Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups, Something Deleting .dll Files?


  • This topic is locked This topic is locked
18 replies to this topic

#1 nelyjuggalo

nelyjuggalo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 17 March 2007 - 08:59 PM

Something has been erasing certain .dll files making programs such as bittorrent and Ad-Aware's Ad Watch not work. Also, I've been getting alot of popups lately. I normally never get any.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:44:45 PM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: (no name) - {71d23b61-c07c-4f9c-822e-828f728d15de} - C:\WINDOWS\system32\cryGNT.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [wjmv] C:\WINDOWS\wjmv.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [psoj39W] powres.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Zone Labs Client] C:\Documents and Settings\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: FLV Getter - C:\Program Files\FlvGetter\FlvGetter.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: comDAL - comDAL.dll (file missing)
O20 - Winlogon Notify: cryGNT - C:\WINDOWS\SYSTEM32\cryGNT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 8762 bytes

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 AM

Posted 17 March 2007 - 11:32 PM

Hello nelyjuggalo,

I am SifuMike and I will be helping you. :flowers:


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
*******************

Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It all depends on the number of files on your computer.

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

*******************

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.


Ewido is now AVG AntiSpyware, so I want you to uninstall Ewido and download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.


1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.


*******************


Logfile of Trend Micro HijackThis v2.0.0 (BETA)



You posted a Hijackthis that is run from a beta version of Hijackthis. This verson still has many bugs in it so we do not use it. :thumbsup:

Please delete that Trend Micro HijackThis v2.0.0 Beta version and download the latest version from the following link:

HijackThis Download Site with installer
Just click on Hijackthis_sfx.exe file that you downloaded.
A WinZip self extractor screen appears with the default location of C:\Program Files\Hijackthis.
Then press the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it.

If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on.


When done, submitthe BitDefender log, the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.

Edited by SifuMike, 17 March 2007 - 11:35 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 nelyjuggalo

nelyjuggalo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 18 March 2007 - 04:38 PM

Ok, I did everything you said to do. Here are the new logs:

Logfile of HijackThis v1.99.1
Scan saved at 5:34:47 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [wjmv] C:\WINDOWS\wjmv.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [psoj39W] powres.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Documents and Settings\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: FLV Getter - C:\Program Files\FlvGetter\FlvGetter.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: comDAL - comDAL.dll (file missing)
O20 - Winlogon Notify: cryGNT - cryGNT.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:28:05 PM 3/18/2007

+ Scan result:



C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP749\A0183423.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP749\A0183422.exe -> Downloader.Alchemic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP749\A0183426.exe -> Downloader.Intexp.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\atm2k.sys -> Not-A-Virus.Monitor.Win32.EliteKeylogger.30 : Cleaned with backup (quarantined).


::Report end



BitDefender Online Scanner



Scan report generated at: Sun, Mar 18, 2007 - 14:17:28





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
01:32:35

Files
510262

Folders
6498

Boot Sectors
3

Archives
13455

Packed Files
46629




Results

Identified Viruses
3

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6




Engines Info

Virus Definitions
405733

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Local Settings\Temp\tmp93.tmp.exe
Infected with: Trojan.BHO.AJ

C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Local Settings\Temp\tmp93.tmp.exe
Disinfection failed

C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Local Settings\Temp\tmp93.tmp.exe
Deleted

C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Local Settings\Temporary Internet Files\Content.IE5\8POZO3ON\bleep[1]
Infected with: Trojan.BHO.AJ

C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Local Settings\Temporary Internet Files\Content.IE5\8POZO3ON\bleep[1]
Disinfection failed

C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Local Settings\Temporary Internet Files\Content.IE5\8POZO3ON\bleep[1]
Deleted

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP756\A0186863.exe=>(NSIS o)=>lzma_nsis0004
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP756\A0186863.exe=>(NSIS o)=>lzma_nsis0004
Disinfection failed

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP756\A0186863.exe=>(NSIS o)=>lzma_nsis0004
Deleted

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP756\A0186863.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP764\A0187642.dll
Infected with: Trojan.BHO.AJ

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP764\A0187642.dll
Disinfection failed

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP764\A0187642.dll
Deleted

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP764\A0187643.dll
Infected with: Trojan.BHO.AJ

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP764\A0187643.dll
Disinfection failed

C:\System Volume Information\_restore{8153ACA8-C727-4835-A7D4-A3A2B949B296}\RP764\A0187643.dll
Deleted

