Help - Search - Members - Calendar
Full Version: Cpvfeed Popups
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal
   
moorlands
Mar 28 2007, 03:04 AM
This is a copy of the HiJackThis Log

I have installed an run a dozen different pieces of software (Ad-Aware, AVG, McAfee, SpyBot, VundoFix, numerous others) and nothing has solved the problem. Any help would be really appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 09:59:53 AM, on 2007/03/28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lvhidsvc.exe
D:\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
D:\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\BroadGun Software\pdfMachine\mapisnd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\SECCOPY\SECCOPY.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sarbyx TrayClock\trayclock.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Plannet Crafters\Flywheel\Flywheel.exe
D:\WinFax\WFXCTL32.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
C:\Program Files\Agent\agent.exe
C:\Program Files\Radiator\radiator.exe
C:\4nt301\4NT.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\CLARION6\BIN\C60SRVX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Images\stng260.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iol.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [pdfMachine dispatcher] c:\Program Files\BroadGun Software\pdfMachine\mapisnd.exe -printer="BroadGun pdfMachine" -port="PDFPORT1:"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRAM FILES\SECCOPY\SECCOPY.EXE" /InitialWait=5
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SarbyxTrayClock] C:\Program Files\Sarbyx TrayClock\trayclock.exe
O4 - Startup: Controller.LNK = D:\WinFax\WFXCTL32.EXE
O4 - Startup: Live Weather II.lnk = C:\Documents and Settings\Ant.ANTHONY\Local Settings\Temp\Live Weather II.exe
O4 - Startup: OMNI mail 2.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\OMNI mail 2.exe
O4 - Startup: On time.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\On time.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Flywheel.lnk = C:\Program Files\Plannet Crafters\Flywheel\Flywheel.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ArGoSoft Mail Server (msServerForm) - ArGo Software Design - c:\Program Files\ArGo Software Design\Mail Server\mlsrvnt.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
amateur
Apr 5 2007, 10:19 AM
Hello and welcome to BC. smile.gif

Sorry of the delayed response.
If you've not received help elsewhere and still need help, please post a fresh HijackThis log.
moorlands
Apr 6 2007, 10:26 AM
Hi Addict,

I have attached a new log below:

Logfile of HijackThis v1.99.1
Scan saved at 05:22:00 PM, on 2007/04/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\BroadGun Software\pdfMachine\mapisnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\SECCOPY\SECCOPY.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sarbyx TrayClock\trayclock.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Plannet Crafters\Flywheel\Flywheel.exe
D:\WinFax\WFXCTL32.EXE
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lvhidsvc.exe
D:\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
D:\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acoo Browser\AcooBrowser.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news24.com/News24/Home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [pdfMachine dispatcher] c:\Program Files\BroadGun Software\pdfMachine\mapisnd.exe -printer="BroadGun pdfMachine" -port="PDFPORT1:"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRAM FILES\SECCOPY\SECCOPY.EXE" /InitialWait=5
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SarbyxTrayClock] C:\Program Files\Sarbyx TrayClock\trayclock.exe
O4 - Startup: Controller.LNK = D:\WinFax\WFXCTL32.EXE
O4 - Startup: Glassy Clock.lnk = C:\Documents and Settings\Ant.ANTHONY\Local Settings\Temp\Glassy Clock II.exe
O4 - Startup: Live Weather II.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\Live Weather II.exe
O4 - Startup: OMNI mail 2.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\OMNI mail 2.exe
O4 - Global Startup: Flywheel.lnk = C:\Program Files\Plannet Crafters\Flywheel\Flywheel.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: XBasic - (no CLSID) - (no file)
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ArGoSoft Mail Server (msServerForm) - ArGo Software Design - c:\Program Files\ArGo Software Design\Mail Server\mlsrvnt.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
amateur
Apr 6 2007, 02:09 PM
Hi,

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.

=======================================

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

========================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=======================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

========================================

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.
=========================================

Reboot in Normal Mode.

