Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Check My Log


  • This topic is locked This topic is locked
57 replies to this topic

#1 truvisions

truvisions

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 07 January 2008 - 03:07 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:31 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Trirot.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\petee\Local Settings\Temporary Internet Files\Content.IE5\8LAJ8TE7\HiJackThis[1].exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: wssclient - {8D99D2A3-317C-4929-8A5D-21140259D93A} - c:\PROGRA~1\wss.dll
O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll (file missing)
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dmaol.exe] C:\WINDOWS\system32\dmaol.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{45F3DCDC-744A-42E9-9D71-A7CF8D4F1151}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{72015999-2142-4ED2-B1DF-F8F12EC5612E}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3453F72-E33A-4FEF-ADBC-6BFA8E0BE369}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF1FBC1A-DEEB-483D-99BE-299D25787B12}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS3\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32CiSvc (clr_optimization_v2.0.50727_32CiSvc) - Unknown owner - C:\WINDOWS\system32\apphelpd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7285 bytes

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 24 January 2008 - 12:00 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
I apologise for the delay you have experienced, but as you may have noticed our HijackThis Team is very busy at the moment.
If you still require assistance, please reply with a new HijackThis log, then we'll get started.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 25 January 2008 - 09:51 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:54 AM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\XGI\XWatDog.exe
C:\WINDOWS\system32\Trirot.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: wssclient - {8D99D2A3-317C-4929-8A5D-21140259D93A} - c:\PROGRA~1\wss.dll
O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll (file missing)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [XGIWatchDog] C:\Program Files\XGI\XWatDog.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dmaol.exe] C:\WINDOWS\system32\dmaol.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ExpensiveNotFreeMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN Lookup - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Translate - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{45F3DCDC-744A-42E9-9D71-A7CF8D4F1151}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{72015999-2142-4ED2-B1DF-F8F12EC5612E}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3453F72-E33A-4FEF-ADBC-6BFA8E0BE369}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF1FBC1A-DEEB-483D-99BE-299D25787B12}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS3\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32CiSvc (clr_optimization_v2.0.50727_32CiSvc) - Unknown owner - C:\WINDOWS\system32\apphelpd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8833 bytes

#4 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 25 January 2008 - 09:52 AM

I uploaded a new Internet Explorer 7

It always says ERROR On Page on the bottom of the webpage.

Also, my Cpu runs on 100% mostly..

I dont know if I have enough memory or speed.

Anyway I can upgrade it? or delete uncessary programs..

Thank you for all your help

#5 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 25 January 2008 - 09:56 AM

I have a Dell 5160

Win XP - 2002

CPU:: Intel
Pentium4 CPU 2.8 hz

2.79 GHZ

1.50 gb or ram

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 25 January 2008 - 05:13 PM

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 25 January 2008 - 06:48 PM

ComboFix 08-01-23.1C - petee 2008-01-25 17:00:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.806 [GMT -6:00]
Running from: C:\Documents and Settings\petee\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\petee\Application Data\macromedia\Flash Player\#SharedObjects\AXFVFWKC\www.broadcaster.com
C:\Documents and Settings\petee\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\petee\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\wss.dll
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\LB7E9.tmp.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\wr.txt

----- BITS: Possible infected sites -----

hxxp://supertds.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MICROSOFT_INET_SERVICE
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\LEGACY_WINDEV-5ED8-1F05
-------\Microsoft Inet Service
-------\msupdate
-------\NtmlSvc
-------\windev-5ed8-1f05


