Hi there,
I have recently been infected a load of malware and it is really starting to bug me.
I think I have now got rid of the majority of it using Ad-Aware, Spybot S & D, AVG Anti Spyware and Various other programs however, it kept reappearing.
I would be grateful if someone could have a quick look at the two logs below and advise if there is anything else that can be done to get rid of this spyware!
Ad-Aware Log
Ad-Aware SE Build 1.06r1
Logfile Created on:26 February 2007 19:27:13
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R155 26.02.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic)(TAC index:3):4 total references
Adware.Searchcolours(TAC index:4):2 total references
MRU List(TAC index:0):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
26-02-2007 19:27:13 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Fish\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-3872107103-2020517666-3813057024-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-3872107103-2020517666-3813057024-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-3872107103-2020517666-3813057024-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-3872107103-2020517666-3813057024-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 776
ThreadCreationTime : 26-02-2007 00:31:49
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1076
ThreadCreationTime : 26-02-2007 00:31:56
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 428
ThreadCreationTime : 26-02-2007 00:32:04
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 26-02-2007 00:32:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 26-02-2007 00:32:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 264
ThreadCreationTime : 26-02-2007 00:32:08
BasePriority : Normal
FileVersion : 6.14.10.4123
ProductVersion : 6.14.10.4123
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 292
ThreadCreationTime : 26-02-2007 00:32:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 26-02-2007 00:32:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [msmpeng.exe]
FilePath : C:\Program Files\Microsoft Windows OneCare Live\Antivirus\
ProcessID : 1044
ThreadCreationTime : 26-02-2007 00:32:09
BasePriority : Normal
FileVersion : 1.5.1933.0
ProductVersion : 1.5.1933.0
ProductName : Microsoft Malware Protection
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1356
ThreadCreationTime : 26-02-2007 00:32:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1816
ThreadCreationTime : 26-02-2007 00:32:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1956
ThreadCreationTime : 26-02-2007 00:32:14
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 26-02-2007 00:32:18
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1556
ThreadCreationTime : 26-02-2007 00:32:20
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe
#:15 [isafe.exe]
FilePath : C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\
ProcessID : 1692
ThreadCreationTime : 26-02-2007 00:32:20
BasePriority : Normal
FileVersion : Version 8.0.7.0
ProductVersion : Version 8.0.7.0
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA ISafe Service
InternalName : ISafe
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
#:16 [lssrvc.exe]
FilePath : C:\Program Files\Common Files\LightScribe\
ProcessID : 220
ThreadCreationTime : 26-02-2007 00:32:21
BasePriority : Normal
FileVersion : 1.0.21.1
ProductName : LightScribe
LegalCopyright : © Copyright 2003-2004 Hewlett-Packard Development Company, LP
OriginalFilename : LSSrvc.exe
#:17 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1124
ThreadCreationTime : 26-02-2007 00:32:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:18 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1652
ThreadCreationTime : 26-02-2007 00:32:27
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:19 [vetmsg.exe]
FilePath : C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\
ProcessID : 1856
ThreadCreationTime : 26-02-2007 00:32:28
BasePriority : Normal
FileVersion : Version 8.3.0.2
ProductVersion : Version 8.3.0.2
ProductName : CA Anti-Virus
CompanyName : CA, Inc.
FileDescription : CA Anti-Virus Realtime Messaging Service
InternalName : vetmsg
LegalCopyright : © Copyright 2006 CA, Inc.
LegalTrademarks : Trademark of CA, Inc.
OriginalFilename : vetmsg.exe
#:20 [msfwsvc.exe]
FilePath : C:\Program Files\Microsoft Windows OneCare Live\Firewall\
ProcessID : 1368
ThreadCreationTime : 26-02-2007 00:32:31
BasePriority : Normal
FileVersion : 1.5.1551.0
ProductVersion : 1.5.1551.0
ProductName : OneCare Firewall service
CompanyName : Microsoft Corporation
FileDescription : OneCare Firewall service
InternalName : OneCare Firewall
LegalCopyright : Copyright © 1995-2006 Microsoft Corp.