=========================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version.


=========================================

Perform an online scan using Internet Explorer with Panda ActiveScan
  • Click on located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click and post back the contents please.
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

==========================================
  • Close any open browsers.
  • Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
  • Post the ComboFix.txt in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

==========================================

Please post back the results from AVG Anti-Spyware and Panda online scans, ComboFix.txt and a fresh HijackThis log.
moorlands
Apr 7 2007, 07:45 AM
Hi,

Thanks for your time.

This process has taken an age - the Panda Scan gets through almost a million files and then exits the browser completely - I tried using a couple of browsers - same result. I stopped it with a couple of hundred thousand left (which are all on a data drive and are really just source and compiled object files)

Anyway, here are the logs:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:23:59 AM 2007/04/07

+ Scan result:



D:\downloads\ClockClient.zip/EmbeddingClient.dll -> Adware.Dm : Cleaned with backup (quarantined).
D:\Downloads\EzDNS v1.71\patch.exe -> Backdoor.Bifrose.aas : Cleaned with backup (quarantined).
D:\downloads\vrl_ev3111.exe -> Backdoor.Bifrose.aas : Cleaned with backup (quarantined).
D:\downloads\vrl_ev3112.exe -> Backdoor.Bifrose.aas : Cleaned with backup (quarantined).
D:\Mail_Backup\IncrediMail Data.cab/{F7EE66DF-93F7-4A42-BABF-88E7E5437148}\Message Store\Attachments\NetHackApp.zip/NetHack/nc.exe -> Backdoor.Ncx.a : Cleaned with backup (quarantined).
E:\IncrediMail\IncrediMail Data.cab/{F7EE66DF-93F7-4A42-BABF-88E7E5437148}\Message Store\Attachments\NetHackApp.zip/NetHack/nc.exe -> Backdoor.Ncx.a : Cleaned with backup (quarantined).
E:\Software\SystemWorks2005\kgnsw.exe -> Downloader.Delf.br : Cleaned with backup (quarantined).
D:\downloads\827.zip/Keygen.exe -> Downloader.Small : Cleaned with backup (quarantined).
E:\Software\Talisman.Desktop.v2.98.2980.Incl.Keygen\Keygen\keygen.rar/keygen.exe -> Downloader.Zlob.bke : Cleaned with backup (quarantined).
D:\Downloads\MindSoft_Utilities_XP_ver_9.5\setup\UTXP9.exe -> Dropper.Microjoin.h : Cleaned with backup (quarantined).
D:\downloads\S3k_Win9x.exe -> Hijacker.Autoup.a : Cleaned with backup (quarantined).
D:\downloads\Alpha.zip/crack.exe -> Logger.Agent.nbq : Cleaned with backup (quarantined).
E:\TSearch\Crack.rar/patch.exe -> Logger.Agent.nbq : Cleaned with backup (quarantined).
E:\Turbo Searcher\patch.exe -> Logger.Agent.nbq : Cleaned with backup (quarantined).
D:\downloads\NetLimit_patch.exe -> Logger.Bancos.vh : Cleaned with backup (quarantined).
D:\downloads\RAMDiskXP_v1.8.200.zip/fff-r182.exe -> Logger.Banker.zn : Cleaned with backup (quarantined).
D:\C55\APPS\Breeder\URL2FILE.EXE -> Not-A-Virus.Downloader.Win32.Url2File.a : Cleaned with backup (quarantined).