((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-22 09:23 . 2008-01-22 09:23 <DIR> d-------- C:\Program Files\SYSTRAN
2008-01-22 08:56 . 2008-01-22 08:56 <DIR> d-------- C:\Program Files\PowerISO
2008-01-07 22:24 . 2008-01-07 22:24 <DIR> d-------- C:\Program Files\SystemGuards.com
2007-12-31 14:52 . 2008-01-15 13:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 14:51 . 2007-12-31 14:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 19:08 --------- d-----w C:\Program Files\FriendBlasterPro
2008-01-24 02:25 94,208 ----a-w C:\WINDOWS\system32\NTDisUn.dll
2008-01-24 02:25 4,404 ----a-w C:\WINDOWS\system32\SIMPLDRV.SYS
2008-01-24 02:25 --------- d-----w C:\Program Files\XGI
2008-01-22 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 15:21 878,080 ----a-w C:\WINDOWS\system32\iconv.dll
2008-01-22 15:21 721,920 ----a-w C:\WINDOWS\system32\libxml2.dll
2008-01-22 15:21 51,200 ----a-w C:\WINDOWS\system32\libexslt.dll
2008-01-22 15:21 150,016 ----a-w C:\WINDOWS\system32\libxslt.dll
2008-01-21 23:17 90,112 ----a-w C:\WINDOWS\DUMPa70d.tmp
2008-01-15 19:37 90,112 ----a-w C:\WINDOWS\DUMP691a.tmp
2008-01-14 23:58 90,112 ----a-w C:\WINDOWS\DUMPd2e0.tmp
2008-01-14 23:56 90,112 ----a-w C:\WINDOWS\DUMPd716.tmp
2008-01-14 23:52 3,092,992 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2007-12-02 16:15 --------- d-----w C:\Program Files\Add-in Express
2007-12-02 16:05 3,212,288 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2007-12-02 16:05 1,616,896 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-12-02 14:42 --------- d-----w C:\Program Files\MAPILab Ltd
2007-12-02 14:42 --------- d-----w C:\Program Files\Common Files\MAPILab Ltd
2007-12-01 03:39 3,643,390 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-09-26 22:23 1,227,776 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2007-09-26 22:22 1,593,344 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2007-09-26 00:43 2,732,544 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2007-09-08 16:18 2,698,240 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-08-10 14:59 2,699,264 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-08-10 14:59 1,572,864 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-07-26 21:47 14,901,872 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_26_14_37_34_full.dmp.zip
2007-07-26 21:46 12,298,844 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_26_14_36_55_full.dmp.zip
2007-07-26 19:10 1,570,304 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2007-07-26 19:09 2,690,048 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2007-07-21 15:32 2,897,408 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-07-21 15:32 1,560,576 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-07-20 01:06 3,205,632 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-07-20 01:06 1,542,144 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-06-25 01:00 537,600 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-06-22 14:25 2,697,728 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-06-22 14:25 1,437,696 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-06-11 23:08 615,424 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-06-11 23:08 1,359,360 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-06-11 03:54 1,278,464 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-06-08 12:25 1,887,232 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-06-08 12:25 1,340,416 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-06-05 14:27 1,071,104 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-06-04 05:09 1,328,128 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-06-02 16:27 1,302,016 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-06-01 02:56 893,440 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-05-30 23:22 1,259,008 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-05-30 23:22 1,224,192 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-05-30 14:33 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-05-30 14:33 1,320,960 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-05-30 14:31 1,320,960 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-05-30 12:56 426,496 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-05-30 12:56 1,318,912 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-05-30 12:53 1,321,984 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-05-29 21:09 340,480 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-05-29 18:38 1,300,992 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-05-29 17:36 2,183,680 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-05-29 17:36 1,299,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-07-27 02:45 502 --sha-w C:\WINDOWS\system32\1961269068.dat
2007-07-04 22:23 37 --sha-w C:\WINDOWS\system32\index.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 49,263 2006-11-09 21:07:30 C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe

----a-w 81,920 2005-05-03 02:08:32 C:\Program Files\XGI\bak\XWatDog.exe
----a-w 81,920 2005-05-03 00:08:32 C:\Program Files\XGI\XWatDog.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF5986C1-3B7F-401d-B0C1-C270097F7040}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ExpensiveNotFreeMFC"="C:\Program Files\RegistryCleaner\registrycleaner.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XGIWatchDog"="C:\Program Files\XGI\XWatDog.exe" [2005-05-02 18:08 81920]
"RegServer"="regserve.exe" [2005-05-02 18:08 28672 C:\WINDOWS\system32\RegServe.exe]
"Trirot"="Trirot.exe" [2005-05-02 20:08 65536 C:\WINDOWS\system32\Trirot.exe]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 09:13 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"dmaol.exe"="C:\WINDOWS\system32\dmaol.exe" [ ]
"PC Pitstop Optimize2 Reminder"="C:\Program Files\PCPitstop\Optimize2\Reminder.exe" [ ]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 18:05 200704]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 14:09 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 22:44]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 03:17]
R3 Xgiv3;Xgiv3;C:\WINDOWS\system32\DRIVERS\Xgiv3m.sys [2005-05-02 17:49]
S2 clr_optimization_v2.0.50727_32CiSvc;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32CiSvc;C:\WINDOWS\system32\apphelpd.exe srv []
S3 Diag69xp;Diag69xp;C:\WINDOWS\system32\Drivers\Diag69xp.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 17:41:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-25 17:47:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 23:47:00
ComboFix2.txt 2007-05-30 23:32:12
ComboFix3.txt 2007-05-26 17:07:29
ComboFix4.txt 2007-05-04 15:29:17

#8 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 25 January 2008 - 06:49 PM

also,, when i restart cpu.. i still have that XGIV3 blue screen..

I downloaded couple times from DELL & intstall the driver.. that was sent to me from my last topic..

when,, i let it cool down for 15 minutes,,, it starts up normally..

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 26 January 2008 - 05:32 PM

Sorry, could I have a new HijackThis log too please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 26 January 2008 - 09:01 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:32 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XGI\XWatDog.exe
C:\WINDOWS\system32\Trirot.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll (file missing)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [XGIWatchDog] C:\Program Files\XGI\XWatDog.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dmaol.exe] C:\WINDOWS\system32\dmaol.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ExpensiveNotFreeMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN Lookup - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Translate - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{45F3DCDC-744A-42E9-9D71-A7CF8D4F1151}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{72015999-2142-4ED2-B1DF-F8F12EC5612E}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3453F72-E33A-4FEF-ADBC-6BFA8E0BE369}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF1FBC1A-DEEB-483D-99BE-299D25787B12}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS3\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32CiSvc (clr_optimization_v2.0.50727_32CiSvc) - Unknown owner - C:\WINDOWS\system32\apphelpd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8639 bytes

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 27 January 2008 - 04:14 PM

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll (file missing)
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{45F3DCDC-744A-42E9-9D71-A7CF8D4F1151}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{72015999-2142-4ED2-B1DF-F8F12EC5612E}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3453F72-E33A-4FEF-ADBC-6BFA8E0BE369}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF1FBC1A-DEEB-483D-99BE-299D25787B12}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS3\Services\Tcpip\..\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218


Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button.

Go to the Control Panel.
If you are using Windows XP's "Category View", select the Network and Internet Connections category. If you are in "Classic View", go to the next step .
Double click the Network Connections icon
Right click the Local Area Connection icon and select 'Properties'.
Highlight 'Internet Protocol (TCP/IP)' and click the 'Properties' button.
Be sure Obtain DNS server address automatically is selected.
OK your way out.

Go to Start | Run and type in cmd
Click OK.
This will open a command prompt window.
Copy and paste the following line into the window:

ipconfig /flushdns

Hit 'Enter'.
Exit the command window.

Please download Fixwareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Save it to your Desktop and run it by double clicking.
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer, please do so.
Your system may take longer than usual to load; this is normal.
Once the Desktop loads save the text that will open (report.txt) and post it in your next reply.

Please include the report.txt along with a new HijackThis log in your reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 29 January 2008 - 07:26 PM

