Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/packed.autoit.gen Application


  • This topic is locked This topic is locked
3 replies to this topic

#1 SFX

SFX

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 11 July 2008 - 10:31 AM

Ok, this is probably my mistake until I let a virus/malware into my system. Let me explain the scenario first:

Earlier (less than 24 hours), I set Azureus Vuze to have trusted level set to "super" (unlimited access without prompt by firewall) in ZoneAlarm Pro 6.5. Then, I left my home and when I return, I found out that NOD32 detected Win32/Packed.Autoit.Gen application. The infected files is E:\System Volume Information\_restore{3AD39A6C-269D-4D80-AAC5-423911798DF7}\RP192\A0085177.exe.

From the log files of NOD32, it says: 7/11/2008 9:26:33 PM Real-time file system protection file E:\System Volume Information\_restore{3AD39A6C-269D-4D80-AAC5-423911798DF7}\RP192\A0085177.exe Win32/Packed.Autoit.Gen application deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.. Immediately, I open Task Manager and I saw 5 svchost.exe running. By right, there should only be 4 svchost.exe process running (is this 4 run by:- 2 from SYSTEM, 1 from NETWORK SERVICE and 1 from LOCAL SERVICE. Am I right?) The extra one is run by NETWORK SERVICE. So, I terminate the process but thankfully nothing happen and it never reappear again. What I'm afraid that it might have modified my svchost.exe file.

Immediately, I turn off System Restore for E:\ partiton and access "System Volume Information" folder to make sure that the file is deleted. I also set back my firewall setting for the program. Then, I scan my PC using NOD32. Nothing found after I deleted the file A0085177.exe. I've also scan my PC using HijackThis and SREng 2. I found nothing wrong in the logs but would like an opinion. Below is my HijackThis and SREng 2 log files. Please help me to analyze it. Thanks in advance.

HijackThis log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:36 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: PC1 - C:\WINDOWS\
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - D:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6720 bytes

BC AdBot (Login to Remove)

 


#2 SFX

SFX
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 11 July 2008 - 10:39 AM

Too long, therefore I post my SREng 2 log files in my second reply.
SREng 2 log file
2008-07-11,22:05:03

System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<nwiz><nwiz.exe /install>  []
	<NvMediaCenter><RunDLL32.exe NvMCTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Zone Labs Client><"D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe">  [(Verified)Check Point Software Technologies Inc.]
	<egui><"D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice>  [(Verified)"ESET, spol. s r.o."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
Startup Folders
N/A

==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AutoComplete Service / Autocomplete][Stopped/Manual Start]
  <D:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe><Acesoft>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[BlueSoleil Hid Service / BlueSoleil Hid Service][Running/Auto Start]
  <D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe><N/A>
[##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Running/Auto Start]
  <"D:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
  <"D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Running/Auto Start]
  <"D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[EPSON Printer Status Agent2 / EPSONStatusAgent2][Running/Auto Start]
  <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod Service / iPod Service][Stopped/Manual Start]
  <"D:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PDAgent / PDAgent][Running/Auto Start]
  <"D:\Program Files\Raxco\PerfectDisk\PDAgent.exe"><Raxco Software, Inc.>
[PDEngine / PDEngine][Running/Manual Start]
  <"D:\Program Files\Raxco\PerfectDisk\PDEngine.exe"><Raxco Software, Inc.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
  <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"D:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
Drivers
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Running/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[ddsxeiservice2 / ddsxeiservice][Stopped/Manual Start]
  <\??\D:\Program Files\sXe Injected\ddsxei.sys><N/A>
[eamon / eamon][Running/Auto Start]
  <system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Running/System Start]
  <system32\DRIVERS\easdrv.sys><ESET>
[epfwtdir / epfwtdir][Running/System Start]
  <system32\DRIVERS\epfwtdir.sys><N/A>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\dlkfet5b.sys><D-Link>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[srescan / srescan][Running/Boot Start]
  <\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[Virtual Serial port driver / VComm][Running/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[vsdatant / vsdatant][Running/System Start]
  <System32\vsdatant.sys><Zone Labs, LLC>
[Sony Ericsson W810 Driver driver (WDM) / w810bus][Stopped/Manual Start]
  <system32\DRIVERS\w810bus.sys><MCCI>
[Sony Ericsson W810 USB WMC Modem Filter / w810mdfl][Stopped/Manual Start]
  <system32\DRIVERS\w810mdfl.sys><MCCI>
[Sony Ericsson W810 USB WMC Modem Driver / w810mdm][Stopped/Manual Start]
  <system32\DRIVERS\w810mdm.sys><MCCI>
[Sony Ericsson W810 USB WMC Device Management Drivers (WDM) / w810mgmt][Stopped/Manual Start]
  <system32\DRIVERS\w810mgmt.sys><MCCI>
[Sony Ericsson W810 USB WMC OBEX Interface / w810obex][Stopped/Manual Start]
  <system32\DRIVERS\w810obex.sys><MCCI>