OriginalFilename : MSFWSVC.exe
#:21 [winss.exe]
FilePath : C:\Program Files\Microsoft Windows OneCare Live\
ProcessID : 1824
ThreadCreationTime : 26-02-2007 00:32:34
BasePriority : Normal
FileVersion : 1.5.1890.18
ProductVersion : 1.5.1890.18
ProductName : Microsoft® CoReXT
CompanyName : Microsoft Corporation
FileDescription : Windows Live OneCare Service
InternalName : WinSS.exe
LegalCopyright : Copyright © 1995-2006 Microsoft Corporation
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation.
OriginalFilename : WinSS.exe
#:22 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 26-02-2007 00:33:27
BasePriority : Normal
FileVersion : 6.14.10.4123
ProductVersion : 6.14.10.4123
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:23 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 2736
ThreadCreationTime : 26-02-2007 00:33:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3460
ThreadCreationTime : 26-02-2007 00:33:48
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:25 [winssnotify.exe]
FilePath : C:\Program Files\Microsoft Windows OneCare Live\
ProcessID : 3640
ThreadCreationTime : 26-02-2007 00:34:11
BasePriority : Normal
FileVersion : 1.5.1890.18
ProductVersion : 1.5.1890.18
ProductName : Microsoft® CoReXT
CompanyName : Microsoft Corporation
FileDescription : Windows Live OneCare Tray Notification
InternalName : WinSSNotify.exe
LegalCopyright : Copyright © 1995-2006 Microsoft Corporation
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation.
OriginalFilename : WinSSNotify.exe
#:26 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2572
ThreadCreationTime : 26-02-2007 00:40:11
BasePriority : Normal
FileVersion : 7.13.0.1 02Feb05
ProductVersion : 7.13.0.1 02Feb05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2004
OriginalFilename : SynTPLpr.exe
#:27 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2688
ThreadCreationTime : 26-02-2007 00:40:14
BasePriority : Normal
FileVersion : 7.13.0.1 02Feb05
ProductVersion : 7.13.0.1 02Feb05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright © Synaptics, Inc. 1996-2004
OriginalFilename : SynTPEnh.exe
#:28 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 752
ThreadCreationTime : 26-02-2007 00:40:23
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:29 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 976
ThreadCreationTime : 26-02-2007 00:40:24
BasePriority : Normal
FileVersion : 3, 10, 100, 1155
ProductVersion : 3, 10
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe
#:30 [hp wireless assistant.exe]
FilePath : C:\Program Files\hpq\HP Wireless Assistant\
ProcessID : 2820
ThreadCreationTime : 26-02-2007 00:40:28
BasePriority : Normal
FileVersion : 1, 1, 1, 3
ProductVersion : 1, 1, 1, 3
ProductName : hp Wireless Assistant
CompanyName : Hewlett-Packard Company
FileDescription : hp Wireless Assistant Module
InternalName : hp Wireless Assistant
LegalCopyright : Copyright 2004
OriginalFilename : hp Wireless Assistant.exe
#:31 [hpwuschd2.exe]
FilePath : C:\Program Files\Hp\HP Software Update\
ProcessID : 1780
ThreadCreationTime : 26-02-2007 00:40:29
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant
#:32 [eabservr.exe]
FilePath : C:\Program Files\HPQ\Quick Launch Buttons\
ProcessID : 308
ThreadCreationTime : 26-02-2007 00:40:35
BasePriority : Normal
FileVersion : 5, 1, 1, 2
ProductVersion : 5, 1, 1, 2
ProductName : Quick Launch Buttons
CompanyName : Hewlett-Packard
FileDescription : Quick Launch Buttons
InternalName : eabsrvr
LegalCopyright : © Copyright 2004 Hewlett-Packard Development Company, L.P.
OriginalFilename : eabsrvr.exe
#:33 [cctray.exe]
FilePath : C:\Program Files\CA\CA Internet Security Suite\cctray\
ProcessID : 2192
ThreadCreationTime : 26-02-2007 00:40:37
BasePriority : Normal
FileVersion : Version 3.2.0.3
ProductVersion : Version 3.2.0.3
ProductName : CA Security Suite
CompanyName : CA, Inc.
FileDescription : CA Common Tray
InternalName : CCTray
LegalCopyright : © Copyright 2006 CA, Inc.
LegalTrademarks : Trademark of CA, Inc.