C:\WINDOWS\del.tmp=>(Embedded EXE g)
Infected with: Trojan.Dropper.Delf.DJ

C:\WINDOWS\del.tmp=>(Embedded EXE g)
Disinfection failed

C:\WINDOWS\del.tmp=>(Embedded EXE g)
Deleted

C:\WINDOWS\del.tmp
Update failed

C:\WINDOWS\system32\tmp93.tmp.dll
Infected with: Trojan.BHO.AJ

C:\WINDOWS\system32\tmp93.tmp.dll
Disinfection failed

C:\WINDOWS\system32\tmp93.tmp.dll
Delete failed

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 AM

Posted 18 March 2007 - 06:18 PM

Hi nelyjuggalo,

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh Hijackthis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 nelyjuggalo

nelyjuggalo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 18 March 2007 - 08:34 PM

Combofix dosen't seem to be working for me. It keeps freezing when it says "disinfecting look2me", and everything on my desktop disapears except for the wallpaper. Should this "disinfecting look2me" step take more than a couple hours?

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 AM

Posted 18 March 2007 - 09:19 PM

No, it should not be taking that long.

Lets try this one:

Download ComboScan to your desktop:
http://www.techsupportforum.com/sectools/D...d/comboscan.exe

Make sure all running programs and Windows Explorer windows are closed.
Double-click on comboscan.exe to run it,then follow the prompts.
The scan may take a few minutes to complete.

When the scan has finished,a text file will open 'ComboScan.txt'.

Please Note:
When running Comboscan,some firewalls may warn that sigcheck.exe is trying to access the internet,please ensure that you allow sigcheck.exe permission to do so.
Also,it may happen that your Antivirus flags Comboscan as suspicious.
Please allow the Comboscan to run and don't let your Antivirus delete it.
(If necessary temporarily disable/turn off your Antivirus program).


Post the Comboscan.txt from the Comboscan into your next reply please. (Do not post the Supplementary.txt - only post Supplementary.txt when being asked)


What ComboScan will do:
create a new System Restore point in Windows XP and Vista.

clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.

check some important areas of your system and produce a report for your analyst to review.
ComboScan automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 nelyjuggalo

nelyjuggalo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 18 March 2007 - 09:36 PM

ComboScan v20070306.20 run by nelson on 2007-03-18 at 22:30:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
49: 2007-03-19 03:30:35 UTC - RP765 - ComboScan Restore Point
48: 2007-03-18 05:59:30 UTC - RP764 - Removed Java 2 Runtime Environment, SE v1.4.2_05
47: 2007-03-18 05:57:44 UTC - RP763 - Removed Java 2 Runtime Environment, SE v1.4.2_03
46: 2007-03-18 05:54:38 UTC - RP762 - Removed J2SE Runtime Environment 5.0 Update 11
45: 2007-03-18 05:52:36 UTC - RP761 - Removed J2SE Runtime Environment 5.0 Update 10


-- First Restore Point --
1: 2007-02-14 06:41:32 UTC - RP717 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as nelson.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:32, on 07-03-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Desktop\comboscan.exe
C:\DOCUME~1\NELSON~1.YOU\Desktop\Help!\nelson.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [wjmv] C:\WINDOWS\wjmv.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [psoj39W] powres.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Documents and Settings\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: FLV Getter - C:\Program Files\FlvGetter\FlvGetter.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: comDAL - comDAL.dll (file missing)
O20 - Winlogon Notify: cryGNT - cryGNT.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3S ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
1S atm2k - C:\WINDOWS\system32\drivers\atm2k.sys (not found)
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
3R BrScnUsb (Brother USB Still Image driver) - C:\WINDOWS\system32\drivers\BrScnUsb.sys
2S Ca533av (Polaroid Digital Cam Video) - C:\WINDOWS\system32\drivers\Ca533av.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
1R CmdMon (Comodo Application Engine) - C:\WINDOWS\system32\drivers\cmdmon.sys
0R fasttx2k - C:\WINDOWS\system32\drivers\Fasttx2k.sys
3R FETND5BV (VIA Rhine-Family Fast Ethernet Adapter Driver Service) - C:\WINDOWS\system32\drivers\fetnd5bv.sys
3S FETNDISB (VIA Rhine Family Fast Ethernet Adapter Driver Service) - C:\WINDOWS\system32\drivers\fetnd5b.sys
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3S ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
0R Inspect (Comodo Network Engine) - C:\WINDOWS\system32\drivers\inspect.sys
1S intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S LCcfltr (Logitech USB Filter Driver) - C:\WINDOWS\system32\drivers\LCcfltr.sys
2R LxrJD31d - C:\WINDOWS\system32\drivers\LxrJD31d.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S Mp3Drv (Classic MP6410 MP3 Player Control Driver) - C:\WINDOWS\system32\Drivers\Mp3Drv.sys (not found)
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
0R mtlex - C:\WINDOWS\system32\drivers\mtlex.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
1R ndisnt - C:\WINDOWS\system32\drivers\ndisnt.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3S nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3S Ps2 - C:\WINDOWS\system32\drivers\PS2.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys
1R SABDIFSV - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys
1R SABKUTIL - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS
3R SABProcEnum - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys
0R sbp2port (SBP-2 Transport/Protocol Bus Driver) - C:\WINDOWS\system32\drivers\sbp2port.sys
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfsync02.sys
3S SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3S StScsi - C:\WINDOWS\system32\DRIVERS\StScsi.sys (not found)
3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3S USBCamera (Icatch(IV) Still Camera Device) - C:\WINDOWS\system32\drivers\Bulk533.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3S VBus (Virtual Bus) - C:\WINDOWS\system32\drivers\NkVBus.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
3R viagfx - C:\WINDOWS\system32\drivers\vtmini.sys
3S vsdatant - C:\WINDOWS\system32\vsdatant.sys (not found)
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
2R AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
2R brmfrmps (Brother Popup Suspend service for Resource manager) - "C:\WINDOWS\system32\Brmfrmps.exe" -service
2R Brother XP spl Service (BrSplService) - C:\WINDOWS\system32\brsvc01a.exe
2R CmdAgent (Comodo Application Agent) - C:\Program Files\Comodo\Firewall\cmdagent.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R LxrJD31s (Lexar JD31) - LxrJD31s.exe
3S Macromedia Licensing Service - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
3S ose (Office Source Engine) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
3S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2S SABSVC (Super Ad Blocker Service) - "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE"
2R wwSecSvc (Washer AutoComplete) - C:\WINDOWS\system32\wwSecure.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-03-15 21:18:02 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-02-18 and 2007-03-18 -----------------------------