Username "petee" - 01/29/2008 18:12:51 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmaol"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1E4EF172-44D9-47D9-BC9B-903B3F84CD82}
"DhcpNameServer"="85.255.116.61,85.255.112.218" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{45F3DCDC-744A-42E9-9D71-A7CF8D4F1151}
"DhcpNameServer"="85.255.116.61,85.255.112.218" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{72015999-2142-4ED2-B1DF-F8F12EC5612E}
"DhcpNameServer"="85.255.116.61,85.255.112.218" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{CB59C6BB-0E35-4AAF-BAD0-790984CA1343}
"DhcpNameServer"="85.255.116.61,85.255.112.218" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{EF1FBC1A-DEEB-483D-99BE-299D25787B12}
"DhcpNameServer"="85.255.116.61,85.255.112.218" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B19D4F25D049-62AB-6DA4-F11E-FBE270D3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EC3A2A742C43-7F98-8C74-6EF2-EF755D20{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}9C78AA32F508-8C19-95D4-D7B1-D4916184{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}3A061B7BAB79-BB2A-3304-ED05-D4092A03{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4888EBFE6C96-B3D8-3804-080F-ADD49A58{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BA212F5B9D1D-3D78-2D34-B4F0-AB68D148{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4349BFFEABF6-8FB8-9314-B5CE-E97FE441{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B333186A6675-29A9-F9E4-B1CF-2A0E67AB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}8CD7F00CA6EC-6838-9594-C6C1-10B1F808{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}19B0E2AFEF7E-1A38-E5F4-A5C9-828271FC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}C458D511C854-29FB-DAE4-602A-6B5DC6C9{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7C7BFE451B3C-6E38-5B44-CBDE-1CCD8748{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}643E1EB52C56-D358-7A34-C85F-CA5DB172{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BE44FD019C34-E638-A714-2E26-452619AC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}CA972C25EFCE-7939-F994-520E-9749B73C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E2961B107421-3359-6F44-B0A2-E2F840D5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A1E7D6B45C0D-1889-F7D4-1A8A-5F41AB95{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}594165541E1E-5749-0E74-63A2-45EB93B3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}DB799F6E1CA9-379B-7594-1294-6DAA5AD6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A73D0700274D-9A7B-9434-AFE9-6BD18B0C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}AACD7343BEED-62A9-2114-A4F2-CDBCA454{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}078E9F73ED3E-6CC9-40B4-9931-DECBEED0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}C18E5809CF47-F658-FA34-2ED4-553962A0{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B47D6588A8A9-FCD9-5364-CE73-C7B20574{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}3726872D9E71-DD4A-96F4-DA7A-734510AA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}FFA646CE1F33-5B0B-ABD4-B3EE-4A9DF471{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}9CB04D9FC972-0BA8-8084-0546-901C8575{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}AB45BC314850-4188-7E24-F44E-02268EE8{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}6C82D9530720-8B5A-2014-3942-072DE7D6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}0C40FB50E779-8588-4BE4-8856-4B0A2C8B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}977C20694E66-5B4B-1A84-CA2D-891F9E47{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E99D7B67A334-0C1A-E194-17DA-1AEAAF30{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}3A53A682E66E-14CA-9634-CD55-722202AB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}310BA4A3E1E3-1648-ADB4-F2E4-56A05381{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}314F95AAEFC3-95EB-F394-6149-C14CDB22{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A7F976C9A345-5229-37F4-B7BF-F4029C28{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BC02C3292E37-218A-5F04-1A24-628CBD70{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5B610530BD72-6C38-5804-8BFA-DDAB607F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BA8EB38A5FEE-9AC9-2E94-7587-4D952301{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}947DE37A7EAC-7099-2454-C00A-77747655{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EDCF3D1D8FD8-D3E8-3974-1150-AF43EC78{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}39315846191D-98BB-4024-5FE8-D6B16DF9{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}96A8D138C755-DD38-A974-6AE5-ED9C76FA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}839925EEE36D-E94B-AEF4-FA72-A64A7525{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}FBA4A3B48412-2D58-65A4-847B-10EAE5E4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}60675A4BE217-CC9A-B194-E63F-A346D5A3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}95B48998DBD2-013A-EAD4-580F-A12924BC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}883CC6FF75BE-3948-F034-9C56-A571C513{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}2E6047184C68-3039-1184-3F35-28E86E2E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}992E280B53F9-F1AA-1B74-7BDE-D9B0A9DD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}C92735EB6513-E1EA-1C54-539E-202F5FB5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}FCD75FF8E369-1618-74E4-3C4B-5A4E86E3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "oovmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}717E6A4A86C6-6DD8-23E4-9F4E-D1350C3C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}29AD9709ED13-731B-1D24-470C-16217352{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}68C7395657F6-73FA-D964-56F8-4E6099EF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}77B7D9DC4532-628