OriginalFilename : CCTray.exe
#:34 [cavrid.exe]
FilePath : C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\
ProcessID : 1352
ThreadCreationTime : 26-02-2007 00:40:38
BasePriority : Normal
FileVersion : Version 8.3.0.2
ProductVersion : Version 8.3.0.2
ProductName : CA Anti-Virus
CompanyName : CA, Inc.
FileDescription : CA Anti-Virus Realtime Infection Report
InternalName : CAVRid
LegalCopyright : © Copyright 2006 CA, Inc.
LegalTrademarks : Trademark of CA, Inc.
OriginalFilename : CAVRid.exe
#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2540
ThreadCreationTime : 26-02-2007 00:40:40
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:36 [hpqwmi.exe]
FilePath : C:\Program Files\HPQ\SHARED\
ProcessID : 2320
ThreadCreationTime : 26-02-2007 00:40:52
BasePriority : Normal
FileVersion : 1, 0, 4, 3
ProductVersion : 1, 0, 4, 3
ProductName : hpqwmi Module
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : hpqwmi Module
InternalName : hpqwmi
LegalCopyright : © Copyright 2003, 2005 Hewlett-Packard Development Company, L.P.
OriginalFilename : hpqwmi.EXE
#:37 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 2224
ThreadCreationTime : 26-02-2007 00:40:53
BasePriority : Normal
#:38 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_10\bin\
ProcessID : 3140
ThreadCreationTime : 26-02-2007 00:40:56
BasePriority : Normal
#:39 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 3768
ThreadCreationTime : 26-02-2007 00:40:59
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe
#:40 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2228
ThreadCreationTime : 26-02-2007 00:41:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:41 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 804
ThreadCreationTime : 26-02-2007 00:41:25
BasePriority : Normal
FileVersion : 7.5.0322
ProductVersion : 7.5.0322
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:42 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3892
ThreadCreationTime : 26-02-2007 00:43:07
BasePriority : Normal
#:43 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3784
ThreadCreationTime : 26-02-2007 00:43:07
BasePriority : Normal
#:44 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2840
ThreadCreationTime : 26-02-2007 11:58:59
BasePriority : Normal
FileVersion : 7.00.6000.16414 (vista_gdr.070108-1520)
ProductVersion : 7.00.6000.16414
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:45 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2564
ThreadCreationTime : 26-02-2007 19:23:55
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}
Adware.BHO(generic) Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\{74dd705d-6834-439c-a735-a6dbe2677452}
Value : UninstallString
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{46a4e9d9-b30e-452a-8157-dbbec8573b03}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 8
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8
Adware.Searchcolours Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {74dd705d-6834-439c-a735-a6dbe2677452}
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 9
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic) Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\search toolbar corp
Adware.Searchcolours Object Recognized!
Type : Folder
TAC Rating : 4
Category : Adware
Comment : Adware.Searchcolours
Object : C:\Program Files\VSAdd-in
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 11
19:55:46 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:32.734
Objects scanned:154060
Objects identified:6
Objects ignored:0
New critical objects:6
HiJackThis log
Logfile of HijackThis v1.99.1
Scan saved at 19:33:13, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Fish\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1FE1128E-8A4C-8ACE-4873-D558127BF1EF} - (no file)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [{43B2D495-07CA-2057-0903-05050303002c}] "C:\Program Files\Common Files\{43B2D495-07CA-2057-0903-05050303002c}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
Any help would be greatly appreciated.
Many thanks,
Stephen Hammond
Full Version: Help, Im stuck
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
submit
"C:\Program Files\Common Files\{43B2D495-07CA-2057-0903-05050303002c}\Update.exe"
to
http://www.virustotal.com/en/indexx.html
and post the results here.
Also, post a comboscan log.
"C:\Program Files\Common Files\{43B2D495-07CA-2057-0903-05050303002c}\Update.exe"
to
http://www.virustotal.com/en/indexx.html
and post the results here.
Also, post a comboscan log.
QUOTE(Ai_Tak @ Feb 27 2007, 06:17 AM) 
submit
"C:\Program Files\Common Files\{43B2D495-07CA-2057-0903-05050303002c}\Update.exe"
to
http://www.virustotal.com/en/indexx.html
and post the results here.
Also, post a comboscan log.
"C:\Program Files\Common Files\{43B2D495-07CA-2057-0903-05050303002c}\Update.exe"
to
http://www.virustotal.com/en/indexx.html
and post the results here.