2007-03-18 19:57:21 0 d-------- C:\ComboFix
2007-03-18 16:12:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-18 01:05:45 0 d-------- C:\WINDOWS\BDOSCAN8
2007-03-17 17:51:19 27348 --a------ C:\WINDOWS\system32\vtsqq.exe
2007-03-17 17:29:23 116952 --a------ C:\sysevqb.exe
2007-03-17 17:25:26 0 --a------ C:\WINDOWS\system32\drivers\YOURAPP.EXE
2007-03-17 17:25:18 0 --a------ C:\WINDOWS\ORUN32.EXE
2007-03-17 17:25:09 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-03-17 17:20:20 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\SuperAdBlocker.com<SUPERA~1.COM>
2007-03-17 17:18:45 0 d-------- C:\Program Files\SuperAdBlocker.com<SUPERA~1.COM>
2007-03-16 23:29:29 8535 --a------ C:\WINDOWS\system32\ssqrpnn.dll
2007-03-16 22:22:43 0 dr-h----- C:\$VAULT$.AVG
2007-03-16 21:37:53 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\AVG7
2007-03-16 21:37:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-03-16 21:37:26 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-03-16 21:37:25 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-03-16 21:37:25 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-03-16 21:37:25 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-03-16 21:37:24 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-03-16 21:37:22 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-03-16 21:37:15 0 d-------- C:\Program Files\Grisoft
2007-03-16 21:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-03-16 21:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-03-16 18:57:36 27177 --a------ C:\WINDOWS\system32\pmkjh.exe
2007-03-16 18:43:36 8535 --a------ C:\WINDOWS\system32\gebcyya.dll
2007-03-13 01:07:47 487936 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-03-10 00:24:45 0 d-------- C:\WINDOWS\system32\bak
2007-03-10 00:24:45 0 d-------- C:\WINDOWS\system\bak
2007-03-10 00:24:45 0 d-------- C:\WINDOWS\bak
2007-03-04 21:40:45 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP<AOLOCP~1>
2007-03-04 21:40:25 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-03-04 21:39:18 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-02-28 21:55:08 0 d-------- C:\Program Files\Magic Video Batch Converter<MAGICV~1>
2007-02-19 16:26:09 0 d-------- C:\Program Files\PeerGuardian2<PEERGU~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-18 22:30:02 0 d-------- C:\Program Files\Trillian
2007-03-18 17:38:06 0 d-------- C:\Program Files\iTunes
2007-03-18 16:18:23 226935431 --a------ C:\WINDOWS\system32\digcache.dll
2007-03-18 16:00:15 0 d-------- C:\Program Files\ewido anti-spyware 4.0<EWIDOA~1.0>