E:\C55\APPS\Breeder\URL2FILE.EXE -> Not-A-Virus.Downloader.Win32.Url2File.a : Cleaned with backup (quarantined).
D:\Mail_Backup\IncrediMail Data.cab/{F7EE66DF-93F7-4A42-BABF-88E7E5437148}\Message Store\Attachments\NetHackApp.zip/NetHack/enum.exe -> Not-A-Virus.HackTool.Win32.EnumPlus.a : Cleaned with backup (quarantined).
E:\IncrediMail\IncrediMail Data.cab/{F7EE66DF-93F7-4A42-BABF-88E7E5437148}\Message Store\Attachments\NetHackApp.zip/NetHack/enum.exe -> Not-A-Virus.HackTool.Win32.EnumPlus.a : Cleaned with backup (quarantined).
E:\Rapid\AIRORS.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Cleaned with backup (quarantined).
E:\Software\rapidshare hacks.rar/AIRORS.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Cleaned with backup (quarantined).
D:\Mail_Backup\IncrediMail Data.cab/{F7EE66DF-93F7-4A42-BABF-88E7E5437148}\Message Store\Attachments\NetHackApp.zip/NetHack/RPCScan2.exe -> Not-A-Virus.NetTool.Win32.RPCScan : Cleaned with backup (quarantined).
E:\IncrediMail\IncrediMail Data.cab/{F7EE66DF-93F7-4A42-BABF-88E7E5437148}\Message Store\Attachments\NetHackApp.zip/NetHack/RPCScan2.exe -> Not-A-Virus.NetTool.Win32.RPCScan : Cleaned with backup (quarantined).
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@adrenaline[1].txt -> TrackingCookie.Adrenaline : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@ad.agava.tbn[1].txt -> TrackingCookie.Agava : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@counter.cnw[1].txt -> TrackingCookie.Cnw : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@ads.guardian.co[1].txt -> TrackingCookie.Co : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@a.as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@ads15.hyperbanner[2].txt -> TrackingCookie.Hyperbanner : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@vad.mainentrypoint[1].txt -> TrackingCookie.Mainentrypoint : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@pocitadlo[1].txt -> TrackingCookie.Pocitadlo : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@tfag[1].txt -> TrackingCookie.Tfag : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@count.xhit[1].txt -> TrackingCookie.Xhit : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
D:\Downloads\dk2007.exe/sinnerz.EXE/SiN2.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Downloads\clone.rar/clone\IdPatch.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).
D:\downloads\DS.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).
D:\downloads\fly2000tvv2.36loader.zip/Fly2000TV.exe -> Trojan.Flytv : Cleaned with backup (quarantined).
C:\Downloads\SNGhost.rar/Setup\KG\ssg-ng90.exe -> Trojan.Keygen.s : Cleaned with backup (quarantined).
E:\Software\ssg-ng90.exe -> Trojan.Keygen.s : Cleaned with backup (quarantined).
D:\Downloads\AKKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\downloads\helloworldWebProg.exe -> Trojan.Zapchast : Cleaned with backup (quarantined).
D:\OldPm\FOL03836.PMM -> Worm.KakWorm : Cleaned with backup (quarantined).
D:\Pm\FOL03836.PMM -> Worm.KakWorm : Cleaned with backup (quarantined).
E:\PM\FOL03836.PMM -> Worm.KakWorm : Cleaned with backup (quarantined).