Also, post a comboscan log.
Hi there,
Many thanks for your response. I could not locate that file so was unable to submit it... Not too sure why but the folder was empty.
Please find below a copy of the Comboscan log.
ComboScan v20070226.18 run by Fish on 2007-02-27 at 20:34:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Successfully created restore point.
Performed disk cleanup.
-- HijackThis (run as Fish.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:36:06, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Fish\My Documents\comboscan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\Fish\Desktop\HIJACK~1\Fish.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1FE1128E-8A4C-8ACE-4873-D558127BF1EF} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FE1128E-8A4C-8ACE-4873-D558127BF1EF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63DEC027-FB23-462C-8C0D-BFC2433999E7} - (no file)
O2 - BHO: (no name) - {75C7625A-3CB7-483A-9569-93514DEC20CF} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [{43B2D495-07CA-2057-0903-05050303002c}] "C:\Program Files\Common Files\{43B2D495-07CA-2057-0903-05050303002c}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: efcdayw - efcdayw.dll (file missing)
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
-- File Associations ------------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3R BCM43XX (Broadcom 802.11 Network Adapter Driver) - C:\WINDOWS\system32\drivers\BCMWL5.SYS
3S BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys
3S BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys
3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys
3S BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\vbtenum.sys
0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys
3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys
3R CAMCAUD (Conexant AMC Audio) - C:\WINDOWS\system32\drivers\camc6aud.sys
3R CAMCHALA - C:\WINDOWS\system32\drivers\camc6hal.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3S CoachUsb (Digital Camera on USB) - C:\WINDOWS\system32\DRIVERS\CoachUsb.sys (not found)
2R Devx - C:\WINDOWS\system32\drivers\Devx.sys
3S dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys
1R eabfiltr - C:\WINDOWS\system32\drivers\eabfiltr.sys
3S eabusb - C:\WINDOWS\system32\drivers\EabUsb.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S ggsemc (Sony Ericsson USB Flash Driver) - C:\WINDOWS\system32\drivers\ggsemc.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWATI - C:\WINDOWS\system32\drivers\HSFHWATI.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R MpFilter (Microsoft Malware Protection Driver) - C:\WINDOWS\system32\drivers\MpFilter.sys
2R MSFWDrv - C:\WINDOWS\system32\drivers\msfwdrv.sys
1R MSFWHLPR - C:\WINDOWS\system32\drivers\msfwhlpr.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3S Nokia USB Generic - C:\WINDOWS\system32\drivers\nmwcdc.sys
3S Nokia USB Modem - C:\WINDOWS\system32\drivers\nmwcdcm.sys
3S Nokia USB Phone Parent - C:\WINDOWS\system32\drivers\nmwcd.sys
3S Nokia USB Port - C:\WINDOWS\system32\drivers\nmwcdcj.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3S PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - C:\WINDOWS\system32\PCANDIS5.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys
3S Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3S ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
3R RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys
3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - C:\WINDOWS\system32\drivers\sfsync03.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
3S SMCIRDA (SMC IrCC Miniport Device Driver) - C:\WINDOWS\system32\drivers\smcirda.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3S SYMIDSCO - C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070123.001\symidsco.sys (not found)
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
3R tifm21 - C:\WINDOWS\system32\drivers\tifm21.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbsermptxp (Motorola USB Modem Driver for MPT XP) - C:\WINDOWS\system32\drivers\usbsermptxp.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3S VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys
3S VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys
1R VET-FILT (VET File System Filter) - C:\WINDOWS\system32\drivers\vet-filt.sys
1R VET-REC (VET File System Recognizer) - C:\WINDOWS\system32\drivers\vet-rec.sys
3R VETEBOOT (VET Boot Scan Engine) - C:\WINDOWS\system32\drivers\veteboot.sys
1R VETEFILE (VET File Scan Engine) - C:\WINDOWS\system32\drivers\vetefile.sys
1R VETFDDNT (VET Floppy Boot Sector Monitor) - C:\WINDOWS\system32\drivers\vetfddnt.sys
1R VETMONNT (VET File Monitor) - C:\WINDOWS\system32\drivers\vetmonnt.sys
2R VtPr - C:\WINDOWS\system32\drivers\VtPr.sys
3S w810bus (Sony Ericsson W810 Driver driver (WDM)) - C:\WINDOWS\system32\drivers\w810bus.sys
3S w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\w810mdfl.sys
3S w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - C:\WINDOWS\system32\drivers\w810mdm.sys
3S w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\system32\drivers\w810mgmt.sys
