issue remains is the fact that i can't see the list of all my programs in the add\remove programs or Cclean. other than that, everything is running extremely smoothly.

thanks again!
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Let's see if this tool will show us something--hopefully a full Installed programs list. Part of your issue is remnants of other AV programs.

  1. Download ComboScan to your Desktop.
  2. Close all applications and windows.
  3. Double-click on comboscan.exe to run it, and follow the prompts.
  4. When the scan is complete, a text file will open - ComboScan.txt
  5. Copy and paste the contents of ComboScan.txt in your thread in the HijackThis Log Help forum.
  6. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
  7. Please Attach Supplementary.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:ComboScanSupplementary.txt
  3. Click Upload.
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #14 ·
and again, thanks a lot

thanks again. here's the log:
ComboScan v20070212.14 run by xp 2005 on 2007-02-14 at 13:58:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as xp 2005.com) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:59:15, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\xp 2005\שולחן העבודה\comboscan.exe
C:\DOCUME~1\XP2005~1\LOCALS~1\Temp\~ebxsval.tmp\xp 2005.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [DSLAGENTEXE] ; dslagent.exe USB
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CleanDiskAutoRun] ; c:\yenicag\cleandiskpro\cleandisk.exe -boot
O4 - HKLM\..\Run: [GSICONEXE] ; gsicon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] ; C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152545086790
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152545222025
O16 - DPF: {7006F7BB-E789-4CAB-8D3D-1CE415A545D6} (ZoogyChat Control) - http://www.zoogy.co.il/asp/ZoogyChat.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57D4A567-1A2C-42FB-B1EE-74DD4D65A269}: NameServer = 194.90.1.5 212.143.212.143
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- HijackThis Fixed Entries (C:\hijack This\backups\) ---------------------------

backup-20060803-010106-554 O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
backup-20060803-010106-849 O3 - Toolbar: (no name) - {000000A4-5858-4E36-BA5B-FDD80F3D5145} - (no file)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0 a347bus - system32\DRIVERS\a347bus.sys
0 a347scsi - System32\Drivers\a347scsi.sys
3 ac97intc (Intel(r) 82801 Audio Driver Install Service (WDM)) - system32\drivers\ac97intc.sys
3 ALCXSENS (Service for WDM 3D Audio Driver) - system32\drivers\ALCXSENS.SYS
3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS
3 atirage3 - system32\DRIVERS\atimpae.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
3 BrScnUsb (Brother USB Still Image driver) - System32\Drivers\BrScnUsb.sys
3 BrSerIf (Brother MFC Serial Port Interface WDM Driver) - System32\Drivers\BrSerIf.sys
3 BrUsbSer (Brother MFC USB Serial WDM Driver) - System32\Drivers\BrUsbSer.sys
3 BthEnum (מנהל התקן Bluetooth Request Block) - system32\DRIVERS\BthEnum.sys
3 BTHMODEM (Bluetooth Modem Communications Driver) - system32\DRIVERS\bthmodem.sys
3 BthPan (התקן Bluetooth (רשת תקשורת אישית)) - system32\DRIVERS\bthpan.sys
3 BTHPORT (מנהל התקן יציאה מסוג Bluetooth) - System32\Drivers\BTHport.sys
3 BTHUSB (מנהל התקן USB של רדיו Bluetooth) - System32\Drivers\BTHUSB.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 cmpci (C-Media PCI Audio Driver (WDM)) - system32\drivers\cmaudio.sys
3 CO_Mon - \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
3 cwrwdm (מנהל התקן SoundFusion(tm) WDM) - system32\DRIVERS\cwrwdm.sys
3 dtscsi - \SystemRoot\System32\Drivers\dtscsi.sys
3 E1000 (Intel(R) PRO/1000 Adapter Driver) - system32\DRIVERS\e1000325.sys
3 E100B (Intel(R) PRO Adapter Driver) - system32\DRIVERS\e100b325.sys
3 GMSIPCI - \??\D:\INSTALL\GMSIPCI.SYS
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
3 ialm - system32\DRIVERS\ialmnt5.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
0 kl1 - system32\drivers\kl1.sys
1 klif - \??\C:\WINDOWS\system32\drivers\klif.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NTACCESS - \??\D:\NTACCESS.sys
3 nv - system32\DRIVERS\nv4_mini.sys
3 P2k (Motorola USB Device) - system32\DRIVERS\P2k.sys
0 PCIIde - system32\DRIVERS\pciide.sys
3 Ptserlp (PCTEL Serial Device Driver for PCI) - system32\DRIVERS\ptserlp.sys
3 QCDonner (Logitech QuickCam Express) - system32\DRIVERS\OVCD.sys
3 RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - system32\DRIVERS\rfcomm.sys
3 SetupNTGLM7X - \??\D:\NTGLM7X.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
0 sptd - System32\Drivers\sptd.sys
0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - SYSTEM32\Drivers\SSFS0509.SYS
0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - SYSTEM32\Drivers\SSHRMD.SYS
0 SSIDRV (Spy Sweeper Interdiction Driver) - SYSTEM32\Drivers\SSIDRV.SYS
3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - System32\Drivers\sskbfd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 usbser (Motorola USB Modem Driver) - system32\DRIVERS\usbser.sys
3 usbsermptxp (Motorola USB Modem Driver for MPT XP) - system32\DRIVERS\usbsermptxp.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
0 Vmodem (XP Vmodem) - system32\DRIVERS\vmodem.sys
3 VNA (Check Point Virtual Network Adapter) - system32\DRIVERS\vna.sys
0 Vpctcom (XP Vpctcom) - system32\DRIVERS\vpctcom.sys
0 Vvoice (XP Vvoice) - system32\DRIVERS\vvoice.sys
3 wanusb (GlobespanVirata USB ADSL WAN Modem) - system32\DRIVERS\gwausb.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - system32\drivers\ialmsbw.sys
3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - system32\drivers\ialmkchw.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 AVP (Active Virus Shield) - "C:\Program Files\AOL\Active Virus Shield\avp.exe" -r
2 brmfrmps (Brother Popup Suspend service for Resource manager) - "C:\WINDOWS\system32\Brmfrmps.exe" -service
2 Brother XP spl Service (BrSplService) - C:\WINDOWS\system32\brsvc01a.exe
2 BthServ (Bluetooth Support Service) - %SystemRoot%\system32\svchost.exe -k bthsvcs
2 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2 Pctspk (PCTEL Speaker Phone) - %SystemRoot%\system32\pctspk.exe
3 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3 usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\system32\svchost.exe -k usnsvc
2 WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"