B-37A4-C411-DB4A6FFB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}17C8B3888C28-56F8-2F64-F980-9AC6975B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E9FF58CBA853-782A-5FB4-68F3-BA71054E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}DD1401DD0DC8-159A-6EE4-33C9-09992106{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7B8E82948BC5-0219-0E94-AEE6-8C0BDD40{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}6139B2832FC1-A1E8-5F34-1AEA-64FB1052{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}39247316F705-A8CA-5814-AD3F-A58D47A5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}D1B7DC2ECA45-326A-F1B4-EB14-972FA53D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E45E33887763-2979-5D14-C6B9-3DBEBA49{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7572BD71BA7C-CBEA-8464-801A-49600D8D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}11BD4028E32A-56F9-E9D4-A905-0EEC5ECD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EEADBC099893-8448-C664-1A1A-49F1CAEB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}71201C30DD83-37C8-3F14-17F1-474C4931{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EA08BA5D95C3-FA5B-F644-9F37-BCE58DEF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}81675BFB0558-9D99-F404-A77E-CCB675AF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A56A48CE6BAF-E3F9-0EA4-6139-57B2736E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}330CD17E2434-94BA-F014-CB75-57DFFE59{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}62BC0FD9816D-9ACB-FB64-9904-90941FE7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}DBA2763A19F4-FD69-A764-18E6-57B4A06C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}47CC9EF045F1-F1D9-A164-8E15-DE2AE05A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5A72F772838F-0978-F624-5280-FE146F8C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B4327A5798EB-5B9B-7544-3A9F-AC91DDEC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EDDA5203F726-8288-41D4-9DCC-59D22E93{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}45242A43A29A-5FBA-3134-06D9-348C977F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EF95B7ACF3D8-85F8-BAC4-465E-DBF22F94{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}C8EA0F1811FF-67BB-7CB4-9456-DC1E9AFF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}DCBE1F64DAFC-9F68-2C14-9D1B-0E0BAAA8{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "loamd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7A2494FFC714-6478-C884-F453-778B2125{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}9BB83891D8A9-1D38-40C4-D3D5-2F631FB7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}C2F2B57A7098-3659-65F4-F05D-01B62583{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}923EDEDDF8BE-3D1A-1444-5C9D-EBBDC259{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}2BE37C5B1B64-92DB-2C14-BD46-B8CA30B5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BECC4568E0AA-A4EA-C5F4-E4A5-F35CC34D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E4DDFAC2F328-313A-F5F4-CB91-14B3B9C2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}1FF73E20513A-219A-4CB4-78E2-FB839B0F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7AF18F1DE75B-1DB9-6194-B433-26AFDA9F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}F9D61A563E45-FEC9-B904-8F3A-9BD6CB63{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7E4237FFA490-671A-7914-5FC4-92C00F1C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}60EBB31BCA16-4319-0C04-C32B-151DD879{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B4F35307EB39-863A-4CD4-43AF-CB9C490E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}84E8E020BA79-B1A8-EFF4-CD5B-57266F35{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}3A8B60219687-3878-ECA4-5B1D-D9708593{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}92249956D3F7-9DA9-BF34-EC7A-0D76A301{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}17B86A715A29-A338-D0B4-9815-9E881737{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}0543FB59E214-916B-1584-53A8-07CD206F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}66EA2B7C0063-A34B-3C24-5084-47E9977F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}149608ABDD31-47BA-D564-9BFE-86C6ECD5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5148B711D43A-905A-50B4-3184-00A992F4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E14A7B87B6D0-627B-2414-558A-B6484462{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}3464B211F380-A2CA-7B54-126B-D2B69777{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}0387A7933779-4AB9-72D4-AAC3-16152D7C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}C00F57BEB53A-7C98-E6E4-2C67-0E220B44{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}77FCC84B3F40-BB79-B204-3517-49BCC809{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}298E242191CD-B238-CFB4-8CE1-025AED35{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E125B699AD2F-378B-FC84-ECC6-F9ADC185{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}57F2A8D81B78-2008-97F4-748A-F387C8D1{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}0AB5F70D7F33-66FB-6C74-86E6-F5CA84AB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}FC7B4C0F4651-447B-03C4-E100-F0ED6D8E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E4315E242300-833B-09F4-F1A3-6EE92917{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EC5C4F5DD688-C689-9D54-8A86-56BEB383{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BC4573805BD9-4EA9-0164-162E-EE58C9E1{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}6BFC86409C6D-D9EA-AF54-5DD4-34F3B9E4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}16C482B40952-548A-EE14-8DFA-30B4BE3D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}064C205A7440-3FDA-3404-D968-23C76759{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4BFA087EBB5F-643A-E834-171C-B854A65A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