::Report end

+++++++++++++++++++++++++++++++++++++

PANDA SCAN

Incident Status Location

Potentially unwanted tool:Application/Pskill.P Not disinfected C:\CW\Omnidrive.exe[²ÜÇ\nsProcess.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\CW\SDFix.zip[SDFix.exe][SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\CW\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\CW\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/BannerBank Not disinfected C:\Documents and Settings\ant\Application Data\Mozilla\Firefox\Profiles\3bg6mppc.default\cookies.txt[ad10.bannerbank.ru/]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\ant\Desktop\Unused Desktop Shortcuts\WarezP2P.exe[7k43.exe]
Spyware:Spyware/Hyperbar Not disinfected C:\Documents and Settings\ant\Desktop\Unused Desktop Shortcuts\WarezP2P.exe[NavHelperInner.msi][unk_0016][HyperbarSS3.dll]
Spyware:Spyware/Hyperbar Not disinfected C:\Documents and Settings\ant\Desktop\Unused Desktop Shortcuts\WarezP2P.exe[NavHelperInner.msi][unk_0016][Hyperbar.dll]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\ant\Desktop\Unused Desktop Shortcuts\WarezP2P.exe[NNWARZ3_88.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ant.ANTHONY\Cookies\ant@2o7[1].txt
Hacktool:Hacktool/AngryScan Not disinfected C:\Downloads\ipscan.zip[ipscan.exe]
Adware:Adware/Lop Not disinfected C:\Downloads\WarezP2P.exe[7k43.exe]
Spyware:Spyware/Hyperbar Not disinfected C:\Downloads\WarezP2P.exe[NavHelperInner.msi][unk_0016][HyperbarSS3.dll]
Spyware:Spyware/Hyperbar Not disinfected C:\Downloads\WarezP2P.exe[NavHelperInner.msi][unk_0016][Hyperbar.dll]
Spyware:Spyware/New.net Not disinfected C:\Downloads\WarezP2P.exe[NNWARZ3_88.exe]
Spyware:Spyware/New.net Not disinfected C:\Downloads\WarezP2P_DLC.exe[NNWARZ3_88.exe]
Adware:Adware/IST.ISTBar Not disinfected C:\Downloads\WindowBlinds_5.zip[WindowBlinds 5/plugins/Fubar_plugin.exe]
Spyware:Cookie/Kazaa Networks Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@276[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@adrevolver[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@ads.gorillanation[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@atwola[2].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@c.fsx[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@c2.gostats[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@cgi-bin[5].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@cgi-bin[8].txt
Spyware:Cookie/CWS Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@coolwebsearch[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@desktop.kazaa[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@go[2].txt
Spyware:Cookie/Kount Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@kount[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@linkexchange[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@maxserving[1].txt
Spyware:Cookie/Peel Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@peel[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@smni[1].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@stats1.clicktracks[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@tickle[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@tucows[2].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@versiontracker[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@webpower[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@www.eyeblaster-ds[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Old_Drive\Documents and Settings\Ant\Cookies\ant@xmts[1].txt
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Old_Drive\Program Files\KaZaA\bdcore.dll
Dialer:Dialer.B Not disinfected C:\Old_Drive\WINDOWS\Downloaded Program Files\ia.inf
Dialer:Dialer.CN Not disinfected C:\Old_Drive\WINDOWS\Downloaded Program Files\SysWebTelecom.inf
Adware:Adware Program Not disinfected C:\Old_Drive\WINDOWS\Downloaded Program Files\test.INF
Security Risk:HackTool/Gendel.A Not disinfected C:\Old_Drive\WINDOWS\gendel32.exe

+++++++++++++++++++++++++++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 02:27:41 PM, on 2007/04/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\BroadGun Software\pdfMachine\mapisnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\SECCOPY\SECCOPY.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sarbyx TrayClock\trayclock.exe
C:\Program Files\Plannet Crafters\Flywheel\Flywheel.exe
D:\WinFax\WFXCTL32.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\dxwidget.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lvhidsvc.exe
D:\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
D:\WinFax\WFXMOD32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news24.com/News24/Home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [pdfMachine dispatcher] c:\Program Files\BroadGun Software\pdfMachine\mapisnd.exe -printer="BroadGun pdfMachine" -port="PDFPORT1:"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRAM FILES\SECCOPY\SECCOPY.EXE" /InitialWait=5
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SarbyxTrayClock] C:\Program Files\Sarbyx TrayClock\trayclock.exe
O4 - Startup: Controller.LNK = D:\WinFax\WFXCTL32.EXE
O4 - Startup: Glassy Clock.lnk = C:\Documents and Settings\Ant.ANTHONY\Local Settings\Temp\Glassy Clock II.exe
O4 - Startup: Live Weather II.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\Live Weather II.exe
O4 - Startup: OMNI mail 2.lnk = C:\Program Files\Stardock\Object Desktop\DesktopX\Widgets\OMNI mail 2.exe
O4 - Global Startup: Flywheel.lnk = C:\Program Files\Plannet Crafters\Flywheel\Flywheel.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: XBasic - (no CLSID) - (no file)
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ArGoSoft Mail Server (msServerForm) - ArGo Software Design - c:\Program Files\ArGo Software Design\Mail Server\mlsrvnt.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - D:\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