3S w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - C:\WINDOWS\system32\drivers\w810obex.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
1R WmiAcpi (Microsoft Windows Management Interface for ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R CAISafe - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3R hpqwmi (HP WMI Interface) - C:\Program Files\HPQ\SHARED\HPQWMI.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2R msfwsvc (OneCare Firewall) - "C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
2R OneCareMP (OneCare AntiSpyware and AntiVirus) - "C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R VETMSGNT (VET Message Service) - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
2S WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
2R winss (Windows Live OneCare) - C:\Program Files\Microsoft Windows OneCare Live\winss.exe
-- Scheduled Tasks --------------------------------------------------------------
2007-02-27 20:18:44 384 --ah----- C:\WINDOWS\Tasks\MP Scheduled Signature Update.job<MPSCHE~3.JOB>
2007-02-27 20:18:39 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job<MPSCHE~2.JOB>
2007-02-27 20:18:27 378 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
-- Files created between 2007-01-27 and 2007-02-27 ------------------------------
2007-02-27 20:19:33 723013 ---hs---- C:\WINDOWS\system32\gfhkj.bak1<GFHKJ~1.BAK>
2007-02-26 21:49:23 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-26 00:24:19 0 d-------- C:\fixwareout<FIXWAR~1>
2007-02-23 19:38:53 0 d-------- C:\BFU
2007-02-23 19:36:46 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-23 19:36:28 0 d-------- C:\Program Files\Grisoft
2007-02-22 06:41:00 0 d-------- C:\Program Files\CCleaner
2007-02-22 06:34:40 33280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-02-22 06:15:22 33280 --a------ C:\WINDOWS\rundll32.exe
2007-02-22 04:08:40 4096 --a------ C:\WINDOWS\system\run32.dll
2007-02-17 14:40:54 0 d-------- C:\Program Files\PC Drivers Headquarters<PCDRIV~1>
2007-02-17 14:40:53 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters<PCDRIV~1>
2007-02-17 14:38:13 4096 --a------ C:\WINDOWS\system32\run32.dll
2007-02-16 06:59:33 26637 ---hs---- C:\WINDOWS\system32\vtuutsq.dll
2007-02-15 20:00:43 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-12 21:33:12 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-02-07 17:16:15 0 d-------- C:\Program Files\Common Files\{43B2D495-07CA-2057-0903-05050303002c}<{43B2D~1>
2007-02-04 12:10:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-04 11:09:56 0 d-------- C:\Program Files\Common Files\{43B2D495-03E5-2057-0903-05050303002c}<{43B2D~2>
2007-02-01 20:28:31 0 d-------- C:\Documents and Settings\Fish\Application Data\Lavasoft
2007-02-01 20:27:48 0 d-------- C:\Program Files\Lavasoft
2007-02-01 04:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-02-01 04:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-02-01 04:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-02-01 04:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-31 21:34:12 0 d-------- C:\Documents and Settings\Fish\Application Data\Sun
2007-01-30 23:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-30 19:17:26 178408 --a------ C:\WINDOWS\system32\muweb.dll
2007-01-30 19:17:24 127208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-01-30 05:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 05:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-30 04:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-30 04:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-30 04:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-30 04:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-30 04:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-30 04:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-30 04:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-30 04:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-29 08:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 22:38:36 81024 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-01-28 22:38:25 105856 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-01-28 22:36:06 67784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2007-01-28 22:29:58 0 d--h----- C:\Program Files\Common Files\Uninstall Information<UNINST~1>
2007-01-28 22:29:56 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-01-28 21:33:10 0 d-------- C:\WINDOWS\CAVTemp
2007-01-28 21:26:17 0 d-------- C:\Program Files\Microsoft Windows OneCare Live<MICROS~2>
2007-01-28 20:41:18 0 d-------- C:\WINDOWS\system32\T?sks
-- Find3M Report ----------------------------------------------------------------
2007-02-23 18:43:02 0 d-------- C:\Program Files\Azureus
2007-02-23 18:41:41 0 d-------- C:\Documents and Settings\Fish\Application Data\Azureus
2007-02-15 17:58:35 0 d-------- C:\Program Files\Common Files\{33B2D495-07CA-2057-0903-05050303002c}<{33B2D~1>
2007-02-12 21:35:30 0 d-------- C:\Program Files\DivX
2007-01-31 21:32:58 0 d-------- C:\Program Files\Java
