Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help


  • Please log in to reply
7 replies to this topic

#1 geogre s

geogre s

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 31 August 2007 - 02:27 PM

This program embedded itself into my system. It changes my desktop and keeps poping up with warnings and websites. It is called Privacy Protector, Error Cleaner and Spyware&Malware protection. I have tried to fix this but have had no luck. I have ran norton, stinger,AVG, spybot, etc. but nothing has worked. Please get this virus out of my computer. Any help you can give would be appreciated!! I don't know what to do help me plz.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 31 August 2007 - 02:32 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum geogre s :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Trend Micro HijackThis 2.0.2 to your desktop:
Double click on HJTInstall.exe,it will prompt you to extract hijackthis.exe to C:\Program Files\Trend Micro\HijackThis.
When the install is complete,HijackThis will automatically launch.
When the license agreement appears,select "I Accept" and then click on the "Do a system scan only" button.
When the scan is complete,click on the "Save Log" button,then save it to your desktop.
Copy and paste the entire contents of that log into your next reply.
Posted Image
Posted Image

#3 geogre s

geogre s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 31 August 2007 - 02:40 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:07, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webi...ave/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120076097718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184707365750
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F2CF4B6-88CD-4B7E-8E90-F9DE5010AAD3}: NameServer = 192.168.0.1,192.168.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F2CF4B6-88CD-4B7E-8E90-F9DE5010AAD3}: NameServer = 192.168.0.1,192.168.0.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: wmphost - {7AEF34B3-DDA0-4A91-8726-71F2524E51F3} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - {BE9C7435-08B4-42EC-99B5-CE549A4D87F6} - C:\WINDOWS\wmpdev.dll
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13311 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 31 August 2007 - 02:43 PM

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 geogre s

geogre s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 31 August 2007 - 03:19 PM

SDFix: Version 1.101

Run by Dad on 31/08/2007 at 20:55

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted
C:\Documents and Settings\Dad\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Dad\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Dad\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Dad\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Dad\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Dad\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\Dad\LOCALS~1\Temp\uninstall.exe - Deleted
C:\WINDOWS\mxduo.dll - Deleted
C:\WINDOWS\system32\install.exe - Deleted
C:\WINDOWS\wmpconf.dll - Deleted
C:\WINDOWS\wmpdev.dll - Deleted
C:\WINDOWS\wmpenv.dll - Deleted
C:\WINDOWS\wmphost.dll - Deleted


Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windowsr NetMeetingr"
"C:\\Program Files\\Global Star\\Age of Sail II\\privateer.exe"="C:\\Program Files\\Global Star\\Age of Sail II\\privateer.exe:*:Enabled:privateer"
"C:\\j2sdk1.4.2_08\\jre\\bin\\java.exe"="C:\\j2sdk1.4.2_08\\jre\\bin\\java.exe:*:Enabled:java"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\system32\\ccapp.exe"="%windir%\\system32\\ccapp.exe:*:Enabled:System Process"
"C:\\Program Files\\American Conquest\\dmcr.exe"="C:\\Program Files\\American Conquest\\dmcr.exe:*:Enabled:dmcr"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Documents and Settings\\Game account delete\\Desktop\\Age of Empires IIb\\age2_x1\\age2_x1\\age2_x1.exe"="C:\\Documents and Settings\\Game account delete\\Desktop\\Age of Empires IIb\\age2_x1\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Cossacks\\dmcr.exe"="C:\\Program Files\\Cossacks\\dmcr.exe:*:Enabled:dmcr"
"C:\\Program Files\\Cossacks - The Art Of War\\dmcr.exe"="C:\\Program Files\\Cossacks - The Art Of War\\dmcr.exe:*:Enabled:dmcr"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Sage\Instant\DemoData\REPORTS\Assets\My Asset Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\Bank\My Bank Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\Customer\My Customer Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\Finance\My Finance Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\Invoice\My Invoice Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\Nominal\My Nominal Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\POP\My POP Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\Products\My Products Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\Project\My Project Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\SOP\My SOP Reports\rpt.sys
C:\Program Files\Sage\Instant\DemoData\REPORTS\Supplier\My Supplier Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Assets\My Asset Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Bank\My Bank Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Customer\My Customer Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Finance\My Finance Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Invoice\My Invoice Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Nominal\My Nominal Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\POP\My POP Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Products\My Products Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Project\My Project Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\SOP\My SOP Reports\rpt.sys
C:\Program Files\Sage\Instant\REPORTS\Supplier\My Supplier Reports\rpt.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0001.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0012.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0099.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0146.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0245.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0265.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0291.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0314.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0345.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0353.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0505.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0533.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0585.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0586.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0723.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0746.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0826.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0878.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0889.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0900.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL0937.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1128.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1140.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1162.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1172.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1290.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1305.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1375.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1464.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1573.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1830.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1850.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1908.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL1935.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2063.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2081.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2189.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2329.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2345.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2349.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2367.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2439.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2555.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2603.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2627.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2689.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2831.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2871.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2885.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2911.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL2916.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3003.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3078.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3164.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3167.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3214.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3216.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3238.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3325.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3342.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3377.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3453.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3525.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3538.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3563.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3694.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3729.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3776.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3835.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3925.tmp
C:\Documents and Settings\Ej\Application Data\Microsoft\Word\~WRL3976.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\BIT6.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\BIT8.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\BIT9.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\BITC.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar125.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar136.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar1E.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar23.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar3.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar30.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar4.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar5.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar6.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar61.tmp
C:\Documents and Settings\Ej\Local Settings\Temp\Mar7C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT1.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT10.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT103.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT108.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT11.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT111.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT118.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT119.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT12.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT13.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT14.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT15.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT15A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT16.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT160.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT17.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT18.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT19.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT1A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT1B.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT1C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT1D.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT1E.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT1F.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT20.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT21.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT22.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT229.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT22A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT22C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT23.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT24.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT25.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT26.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT27.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT28.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT29.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT291.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2B.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2D.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2E.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2F.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2F8.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2F9.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2FA.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2FB.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2FC.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT2FD.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT3.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT30.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT31.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT32.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT33.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT34.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT35.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT37.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT39.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT3A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT4.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT41.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT42.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT45.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT46.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT48.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT49.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT4A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT4C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT4D.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT4F.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT5.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT50.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT52.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT53.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT54.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT55.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT56.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT58.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT59.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT5A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT5E.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT6.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT61.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT63.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT64.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT65.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT66.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT67.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT68.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT69.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT6A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT6B.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT6C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT6D.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT6E.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT6F.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT7.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT70.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT71.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT72.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT73.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT74.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT75.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT76.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT77.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT78.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT79.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT7A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT7B.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT7C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT7D.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT7E.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT7F.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT8.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT80.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT81.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT82.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT83.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT84.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT85.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT86.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT87.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT89.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT8A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT8B.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT8C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT8D.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT8E.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT8F.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT9.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT90.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT91.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT92.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT93.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT94.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT95.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT96.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT97.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT98.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT99.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT9A.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT9B.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT9C.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT9D.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT9E.tmp
C:\Documents and Settings\John\Local Settings\Temp\BIT9F.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA0.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA1.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA2.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA3.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA4.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA5.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA6.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA7.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA8.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITA9.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITAA.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITAB.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITAC.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITAD.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITAE.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITAF.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB0.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB1.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB2.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB3.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB4.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB5.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB6.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB7.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB8.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITB9.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITBA.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITBB.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITBC.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITBD.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITBE.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITBF.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC0.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC1.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC2.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC3.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC5.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC6.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC7.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC8.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITC9.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITCA.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITCB.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITCC.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITCD.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITCE.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITCF.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD0.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD1.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD2.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD3.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD4.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD5.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD6.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD7.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD8.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITD9.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITDA.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITDB.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITDD.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITDE.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITDE5.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITDE6.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITDE8.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITDF.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE0.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE1.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE2.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE3.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE4.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE5.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE6.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE7.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE8.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITE9.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITEA.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITEB.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITEC.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITED.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITEE.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITEF.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITF.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITF0.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITF1.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITF2.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITF3.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITF4.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITF6.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITF9.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITFD.tmp
C:\Documents and Settings\John\Local Settings\Temp\BITFF.tmp
C:\Program Files\InterActual\InterActual Player\iti4.tmp
C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT1.tmp

Finished

#6 geogre s

geogre s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 31 August 2007 - 03:37 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35, on 2007-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\powerpanel\Program\PcfMgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webi...ave/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120076097718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184707365750
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F2CF4B6-88CD-4B7E-8E90-F9DE5010AAD3}: NameServer = 192.168.0.1,192.168.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F2CF4B6-88CD-4B7E-8E90-F9DE5010AAD3}: NameServer = 192.168.0.1,192.168.0.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SpywareBot Scanning Engine (SpywareBotSrv) - Unknown owner - C:\Program Files\SpywareBot\SpywareBotSrv.srv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe

--
End of file - 12961 bytes

#7 geogre s

geogre s
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 31 August 2007 - 03:39 PM

It seems to me that it has fixed getting no pop-ups.So thanks i'd almost given up hope. Thanks agen.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 31 August 2007 - 04:41 PM

Thats great but we're not done just yet.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users