2007-03-18 00:53:06 0 d-------- C:\Program Files\Java
2007-03-18 00:35:41 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-17 23:52:00 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-03-17 21:39:31 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-17 21:33:33 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-17 21:33:27 0 d-------- C:\Program Files\iPod
2007-03-17 21:30:44 0 d-------- C:\Program Files\Cacheman
2007-03-17 21:17:32 118 --a----c- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\iScrobbler.ini<ISCROB~1.INI>
2007-03-17 17:25:13 0 d-------- C:\Program Files\IntelliMover Data Transfer Demo<INTELL~1>
2007-03-17 17:17:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-15 14:38:14 25250 --a------ C:\WINDOWS\system32\shfonder.dat
2007-03-14 23:53:20 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-13 01:09:44 0 d-------- C:\Program Files\Common Files\Webroot Shared<WEBROO~1>
2007-03-13 01:09:40 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\Webroot
2007-03-10 13:57:57 0 --a------ C:\WINDOWS\system32\tsddq.dat
2007-03-10 13:57:57 0 --a------ C:\WINDOWS\system32\pschtprf.dat
2007-03-10 13:57:57 19547 --a------ C:\WINDOWS\system32\mslsq1mo.dat
2007-03-10 13:57:57 0 --a------ C:\WINDOWS\system32\ksusejm.dat
2007-03-10 13:55:58 0 --a------ C:\WINDOWS\system32\wdfatiww.dat
2007-03-10 13:55:58 0 --a------ C:\WINDOWS\system32\sprio6z0.dat
2007-03-10 13:55:58 0 --a------ C:\WINDOWS\system32\mr310mpc.dat
2007-03-04 21:40:22 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-03-04 21:39:49 335 --a----c- C:\WINDOWS\nsreg.dat
2007-03-04 21:39:49 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\Mozilla
2007-03-01 21:19:03 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-28 22:04:32 0 d-------- C:\Program Files\Gabest
2007-02-17 20:17:58 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-02-06 20:07:01 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\Comodo
2007-02-06 20:03:26 0 d-------- C:\Program Files\Comodo
2007-02-06 19:25:34 0 d-------- C:\Program Files\NetRatingsNetmeter<NETRAT~1>
2007-02-05 18:37:46 298 --a------ C:\WINDOWS\system32\lfepsj1n.dat
2007-01-29 16:13:35 0 d-------- C:\Program Files\Antadis
2007-01-29 16:05:36 0 d-------- C:\Program Files\Translation Office 3000 V7<TRANSL~1>
2007-01-29 16:04:16 56 --ah----- C:\WINDOWS\system32\t3xnelson.sys<T3XNEL~1.SYS>
2007-01-27 23:35:03 0 d-------- C:\Program Files\Replay Music 2<REPLAY~3>
2007-01-27 23:34:16 737280 --a----c- C:\WINDOWS\iun6002.exe
2007-01-06 23:51:12 71168 --a------ C:\WINDOWS\system32\LxrJD31s.exe