2007-01-31 21:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-30 05:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 05:03:34 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 05:03:34 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-28 22:39:27 262 --a------ C:\Documents and Settings\Fish\Application Data\WinssCookie.txt<WINSSC~1.TXT>
2007-01-25 18:27:51 0 d-------- C:\Program Files\A?pPatch
2007-01-25 18:27:46 0 d-------- C:\Program Files\Common Files\{33B2D495-03E5-2057-0903-05050303002c}<{33B2D~2>
2007-01-25 18:27:38 0 d-------- C:\Program Files\Windows Defender<WINDOW~3>
2007-01-25 18:27:28 0 d-------- C:\Program Files\CONEXANT
2007-01-25 18:26:05 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-25 18:25:39 0 d-------- C:\Program Files\A-one iPod Video Convertor<A-ONEI~1>
2007-01-25 18:25:33 0 d-------- C:\Documents and Settings\Fish\Application Data\DivX
2007-01-25 18:25:07 0 d-------- C:\Documents and Settings\Fish\Application Data\Apple Computer<APPLEC~1>
2007-01-25 18:24:02 0 d-------- C:\Program Files\iTunes
2007-01-25 18:23:18 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-01-25 18:05:17 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-25 17:54:12 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-24 22:01:46 0 d-------- C:\Program Files\CA
2007-01-24 21:59:54 0 d-------- C:\Program Files\PCPitstop<PCPITS~1>
2007-01-24 18:15:12 0 d-------- C:\Program Files\WinXMedia<WINXME~1>
2007-01-23 20:03:25 0 d-------- C:\Documents and Settings\Fish\Application Data\Symantec
2007-01-23 19:20:41 277168 -----n--- C:\WINDOWS\system32\jkhfg.dll
2007-01-21 21:03:44 0 d-------- C:\Program Files\iPod
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-08 12:42:06 75280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-01-08 12:42:06 95760 --a------ C:\WINDOWS\system32\isafeif.dll
2006-12-19 21:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 18:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-12 16:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL>
2006-12-07 06:40:49 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 14:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 14:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"{43B2D495-07CA-2057-0903-05050303002c}"="\"C:\\Program Files\\Common Files\\{43B2D495-07CA-2057-0903-05050303002c}\\Update.exe\" mc-110-12-0000272"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fish^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Fish\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Application Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{63DEC027-FB23-462C-8C0D-BFC2433999E7}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdayw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\CDSTART.EXE
-- End of ComboScan: finished at 2007-02-27 at 20:39:30 -------------------------
If you require any further info then let me know.
Cheers,
Stephen
Run vundofix and post the log from it.
Hi,
Please find the log below.
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 21:49:23 26/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\gfhkj.tmp
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\nnnmkhh.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\gfhkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.tmp
C:\WINDOWS\system32\gfhkj.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnmkhh.dll
C:\WINDOWS\system32\nnnmkhh.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 22:05:18 27/02/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 16:53:12 28/02/2007
Listing files found while scanning....
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 17:08:13 28/02/2007
Listing files found while scanning....
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 17:31:22 28/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\jkhfg.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Not sure if the log is right, it was in 2 files. I restarted the comp and it cleared all traces of vundo.
Thanks,
Stephen
Please find the log below.
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 21:49:23 26/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\gfhkj.tmp
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\nnnmkhh.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\gfhkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.tmp
C:\WINDOWS\system32\gfhkj.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\nnnmkhh.dll
C:\WINDOWS\system32\nnnmkhh.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 22:05:18 27/02/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 16:53:12 28/02/2007
Listing files found while scanning....
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 17:08:13 28/02/2007
Listing files found while scanning....
VundoFix V6.3.9
Checking Java version...
Java version is 1.5.0.9
Scan started at 17:31:22 28/02/2007
Listing files found while scanning....
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\jkhfg.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Not sure if the log is right, it was in 2 files. I restarted the comp and it cleared all traces of vundo.
Thanks,
Stephen
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.