-- Files created between 2007-01-14 and 2007-02-14 ------------------------------



-- Find3M Report ----------------------------------------------------------------

2007-02-11 18:01:09 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-11 17:58:30 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-11 15:28:56 2160 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-11 15:15:18 0 d-------- C:\Program Files\Grisoft
2007-02-10 20:28:10 251694 --a------ C:\WINDOWS\system32\perfh00d.dat
2007-02-10 20:28:10 41440 --a------ C:\WINDOWS\system32\perfc00d.dat
2007-02-09 02:59:15 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-07 00:02:58 0 d-------- C:\Program Files\eMule
2007-02-04 20:02:59 0 d-------- C:\Program Files\Recuva
2007-02-04 16:05:06 0 d-------- C:\Program Files\Common Files\MicroWorld<MICROW~1>
2007-02-04 15:41:40 0 d-------- C:\Program Files\ewido anti-malware<EWIDOA~1>
2007-02-04 15:09:34 0 d-------- C:\Program Files\CCleaner
2007-02-04 14:56:27 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-04 14:49:47 0 d-------- C:\Program Files\Webroot
2007-02-04 14:49:47 0 d-------- C:\Documents and Settings\xp 2005\Application Data\Webroot
2007-02-04 14:43:45 136668 --a------ C:\WINDOWS\winsbak2.reg
2007-02-04 14:43:45 19898 --a------ C:\WINDOWS\winsbak.reg
2007-01-30 14:51:41 0 d-------- C:\Program Files\Microsoft<MI4D84~1>
2007-01-08 14:29:14 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll<Signed: Python Software Foundation>
2006-12-30 18:28:08 0 d-------- C:\Documents and Settings\xp 2005\Application Data\ppStream
2006-12-19 15:13:40 0 d-------- C:\Program Files\CheckPoint<CHECKP~1>
2006-12-16 03:17:17 0 d-------- C:\Documents and Settings\xp 2005\Application Data\Check Point<CHECKP~1>
2006-11-22 22:49:55 122880 --a------ C:\WINDOWS\system32\pdfmona.dll<Unsigned: n/a>
2006-11-22 22:49:55 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll<PDF995~1.DLL><Unsigned: n/a>
2006-11-19 19:13:35 320 --a------ C:\WINDOWS\system32\lps.dat
2006-11-19 17:01:28 0 --a------ C:\WINDOWS\system32\kgctini.dat