+++++++++++++++++++++++++++++++++++++

"Ant" - 07-04-07 14:16:45 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\CW"


((((((((((((((((((((((((((((((( Files Created from 2007-03-07 to 2007-04-07 ))))))))))))))))))))))))))))))))))


2007-04-07 00:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-07 00:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-07 00:35 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\Sun
2007-04-06 21:39 786,432 --ah----- C:\DOCUME~1\ADMINI~1.ANT\NTUSER.DAT
2007-04-06 18:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-06 18:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
2007-04-06 17:00 2,338 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-06 16:56 <DIR> d-------- C:\SmitFraudFix
2007-04-04 09:09 <DIR> d-------- C:\Program Files\Uniblue
2007-04-04 09:09 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\Uniblue
2007-04-03 14:52 <DIR> d-------- C:\PICTURES
2007-04-03 12:44 <DIR> d-------- C:\Program Files\SecWin
2007-04-02 19:44 729,088 --a------ C:\DOCUME~1\LOCALS~1.NTA\ntuser.dat
2007-04-02 19:44 17,563,648 --a------ C:\DOCUME~1\ANT~1.ANT\ntuser.dat
2007-04-02 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\F-Secure
2007-04-02 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\fssg
2007-04-02 19:14 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-03-30 11:28 <DIR> d-------- C:\Program Files\Acoo Browser
2007-03-29 23:07 <DIR> d-------- C:\Program Files\Netscape
2007-03-29 23:07 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-29 21:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2007-03-29 13:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-29 10:18 <DIR> d-------- C:\eQual
2007-03-29 08:32 <DIR> d-------- C:\Program Files\Security Task Manager
2007-03-29 08:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SecTaskMan
2007-03-28 23:05 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\Alpha Software
2007-03-28 23:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Alpha Software
2007-03-28 23:04 1,966,080 --a------ C:\WINDOWS\system32\cdintf251.dll
2007-03-28 23:03 <DIR> d-------- C:\Program Files\A5V8
2007-03-28 12:47 <DIR> d-------- C:\WinPFind
2007-03-28 10:50 <DIR> d-------- C:\Program Files\WMR11
2007-03-27 22:27 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\DoctorWeb
2007-03-27 20:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-03-27 15:55 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-03-27 15:55 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-03-26 21:59 <DIR> d-------- C:\VundoFix Backups
2007-03-26 21:25 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-03-26 21:25 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-03-26 21:25 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-03-26 20:43 1 --a------ C:\WINDOWS\system32\sav87312.sys
2007-03-26 20:41 72,064 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-03-24 17:02 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\vlc
2007-03-24 16:56 <DIR> d-------- C:\Program Files\VideoLAN
2007-03-24 16:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-24 16:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-24 16:39 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-24 16:39 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\DivX
2007-03-24 16:26 56,899 --a------ C:\WINDOWS\system32\x264-uninstall.exe
2007-03-24 16:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-24 16:26 <DIR> d-------- C:\Program Files\ffdshow
2007-03-24 16:03 <DIR> d-------- C:\x264
2007-03-18 17:21 <DIR> d-------- C:\Program Files\PostgreSQL
2007-03-17 20:07 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\postgresql
2007-03-17 20:06 237,568 --a------ C:\DOCUME~1\POSTGR~1.ANT\ntuser.dat
2007-03-17 20:00 <DIR> d-------- C:\PostGres
2007-03-17 17:12 389,120 --a------ C:\WINDOWS\system32\GDS32.DLL
2007-03-17 15:43 <DIR> d-------- C:\Program Files\FlameRobin
2007-03-17 15:37 297,984 --a------ C:\WINDOWS\system32\midas.dll
2007-03-17 15:37 <DIR> d-------- C:\Program Files\Easy-IP
2007-03-07 22:55 <DIR> d-------- C:\Program Files\Streamer