}13507B493BAA-D5C8-C0E4-914B-1DED44AA{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}20E9FD50D9D2-787B-9FB4-81D3-AC3FC7FE{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BAFF976D9510-AFFA-4414-BC5D-AC74E299{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}22AA5C58EEC9-3369-4C14-ED1E-13CDE6CD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}D89FE680E22E-3B99-CD54-9FF7-B4E5D752{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}749D5DA32012-DE79-CF44-5EC9-C8112775{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}60120B7F883C-EF89-B704-0566-C0305F6E{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}6F4A73E1D004-5E48-E144-6A88-B27D07C4{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}949AD65D3AB0-2DFA-E944-87D9-E70E831C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B290F6D3C410-0BAA-2114-306C-D66D7827{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}81E1D745100F-BE1A-B714-A049-FBE9A906{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}E2B272DC794F-BAAB-B4B4-04F3-E56C141B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}855AC2083600-2CE8-94E4-A516-A7378A78{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7EC11BCB05A1-00AB-BD34-5D35-840C77CC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}2462C5A79FED-5F49-F474-4C72-EA10A27B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BEB43C10ED0E-6F4B-FFC4-8287-D4FAC5CD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}6515AD6B457C-9ACB-E264-A719-16084B31{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}1B41C3512304-F4D8-DEC4-CF48-CB7705F5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5B3D7A4973CF-2DEB-3C74-8FE9-EDC5C5A5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}C4E07ED914FB-D06A-5B84-0C3D-F21EABDD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}AD7AA8503B06-38C9-0A74-2885-15B52CD2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}31673D419D78-D4DB-6914-8250-11820B60{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}1E12D59D2F8A-1F5B-9A74-46AD-67862415{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}DDC75EE2A750-03F9-1294-10AC-3A83149C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}763282715B0E-96EB-5B54-B115-E455F37D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}202A1297EDB3-7A2A-10A4-CA7C-C06D6FD6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4B8CA416DB0C-EF8B-E4C4-EDFE-08A0646B{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}F31F2E3C0602-87E9-2994-D9B3-87912865{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}EA58C0575848-4BAB-54A4-A764-B9E57675{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BDEBB611F8A8-2138-2904-DCDA-B1216D57{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}BD513320F636-A8C8-9B64-4D47-9CE2FCB3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7764CF6390CB-7279-A5F4-DC10-D563BEE2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}7617FE7612CA-12AB-5E94-3B5A-D0881538{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}410EFA3D2B41-46C9-ACC4-8A3B-073F6D05{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}34B1476E22D3-1FA8-47C4-55CD-7916915D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}6894D91F598E-76D9-5F34-E8DF-AE99DBCC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4B1B561C6E34-F71A-1654-58A8-EED7FACF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}3F99EF0F49ED-B788-2CE4-377E-66C9B570{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}1B6E1DD23145-D3B8-8204-E4C3-7EF72E20{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}9A72D1C39231-197A-28F4-C715-4C770F7A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}ED081766C959-9D5A-CF64-719A-0AF6B045{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}6244244A982C-8D6B-37F4-D7D1-EB53A8A3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}AC60A03E9A13-5F98-A944-90C5-081E95FC{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A62AA6D8A3BD-4B19-B094-2B65-E2788540{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}2681BB1B9881-0318-5254-70CB-6588EDE7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}9B2912E54C4F-5079-96F4-79E8-08FCF57F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}1354BE5EB227-C19A-9784-8F6D-85CA93DF{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}92CDA9D59864-EB68-12D4-2538-2DB04574{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}63744E62C8FD-C1DA-8A64-65E0-11433177{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}26E90E075C51-BC5A-FD64-75DD-CCCD19B2{" Deleted
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion "dmvoo.exe" Value deleted
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"XGIWatchDog"="C:\\Program Files\\XGI\\XWatDog.exe"
"RegServer"="regserve.exe"
"Trirot"="Trirot.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"BrMfcWnd"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl06a\\BrStDvPt.exe"
"ControlCenter3"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"PC Pitstop Optimize2 Reminder"="C:\\Program Files\\PCPitstop\\Optimize2\\Reminder.exe"
"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=""
"ExpensiveNotFreeMFC"="C:\\Program Files\\RegistryCleaner\\registrycleaner.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:32 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\XGI\XWatDog.exe
C:\WINDOWS\system32\Trirot.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [XGIWatchDog] C:\Program Files\XGI\XWatDog.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [Trirot] Trirot.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ExpensiveNotFreeMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN Lookup - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Translate - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32CiSvc (clr_optimization_v2.0.50727_32CiSvc) - Unknown owner - C:\WINDOWS\system32\apphelpd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7006 bytes