2007-01-06 23:51:12 146432 --a----c- C:\WINDOWS\system32\LxrJD31p.exe
2007-01-06 23:51:12 163840 --a----c- C:\WINDOWS\system32\LxrJD31c.exe
2007-01-06 23:51:12 249856 --a----c- C:\WINDOWS\system32\LxrJD31.dll
2007-01-06 23:51:12 61440 --a----c- C:\WINDOWS\system32\LxrJD20Sat.dll<LXRJD2~1.DLL>
2006-12-29 19:56:46 68 --a----c- C:\WINDOWS\system32\fs_di002_2.dll<FS_DI0~1.DLL>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow!"=""
"AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-Watch.exe\""
"Steam"=""
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"SuperAdBlocker"="C:\\Program Files\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"UpdateManager"="\"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"wjmv"="C:\\WINDOWS\\wjmv.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"psoj39W"="powres.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Zone Labs Client"="C:\\Documents and Settings\\ZoneAlarm\\zlclient.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VirtualBouncer"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VBouncer\\VirtualBouncer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdates"
"hkey"="HKLM"
"command"="C:\\Program Files\\winupdates\\winupdates.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdtl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdtl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\winupdtl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"h_wwtw.biz"=hex:fa,b1,08,83,22,29,14,1f,71,60,51,57,a1,9e,f0,cf,33,14
"pstincl"=hex:88,36,74,db,64,6a,4a,0a,24,30,10,1c,ff,cf,a6,88,72,55,2c,52,e0,\
db,8a,2a,23,1e,d6,a9,7f,3b,e5,b5,65,32,ed,ae,7e,36,ca,92,2f,e3,94,50,f4,d2,\
30,ce,6b,04,aa,12,e0,90,0a,ea,21,d2,4a,ed,2b,e0,60,e4,6e,f5,6d,ef,79,fc,56,\
8a,29,bf,10,9c,e2,47,a1,15,62,c0,2a,82,f9,57,83,f8,24,ca,c9,3c,7d,a6,f6,24,\
61,a3,e8,2c,71,b7,d7,06,25,63,df,d5,ff,0e,2d,4f,3b,80,a7,ca,ff,0c,0a,25,7b,\
44,57,7c,62,32,71,72,69,65,3f,79,71,6b,4b,5d,25,6a,14,0a,e3,de,b6,85,3b,54,\
37,0c,e2,d7,85,7c,25,4a,c1,b4,71,20,e8,fa,70,32,f3
"ip"=hex:c5,88,90,47,3d,78,04,16,25,29,10,0b,f1,c7,a1,95,2e,43,25,07,f5,ca,90,\
7e,6e,14,d7,f6,3a,66,e8,ae,67,28,ea,99,71,2b,d0,98,23,e4,88,58,e2,8c,37,8f,\
68,15,a9,0e,b0,d4,01,f1,34,d5,04,b4,78,a9,23,c2,6c,e0,72,ec,37,b9,09,dd,60,\
e2,54,c9,bd,48,b4,11,20,86,78,c6,e4,5d,da,ad,6f,85,d6,67,2c,ab,f6,7f,3c,a3,\
f6,77,53,b5,c5,07,25,31,80,dc,b0,1d,36,40,6e,92,a2,cc,e2,1c,0a,32,29,50,57,\
23,37,32,29,60,20,26,61,71,64,6b,45,5f,25,25,4a,1b,f1,c7,a1,92,74,4e,6a,0c,\
e3,96,ce,3e,2c,1e,c3,b0,7e,19,e5,b3,74,28,e7,bc,7c,38,d6,94,33,bf,8c,4d,fd,\