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-07 13:04 -------- d-------- C:\Program Files\Common Files\stardock
2007-04-07 13:03 -------- d-------- C:\Program Files\sarbyx trayclock
2007-04-07 13:02 -------- d-------- C:\Program Files\seccopy
2007-04-07 13:02 -------- d-------- C:\Program Files\microsoft activesync
2007-04-07 02:46 -------- d-------- C:\Program Files\super fast shutdown
2007-04-07 00:43 -------- d-------- C:\Program Files\java
2007-04-06 19:11 -------- d-------- C:\Program Files\tc up
2007-04-03 16:09 -------- d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\skype
2007-04-03 13:13 -------- d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\hamachi
2007-04-01 20:32 -------- d-------- C:\Program Files\flashget
2007-03-30 19:46 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-03-30 09:04 7920 --a------ C:\WINDOWS\mozver.dat
2007-03-29 23:08 -------- d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\netscape
2007-03-29 16:27 -------- d-------- C:\Program Files\pdftextreader
2007-03-29 16:25 -------- d-------- C:\Program Files\bit che
2007-03-28 13:52 -------- d-------- C:\Program Files\wise installmaster
2007-03-24 16:48 -------- d-------- C:\Program Files\dscaler
2007-03-24 16:39 -------- d-------- C:\Program Files\divx
2007-03-23 18:16 -------- d-------- C:\Program Files\paint shop pro 6
2007-03-19 23:35 -------- d-------- C:\Program Files\ultraedit-32
2007-03-18 18:51 -------- d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\mysql
2007-03-17 17:12 -------- d-------- C:\Program Files\firebird
2007-03-08 17:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 22:50 -------- d-------- C:\Program Files\excelocx
2007-02-28 14:03 -------- d-------- C:\Program Files\foxit software
2007-02-23 06:29 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-02-23 06:29 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-02-23 06:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 06:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 06:29 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-02-23 06:29 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-02-23 06:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 06:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 06:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 06:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 06:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 06:25 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-02-23 06:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-02-23 06:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 06:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-02-23 06:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 06:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 06:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 06:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-16 20:33 -------- d-------- C:\Program Files\codechargestudio3
2007-02-16 19:40 -------- d-------- C:\Program Files\sierra on-line
2007-02-16 03:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-14 21:43 -------- d-------- C:\Program Files\speedfan
2007-02-14 21:39 40136 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys
2007-02-14 21:37 -------- d-------- C:\Program Files\gigabyte
2007-02-14 11:04 737280 --a------ C:\WINDOWS\iun6002.exe
2007-02-08 21:45 -------- d-------- C:\Program Files\incredimail
2007-01-20 22:46 6656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-01-20 22:46 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Second Copy 2000"="\"C:\\PROGRAM FILES\\SECCOPY\\SECCOPY.EXE\" /InitialWait=5"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"SarbyxTrayClock"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,53,\
61,72,62,79,78,20,54,72,61,79,43,6c,6f,63,6b,5c,74,72,61,79,63,6c,6f,63,6b,\
2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"WinFaxAppPortStarter"="wfxsnt40.exe"
"SoundMan"="SOUNDMAN.EXE"
"pdfFactory Pro Dispatcher v2"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis2a.exe\" /source=HKLM"
"pdfMachine dispatcher"="c:\\Program Files\\BroadGun Software\\pdfMachine\\mapisnd.exe -printer=\"BroadGun pdfMachine\" -port=\"PDFPORT1:\""
"EasyTuneV"="C:\\Program Files\\Gigabyte\\ET5\\GUI.exe"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Adobe Acrobat Speed Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-0000-7760-000000000002}\\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gcasServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McAgent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mscifapp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="D:\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\soft
moorlands
Apr 7 2007, 08:21 AM
Sorry - the ComboFix log did'nt fit - I have posted it on its own below:

"Ant" - 07-04-07 14:16:45 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\CW"


((((((((((((((((((((((((((((((( Files Created from 2007-03-07 to 2007-04-07 ))))))))))))))))))))))))))))))))))


2007-04-07 00:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-07 00:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-07 00:35 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\Sun
2007-04-06 21:39 786,432 --ah----- C:\DOCUME~1\ADMINI~1.ANT\NTUSER.DAT
2007-04-06 18:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-06 18:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab
2007-04-06 17:00 2,338 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-06 16:56 <DIR> d-------- C:\SmitFraudFix
2007-04-04 09:09 <DIR> d-------- C:\Program Files\Uniblue
2007-04-04 09:09 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\Uniblue
2007-04-03 14:52 <DIR> d-------- C:\PICTURES
2007-04-03 12:44 <DIR> d-------- C:\Program Files\SecWin
2007-04-02 19:44 729,088 --a------ C:\DOCUME~1\LOCALS~1.NTA\ntuser.dat
2007-04-02 19:44 17,563,648 --a------ C:\DOCUME~1\ANT~1.ANT\ntuser.dat
2007-04-02 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\F-Secure
2007-04-02 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\fssg
2007-04-02 19:14 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-03-30 11:28 <DIR> d-------- C:\Program Files\Acoo Browser
2007-03-29 23:07 <DIR> d-------- C:\Program Files\Netscape
2007-03-29 23:07 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-29 21:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2007-03-29 13:07 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-29 10:18 <DIR> d-------- C:\eQual
2007-03-29 08:32 <DIR> d-------- C:\Program Files\Security Task Manager
2007-03-29 08:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SecTaskMan
2007-03-28 23:05 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\Alpha Software
2007-03-28 23:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Alpha Software
2007-03-28 23:04 1,966,080 --a------ C:\WINDOWS\system32\cdintf251.dll
2007-03-28 23:03 <DIR> d-------- C:\Program Files\A5V8
2007-03-28 12:47 <DIR> d-------- C:\WinPFind
2007-03-28 10:50 <DIR> d-------- C:\Program Files\WMR11
2007-03-27 22:27 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\DoctorWeb
2007-03-27 20:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-03-27 15:55 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-03-27 15:55 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-03-26 21:59 <DIR> d-------- C:\VundoFix Backups
2007-03-26 21:25 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-03-26 21:25 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-03-26 21:25 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-03-26 20:43 1 --a------ C:\WINDOWS\system32\sav87312.sys
2007-03-26 20:41 72,064 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-03-24 17:02 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\vlc
2007-03-24 16:56 <DIR> d-------- C:\Program Files\VideoLAN
2007-03-24 16:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-24 16:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-24 16:39 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-24 16:39 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\DivX
2007-03-24 16:26 56,899 --a------ C:\WINDOWS\system32\x264-uninstall.exe
2007-03-24 16:26 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-24 16:26 <DIR> d-------- C:\Program Files\ffdshow
2007-03-24 16:03 <DIR> d-------- C:\x264
2007-03-18 17:21 <DIR> d-------- C:\Program Files\PostgreSQL
2007-03-17 20:07 <DIR> d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\postgresql
2007-03-17 20:06 237,568 --a------ C:\DOCUME~1\POSTGR~1.ANT\ntuser.dat
2007-03-17 20:00 <DIR> d-------- C:\PostGres
2007-03-17 17:12 389,120 --a------ C:\WINDOWS\system32\GDS32.DLL
2007-03-17 15:43 <DIR> d-------- C:\Program Files\FlameRobin
2007-03-17 15:37 297,984 --a------ C:\WINDOWS\system32\midas.dll
2007-03-17 15:37 <DIR> d-------- C:\Program Files\Easy-IP
2007-03-07 22:55 <DIR> d-------- C:\Program Files\Streamer