Edited by truvisions, 29 January 2008 - 07:27 PM.


#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 30 January 2008 - 04:22 PM

Hello again,
Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

RegistryCleaner

Scan again with HijackThis and put a checkmark next to this entry:

O4 - HKCU\..\Run: [ExpensiveNotFreeMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe


Then close all other windows and click the Fix checked button.

Next, please find and delete the following folder:

C:\Program Files\RegistryCleaner

Reboot your computer

Please run a scan with Kaspersky Online Scanner.
You will be promted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on Next.
Select a target to scan; click on My Computer.
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text; they will be needed later.

Please include the Kaspersky log in your reply and also let me know how things seem to be running now.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 30 January 2008 - 11:55 PM

I only Check 50% it stall on my D: Drive & no files wanted to move.. took 4 hours just for 50%

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 30, 2008 10:52:59 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/01/2008
Kaspersky Anti-Virus database records: 538921


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 54037
Number of viruses found 6
Number of infected objects 9
Number of suspicious objects 0
Duration of the scan process 04:05:16

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\petee\1.exe Infected: Trojan-Downloader.Win32.Small.hee skipped

C:\Documents and Settings\petee\Application Data\Sun\Java\Deployment\cache\6.0\16\5e752950-2d90db5f/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped

C:\Documents and Settings\petee\Application Data\Sun\Java\Deployment\cache\6.0\16\5e752950-2d90db5f ZIP: infected - 1 skipped

C:\Documents and Settings\petee\Application Data\Sun\Java\Deployment\cache\6.0\27\29b2a95b-36bea544 Infected: Exploit.Java.Gimsh.a skipped

C:\Documents and Settings\petee\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\petee\Local Settings\Application Data\Identities\{A417CBA3-1960-4AE9-9F51-991C08D755A3}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx/[From PayPal Security Service][Date Mon, 20 Feb 2006 12:32:12 -0700]/html Infected: Trojan-Spy.HTML.Paylap.cb skipped

C:\Documents and Settings\petee\Local Settings\Application Data\Identities\{A417CBA3-1960-4AE9-9F51-991C08D755A3}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped

C:\Documents and Settings\petee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\petee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\petee\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\petee\Local Settings\History\History.IE5\MSHist012008012920080130\index.dat Object is locked skipped

C:\Documents and Settings\petee\Local Settings\Temp\~DF2194.tmp Object is locked skipped

C:\Documents and Settings\petee\Local Settings\Temp\~DF21A5.tmp Object is locked skipped

C:\Documents and Settings\petee\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\petee\Local Settings\Temporary Internet Files\Content.IE5\1OGC43OW\gnida[1].swf Infected: Trojan-Downloader.SWF.Gida.a skipped

C:\Documents and Settings\petee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\petee\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\petee\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\Program Files\wss.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.fl skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{DBA113F8-AFF7-441B-8E3C-858AF655AFDE}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\winupd.bat Infected: Trojan.BAT.Zapchast skipped

Scan was interrupted by user!

#15 truvisions

truvisions
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 30 January 2008 - 11:57 PM

Do I have to BUy the Program??

I got like 3 of them.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users