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <D:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[Java Plug-in 1.6.0]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[Spybot-S&D IE Protection]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <D:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Sothink SWF Catcher]
  {E19ADC6E-3909-43E4-9A89-B7B676377EE3} <, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Java Plug-in 1.6.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0]
  {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <D:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[SWFDecompiler.InternetExplorer]
  {E19ADC6E-3909-43E4-9A89-B7B676377EE3} <C:\PROGRA~1\COMMON~1\SOURCE~1\SWFCAT~1\SWFCAT~1.DLL, SourceTec>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&Download All with FlashGet]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[&Download with FlashGet]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[E&xport to Microsoft Excel]
  <res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[Sothink SWF Catcher]
  <C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm, N/A>

==================================
Running Processes
[PID: 848 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 980 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1156 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1204 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
	[D:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
[PID: 1244 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
	[D:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
[PID: 1432 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1456 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
	[D:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
[PID: 1896 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
	[C:\WINDOWS\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 34, 0, 0]
	[D:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
[PID: 432 / SYSTEM][D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe]  [N/A, ]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 356 / SYSTEM][D:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Computer, Inc., 1,0,3,1]
[PID: 476 / SYSTEM][D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll]  [ESET, 3.0.621 ]
[PID: 492 / SYSTEM][C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe]  [SEIKO EPSON CORPORATION, 2, 3, 0, 0]
	[C:\WINDOWS\system32\EBAPI2.DLL]  [SEIKO EPSON CORPORATION, 1, 4, 0, 0]
	[C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL]  [SEIKO EPSON CORPORATION, 2, 26, 0, 0]
[PID: 528 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 592 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
	[C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
[PID: 720 / user][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
	[C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
	[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.1.63.0]
	[D:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 5, 0, 11]
	[C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
	[C:\WINDOWS\system32\msdmo.dll]  [, ]
	[C:\WINDOWS\system32\dxmasf.dll]  [, ]
	[C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
	[D:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing LP, 4.1 (32-bit)]
	[D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[D:\Program Files\PowerISO\PWRISOSH.DLL]  [PowerISO Computing, Inc., 3, 9, 0, 0]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\Hex Workshop 4.2\hwext.dll]  [BreakPoint Software, Inc., 4.23]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
[PID: 752 / SYSTEM][D:\Program Files\Raxco\PerfectDisk\PDAgent.exe]  [Raxco Software, Inc., 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\PDCommon.dll]  [Raxco Software, Inc., 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[D:\Program Files\Raxco\PerfectDisk\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[D:\Program Files\Raxco\PerfectDisk\PDDb.dll]  [, 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\sqlite3.dll]  [, 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\PDLangEN.dll]  [Raxco Software, Inc., 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\PDEngineps.dll]  [Raxco Software, Inc., 8, 0, 0, 45]