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-07 13:04 -------- d-------- C:\Program Files\Common Files\stardock
2007-04-07 13:03 -------- d-------- C:\Program Files\sarbyx trayclock
2007-04-07 13:02 -------- d-------- C:\Program Files\seccopy
2007-04-07 13:02 -------- d-------- C:\Program Files\microsoft activesync
2007-04-07 02:46 -------- d-------- C:\Program Files\super fast shutdown
2007-04-07 00:43 -------- d-------- C:\Program Files\java
2007-04-06 19:11 -------- d-------- C:\Program Files\tc up
2007-04-03 16:09 -------- d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\skype
2007-04-03 13:13 -------- d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\hamachi
2007-04-01 20:32 -------- d-------- C:\Program Files\flashget
2007-03-30 19:46 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-03-30 09:04 7920 --a------ C:\WINDOWS\mozver.dat
2007-03-29 23:08 -------- d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\netscape
2007-03-29 16:27 -------- d-------- C:\Program Files\pdftextreader
2007-03-29 16:25 -------- d-------- C:\Program Files\bit che
2007-03-28 13:52 -------- d-------- C:\Program Files\wise installmaster
2007-03-24 16:48 -------- d-------- C:\Program Files\dscaler
2007-03-24 16:39 -------- d-------- C:\Program Files\divx
2007-03-23 18:16 -------- d-------- C:\Program Files\paint shop pro 6
2007-03-19 23:35 -------- d-------- C:\Program Files\ultraedit-32
2007-03-18 18:51 -------- d-------- C:\DOCUME~1\ANT~1.ANT\APPLIC~1\mysql
2007-03-17 17:12 -------- d-------- C:\Program Files\firebird
2007-03-08 17:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 22:50 -------- d-------- C:\Program Files\excelocx
2007-02-28 14:03 -------- d-------- C:\Program Files\foxit software
2007-02-23 06:29 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-02-23 06:29 36624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-02-23 06:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 06:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 06:29 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-02-23 06:29 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-02-23 06:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 06:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 06:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 06:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 06:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 06:25 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-02-23 06:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-02-23 06:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 06:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-02-23 06:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 06:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 06:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 06:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-16 20:33 -------- d-------- C:\Program Files\codechargestudio3
2007-02-16 19:40 -------- d-------- C:\Program Files\sierra on-line
2007-02-16 03:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-14 21:43 -------- d-------- C:\Program Files\speedfan
2007-02-14 21:39 40136 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys
2007-02-14 21:37 -------- d-------- C:\Program Files\gigabyte
2007-02-14 11:04 737280 --a------ C:\WINDOWS\iun6002.exe
2007-02-08 21:45 -------- d-------- C:\Program Files\incredimail
2007-01-20 22:46 6656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-01-20 22:46 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Second Copy 2000"="\"C:\\PROGRAM FILES\\SECCOPY\\SECCOPY.EXE\" /InitialWait=5"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"SarbyxTrayClock"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,53,\
61,72,62,79,78,20,54,72,61,79,43,6c,6f,63,6b,5c,74,72,61,79,63,6c,6f,63,6b,\
2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"WinFaxAppPortStarter"="wfxsnt40.exe"
"SoundMan"="SOUNDMAN.EXE"
"pdfFactory Pro Dispatcher v2"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis2a.exe\" /source=HKLM"
"pdfMachine dispatcher"="c:\\Program Files\\BroadGun Software\\pdfMachine\\mapisnd.exe -printer=\"BroadGun pdfMachine\" -port=\"PDFPORT1:\""
"EasyTuneV"="C:\\Program Files\\Gigabyte\\ET5\\GUI.exe"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Adobe Acrobat Speed Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-0000-7760-000000000002}\\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gcasServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McAgent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mscifapp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"inimapping"