ce,64,8c,65,41,b0,4d,b0,d4,0c,f1,67,de,54,e9,71,fa,77,f6,64,a6,24,a4,7c,b9,\
17,81,70,fc,05,89,e0,09,e3,5d,62,d3,7a,d5,f2,4b,da,b7,2e,93,d7,29,36,a7,e6,\
32,70,e7,ea,2b,63,a9,98,18,2e,61,91,cd,b0,1d,3d,51,65,dc,e6,d9,f1,0a,17,26,\
2f,43,40,3b,30,7a,6d,7b,65,3c,26,31,32,39,49,50,38,3d,01,17,f7,dd,ac,dc,22,\
19,66,49,fe,d8,89,74,7d,53,d0,ab,71,27,f7,a7,22,61,e7,a5,71,2a,d7,cc,62,f2,\
89,5b,f3,86,29,c3,6f,43,fa,0e,b0,d4,05,b5,24,d8,50,f0,7f,e7,65,ed,3d,a6,29,\
e7,71,f4,41,8c,6a,a5,16,98,fe,5a,a2,4b,20,8c,21,98,e5,58,88,e2,7d,db,d4,38,\
63,ba,f3,2e,72,a5,ae,69,3d,b4,c1,02,33,70,83,dc,f2,06,3c,1c,22,b1,ab,db,b0,\
1f,05,27,2f,43,08,39,79,67,70,73,6f,65,71,73,73,78,4a,11,33,24,44,1a,fc,c8,\
b2,84,20,45,21,49,e4,cb,85,7f,33,17,c1,ab,75,27,e7,a8,61,32,a6,ee,2b,74,c5,\
d1,67,f3,85,57,f5,9a,2a,c4,74,4f,a6,48,fe,9c,17,a5,2f,9f,41,ea,3f,a3,2b,ed,\
6f,e6,6d,e7,55,f4,54,c3,25,a2,05,8a,be,41,b0,0c,27,81,69,8c,b0,4d,80,b1,6d,\
99,84,7e,40,a8,f7,32,77,ae,f6,2d,37,f9,89,1d,60,22,d4,89,bd,08,34,51,20,c6,\
f8,86,e4,1d,5a,6d,6f,45,56,27,2c,6b,76,3f,3c,63,76,37,53,75,45,47,25,71,00,\
1c,b0,dd,b6,80,6e,52,22,0c,e2,dc,8a,72,29,10,d7,e3,37,72,a9,a0,20,66,e6,a8,\
7e,3c,d7,9f,25,e5,ca,5b,f1,87,21,d2,74,0e,ea,4c,e3,d6,4e,fe,2c,de,43,f0,7e,\
cc,69,f1,72,e4,77,e8,63,b7,4c,c5,2d,f6,44,d4,f5,09,b0,05,20,8c,2c,c9,b7,56,\
94,e1,21,82,d7,2e,74,ee,a4,6c,6c,e1,b7,79,20,f4,c5,01,30,31,c3,85,f2,1b,7a,\
1d,62,93,fa,8f,fe,1b,17,21,66,5f,46,6a,60,2f,6a,63,73,71,38,60,7e,69,51,45,\
60,25,1d,09,f5,94,e6,91,61,52,37,1e,ff,cb,80,33,60,02,cd,a3,75,74,a6,f9,22,\
61,e9,a8,68,35,c1,9f,27,e5,8c,04,b2,d1,66,81,6e,00,a9,4c,ad,db,10,a3,21,df,\
57,ff,32,a9,67,ed,61,f2,77,b4,32,fa,49,d3,23,be,09,9b,ff,0b,fa,46,20,8c,25,\
8d,f4,50,90,f8,2f,9f,c5,35,2d,ee,a9,2f,61,ac,e1,74,3a,ad,d6,10,2e,62,82,93,\
b0,44,21,50,75,80,a8,da,ad,53,14,30,33,42,53,76,62,6d,2e,21,2d,6c,61,7a,63,\
78,43,54,22,3e,1c,44,b2,f9,ab,93,20,47,25,1f,ff,cb,c8,31,29,1f,d0,ab,7f,2d,\
f1,bb,63,20,ea,e9,63,2c,84,92,2c,f0,92,5c,b0,8d,21,81,74,13,a5,47,e3,9f,01,\
a3,25,df,47,f0,71,fa,26,a6,3b,ac,65,a9,37,ee,53,c6,6e,b3,06,8f,f1,07,a1,12,\
2f,f5,08,ab,c3,16,90,fd,22,82,8b,33,63,b9,ab,24,73,b1,ab,21,7f,b4,c1,5e,29,\
7f,80,dc,e8,47,2e,52,70,c6,e4,84,f5,59,02,3e,32,5c,04,34,78,29,23,6c,65,73,\
6b,2e,30,34,48,11,77,60,54,54,f1,d9,b4,c1,27,1d,26,1b,b0,96,da,2d,2c,10,c6,\
bc,7c,69,e2,ae,72,7c,a6,aa,7c,38,d2,94,62,af,a7,55,f1,9f,21,81,64,04,e4,7d,\
e2,98,0a,a2,26,d4,56,fc,7e,ea,6d,e0,73,bd,2b,e5,71,fb,41,dd,7e,ed,0d,97,e0,\
5c,b0,41,74,c0,26,80,fe,5d,81,e9,7d,d3,97,7b,30,bd,fd,31,65,fc,a6,39,71,aa,\