[PID: 1312 / SYSTEM][D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1704 / SYSTEM][D:\Program Files\Raxco\PerfectDisk\PDEngine.exe]  [Raxco Software, Inc., 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\PDCommon.dll]  [Raxco Software, Inc., 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[D:\Program Files\Raxco\PerfectDisk\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[D:\Program Files\Raxco\PerfectDisk\PDDb.dll]  [, 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\sqlite3.dll]  [, 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\PDLangEN.dll]  [Raxco Software, Inc., 8, 0, 0, 45]
	[D:\Program Files\Raxco\PerfectDisk\PDEngineps.dll]  [Raxco Software, Inc., 8, 0, 0, 45]
[PID: 2228 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 2536 / user][D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll]  [ESET, 3.0.621 ]
	[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll]  [ESET, 3.0.621 ]
	[C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
[PID: 3020 / user][D:\Program Files\Azureus\Azureus.exe]  [Azureus Inc, 3.0.0.0]
	[d:\program files\java\jre1.6.0\bin\client\jvm.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[D:\Program Files\Azureus\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
	[d:\program files\java\jre1.6.0\bin\hpi.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[d:\program files\java\jre1.6.0\bin\verify.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[d:\program files\java\jre1.6.0\bin\java.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[d:\program files\java\jre1.6.0\bin\zip.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[D:\Program Files\Java\jre1.6.0\bin\net.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[D:\Program Files\Azureus\aereg.dll]  [N/A, ]
	[D:\Program Files\Java\jre1.6.0\bin\sunmscapi.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[D:\Program Files\Java\jre1.6.0\bin\management.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[D:\Program Files\Java\jre1.6.0\bin\nio.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[D:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
	[C:\Documents and Settings\user\Local Settings\Temp\swt-win32-3430.dll]  [Eclipse Foundation, 3.430]
	[C:\Documents and Settings\user\Local Settings\Temp\swt-gdip-win32-3430.dll]  [Eclipse Foundation, 3.430]
	[D:\Program Files\Java\jre1.6.0\bin\awt.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
	[D:\Program Files\Java\jre1.6.0\bin\cmm.dll]  [Eastman Kodak Company, 1.1.0]
	[D:\Program Files\Java\jre1.6.0\bin\jpeg.dll]  [Sun Microsystems, Inc., 6.0.0.105]
	[D:\Program Files\Java\jre1.6.0\bin\fontmanager.dll]  [Sun Microsystems, Inc., 6.0.0.105]
[PID: 3152 / user][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 3040 / user][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 2976 / user][D:\Program Files\CCleaner\CCleaner.exe]  [Piriform Ltd, 2, 4, 0, 543]
[PID: 2900 / user][C:\Documents and Settings\user\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.11.992]
[PID: 3660 / user][C:\Documents and Settings\user\Desktop\SREe5c561a2.EXE]  [Smallfrogs Studio, 2.6.11.992]
	[C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
	[C:\Documents and Settings\user\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[D:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
.
.
.
127.0.0.1	www.zpwebsource.com
127.0.0.1	zpwebsource.com
127.0.0.1	www.zqavanjpn.biz
127.0.0.1	zqavanjpn.biz
127.0.0.1	z-quest.com
127.0.0.1	www.z-quest.com
127.0.0.1	www.zsupereva.it
127.0.0.1	zsupereva.it
127.0.0.1	www.zsvcompany.com
127.0.0.1	zsvcompany.com
127.0.0.1	www.zuoyouweinan.com
127.0.0.1	zuoyouweinan.com
127.0.0.1	zurrusco.com
127.0.0.1	www.zurrusco.com
127.0.0.1	zvimigdal.com
127.0.0.1	www.zxcsolution.com
127.0.0.1	zxcsolution.com
127.0.0.1	zxlinks.com
127.0.0.1	www.zxlinks.com
127.0.0.1	zyban-zocor-levitra.com

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 432, D:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2900, C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

Note: The HOSTS file entries is added by Spybot Search & Destroy. I also truncate some of the entries from HOST file entries.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:41 AM

Posted 03 August 2008 - 09:39 AM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:41 AM

Posted 12 August 2008 - 06:05 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users