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="; C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
"PaperPort PTD"="\"C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe\""
"SetDefPrt"="\"C:\\Program Files\\Brother\\Brmfl04b\\BrStDvPt.exe\""
"ControlCenter2.0"="\"C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe\" /autorun"
"DSLAGENTEXE"="; dslagent.exe USB"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ccApp"="; \"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"CleanDiskAutoRun"="; c:\\yenicag\\cleandiskpro\\cleandisk.exe -boot"
"GSICONEXE"="; gsicon.exe"
"KernelFaultCheck"="; %systemroot%\\system32\\dumprep 0 -k"
"SunJavaUpdateSched"="; C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"vptray"="; C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Tray Application.lnk]
"path"="C:\\Documents and Settings\\All Users\\תפריט התחלה\\תוכניות\\הפעלה\\Tray Application.lnk"
"backup"="C:\\WINDOWS\\pss\\Tray Application.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETEXC~1\\NETEXT~1.EXE "
"item"="Tray Application"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^xp 2005^תפריט התחלה^תוכניות^הפעלה^SpywareGuard.lnk]
"path"="C:\\Documents and Settings\\xp 2005\\תפריט התחלה\\תוכניות\\הפעלה\\SpywareGuard.lnk"
"backup"="C:\\WINDOWS\\pss\\SpywareGuard.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\SPYWAR~2\\sgmain.exe "
"item"="SpywareGuard"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

Cannot create file "C:\DOCUME~1\XP2005~1\LOCALS~1\Temp\~ebxsval.tmp\aa.txt". Access is denied


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ecbf2ca-67a8-11db-9656-009096300101}]
Shell\AutoRun\command F:\autorun.exe


-- End of ComboScan: finished at 2007-02-14 at 14:01:48 -------------------------
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hiya,

You have too many leftovers of security programs and Anti Virus programs which are messing up your system--the following need to be cleared:

Symatec
Zone Alarm
ETrust
MicroWorld


The proper way to do this is to reinstall/reboot/then uninstall them via the Add/Remove panel. If they are not showing in the Add/Remove panel, then access the uninstaller via the Program Folder for each one.

If you don't have disks to reinstall them, then you'll need to redownload them.
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #16 · (Edited)
none of the programs appeared in my add/remove list.
i tried to use the installation files i used to install the e-scan(i think it's microworld) and the zone alarm, and they simply don't work - they want me to reboot all the time and just wont install.
i'm trying to download newer files now, hopefully it wil work.
about symantec- i used to have norton but i deleted it ages ago, in the second i installed AVS. i have no installation file for it today. what should i do?
about etrust - i'll google it, but what is it? i'll post again in a couple of hours to update what is up with that.

updating:
-the microworld install was okay eventually(after 3 reboots) but when i uninstalled it it told me that it is possible that some of the componoents could not be removed and needed to remove manually, though i didn't find any files.
by the way - my computer is close to 100 cpu usage all the time... is it because of this "leftovers"? and svchost(this time the real one) is using a lot of memory(when not connected on startup it took about 100,000kb of memory). i don't know if what i'm saying is logical, i'm just saying the numbers that shows in the task manager.
about etrust-it's an online tool(used for the online scan), and not an actualy av program. i don't know how to uninstall it.
i found two symantec folders and deleted them(though i have the feeling that they are still using my system resources).
i'm downloading the escan and zonealarm files.
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #17 ·
another update: i tried to install zonealarm but during the "verifying installed componenets" phase a window pops up that says: "setup is unable to log into the Truevector service. install cannot be continued without logging into the TrueVector service.

please use the service manager to shut down the TrueVector service and the restart the installer program".

i don't really know what any of this means... so help? thanks again.
by the way - is it better if i'll keep zonealarm (if i'll manage to install it) or if i'll delete it?

iv'e just installed microworld again - and booting and deleting it.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Click Start->Run - type services.msc & then click on the OK button
*Locate the service - TrueVector
*Double-click on it to open the Properties dialog.
*Under the General tab:
*Stop the service by using the Stop button.
*Change the Startup type to Disabled & then click on the OK button.
 

·
Registered
Joined
·
24 Posts
Discussion Starter · #19 ·
thanks again for the super quick reply...thuogh there is a problem - there is no TrueVector service on the list...
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Let's see what is there...

Open HijackThis.
  • Click on Open the Misc Tools Section.
  • Checkmark/tick 'list also minor sections (full)'
  • Click the 'Generate StartupList log' button
Please post the log in your next reply
 
1 - 20 of 22 Posts
Status
Not open for further replies.
Top