d7,06,2f,63,80,9b,b0,04,25,59,6c,84,aa,ce,e4,11,59,73,71,04,06,39,63,60,7e,\
64,3d,23,36,39,32,39,4a,50,2d,34,59,5b,f3,c5,a5,97,65,03,64,00,f4,84,c6,72,\
2c,10,d2,bc,32,77,a3,e1,2d,20,e0,ad,79,2d,cd,9e,2e,f0,88,04,b7,c4,2a,c0,6d,\
04,f9,03,f3,95,05,a7,25,9b,04,b4,75,f8,71,e0,6c,f2,39,a3,40,f8,57,c2,37,be,\
16,9d,ba,09,e9,0c,65,d2,37,88,f7,5c,86,fe,38,cc,86,09,7f,bb,a4,27,61,b7,eb,\
3b,3c,f9,cd,1f,34,63,8b,dd,e5,13,27,40,6e,c1,b7,dc,b0,1a,08,30,36,54,04,7d,\
75,29,70,73,61,6f,77,6f,75,6b,41,5f,23,38,05,0a,b2,8e,ff,cc,61,01,63,0b,f2,\
cf,85,7f,25,05,cb,bf,76,20,e7,a4,2e,22,eb,a4,3f,73,8b,9d,2f,f6,8d,57,cf,8b,\
26,d7,61,0f,a1,5d,ff,9f,02,b8,23,d4,0a,f1,64,e4,68,a6,20,ac,61,a9,64,fd,04,\
9c,28,f1,43,89,f1,5a,b7,16,6f,d3,20,ce,b0,14,88,b1,72,c1,94,74,71,b9,f4,61,\
27,fd,ab,3d,74,e7,98,5e,34,63,da,85,f2,1b,7a,1d,62,93,fa,95,e4,0b,5a,6d,34,\
55,04,71,75,60,63,69,74,3c,26,3b,20,3b,04,52,2c,30,17,0a,ad,8b,a7,c3,3e,1d,\
37,19,f1,d7,c4,72,2c,10,d7,aa,2d,6b,f0,b9,74,23,e7,eb,2e,1a,c8,90,36,f4,c4,\
5d,f5,c9,30,d3,61,0f,b7,4f,f5,8b,01,bf,23,d8,45,ea,2c,a6,77,f1,61,ef,3a,b5,\
3f,ed,40,8f,7c,fe,10,8b,ae,15,a6,13,3e,9d,30,9b,ae,05,90,f5,60,99,c1,30,77,\
a1,f0,7c,22,f3,b4,6b,30,ba,c8,10,33,62,d9,9b,f3,4b,7a,1d,69,8f,b4,dc,e4,59,\
10,28,30,54,19,3b,60,68,77,72,77,6e,76,6d,32,39,4a,50,2d,34,59,5b,f3,c5,a5,\
97,65,03,64,1a,f9,c3,81,2c,62,40,92,fb,30,24,e5,b9,6c,24,ea,ae,64,31,99,d3,\
79,b3,c4,4d,f1,8b,2d,cf,64,04,bc,14,b2,cb,46,ef,67,91,09,f8,74,ed,6d,f5,69,\
ee,6a,e8,7c,a4,03,9c,2e,b0,09,9c,ad,03,a7,0d,61,d7,21,c3,b0,14,81,e0,35,90,\
c8,2a,2d,e3,f4,36,64,eb,a4,64,7d,bc,d7,02,21,76,81,db,ff,11,79,03,50,8e,b6,\
89,f6,18,12,3e,32,1d,04,70,7e,7d,76,6e,64,74,7e,6a,71,77,04,42,35,71,07,15,\
f1,df,a1,c1,64,44,64,1d,e2,d8,8a,62,26,14,d6,bc,7e,2a,ed,a0,73,63,a3,f2,3d,\
38,84,d6,28,e5,90,49,e3,d3,6b,8e,77,16,b3,1a,be,97,01,a5,22,d0,4a,f2,3e,ea,\
6b,ec,6d,e3,65,e7,7b,b7,47,de,2d,ff,05,8c,bf,47,a1,15,62,c0,2a,82,bf,5b,85,\
ff,2b,9c,c5,30,7e,ee,a4,6c,65,e1,f0,2d,30,f4,cc,51,67,41,85,ca,e3,1e,2b,53,\
64,cb,e3,89,bd,15,44,65,70,1c,56,7c,60,29,23,3d,74,60,66,65,75,39,47,54,2c,\
3d,14,18,f4,cd,ad,8f,67,1c,74,49,f3,dc,88,7d,33,01,c5,ba,79,27,e3,fc,30,7f,\
b8,bd,62,67,98,85,24,b1,87,55,f1,9a,37,9c,22,0d,ab,4e,ff,97,3b,bd,21,d3,41,\
f5,32,b7,38,ed,61,e3,61,e5,30,ff,4b,c3,7d,f3,14,98,e3,5a,b3,0e,72,c5,66,d7,\
c0,58,97,e2,37,9e,d6,3d,3a,f5,ab,2d,61,a3,e1,25,2e,e5,8b,05,24,2f,d8,96,e4,\
1b,7a,1d,74,93,fa,95,e4,1d,44,32,2c,50,57,6a,2d,2b,68,6e,67,6e,6a,56,7c,78,\
46,54,2c,73,44,0a,e4,d0,a8,84,3d,03,34,08,f4,dd,8d,7f,27,5c,d0,b6,60,73,bd,\
b1,78,63,ba,f5,7c,38,c6,94,2c,b1,82,56,e2,d4,66,c0,6e,12,9b,18,b2,c7,25,bf,\
33,c6,41,eb,30,b8,2e,bd,2f,ed,65,eb,75,f5,1a,8d,6f,a5,00,c7,ac,06,b0,13,3e,\
9d,30,9b,ae,05,90,f5,60,92,c8,38,63,ba,b9,63,6c,ae,e3,26,7e,86,c8,10,22,74,\
88,9b,b0,1a,30,58,6c,84,f9,8b,e0,18,00,35,29,5f,43,34,64,66,74,3b,39,71,7c,\
2b,2e,25,48,50,22,34,08,59,f6,c6,b6,dc,22,40,2a,1a,cf,8b,c6,2f,01,1f,d7,ae,\
75,3b,a4,f3,2a,7d,ab,a5,71,3b,c1,9d,7e,ad,cb,4d,f4,d7,78,8e,74,13,fa,15,bf,\
8d,05,b3,2c,d4,1a,be,30,a4,65,e5,64,e8,70,e0,7f,f7,45,dd,7d,f6,49,97,f1,44,\
a1,5c,2a,c0,2a,9a,cf,0b,ce,b1,6d,94,d5,2c,71,a5,f7,7c,2a,eb,a4,64,7d,bc,d7,\
02,21,76,81,db,ff,11,79,03,50,8d,a1,c8,e3,1c,48,71,21,5f,57,6e,75,7b,24,75,\
77,6e,24,78,65,7c,57,45,29,3e,0a,0a,b2,8e,ff,cc,61,01,63,1e,e7,ce,ca,73,2f,\
00,8a,ba,7f,24,aa,a0,75,6e,cd,8b,40,2b,c1,82,25,ff,90,58,e4,80,2b,cf,2f,49,\
ee,00,bf,bd,01,b7,21,c4,48,ed,3e,e8,77,f1,78,a6,24,a4,75,b9,57,c5,32,be,0a,\
9e,b0,04,ac,41,27,f1,21,9b,e3,56,8a,f0,2c,d6,84,74,7c,e9,b6,73,2d,a0,f4,39,\
30,fe,98,15,29,67,c4,ca,e4,10,28,44,3d,c3,b4,c8,f4,1d,0d,3f,27,1c,50,76,60,\
33,35,34,70,79,26,37,46,78,48,44,25,71,25,0c,e4,c1,ab,93,69,52,25,1d,f9,d6,\
8a,31,03,1e,c0,bc,2a,75,ab,a5,69,37,ba,ee,2b,74,c5,d1,67,f9,90,4d,e0,9a,7e,\
8e,2f,16,b3,5e,be,8e,01,bd,2c,c2,42,f8,62,ee,6b,af,63,ee,69,ae,30,b4,41,91,\
34,b5,44,d4,f8,09,e3,12,69,c6,2a,ce,b0,14,88,b1,76,c1,94,74,62,ac,f4,61,27,\
fd,e6,3b,2e,ea,8a,51,01,45,a9,99,c0,20,0a,1d,62,93,fa,95,d9,37,34,04,14,11,\
50,60,60,6c,39,23,74,64,7c,7d,32,39,4a,50,2d,34,59,5b,f1,dd,a9,91,69,4f,66,\
57,ac,db,96,2f,7c,13,d6,e7,2c,25,e5,a3,65,2d,a4,af,7f,2b,99,d3,24,f4,97,4d,\
f9,87,25,d5,69,0e,aa,0b,ae,cd,4a,f1,13,d8,43,f7,30,c6,6a,a1,74,ee,38,a6,7c,\
f8,46,d4,2c,ef,5e,c5,f2,5b,e4,4e,3e,9d,37,8c,fc,5c,87,e5,60,9f,c5,34,75,f4,\
a6,25,65,b2,f0,20,7e,b8,d0,18,2f,7f,c6,99,f9,0d,79,03,64,84,b7,dd,f9,17,05,\
25,29,5e,4a,3b,30,7d,6d,75,6c,64,39,2b,43,7c,48,54,23,25,44,18,b0,cd,a1,92,\
74,48,2a,08,e4,d0,8b,7f,62,51,d0,b8,72,20,ea,a5,65,39,b9,eb,23,7b,9a,cd,2f,\
e1,90,50,ff,87,64,d7,61,0d,b1,4c,ad,db,25,b2,23,de,51,f7,64,da,71,ec,6d,e0,\
76,f0,32,b9,57,d4,2c,b4,07,8d,f5,4d,f9,43,73,c4,28,8c,f3,4d,81,f5,62,cf,e5,\
3a,73,a6,f1,2f,74,e1,d7,3c,7d,b4,c5,03,39,2d,cb,d6,e0,1d,2d,4e,6e,df,f8,c6,\
e0,0d,0d,3e,2e,11,52,78,7c,7c,61,3c,22,55,76,68,7e,6a,42,54,32,73,5a,2d,e2,\
c8,aa,92,66,44,36,55,bf,d6,94,65,29,1e,ca,e7,2c,26,f4,b5,69,2e,ea,e9,66,38,\
c8,84,25,ac,c6,7b,f9,85,28,f1,61,18,e6,17,d2,90,08,bd,60,e1,45,e0,2c,a6,6b,\
f1,74,e8,6b,e7,2e,a5,4b,c1,34,b8,0b,97,b0,5f,a5,0d,75,c4,79,cb,d2,4b,8b,fa,\
25,83,c5,3e,75,eb,ba,03,72,ae,ef,2c,62,b8,c3,14,7c,3e,8b,c9,e4,00,2b,4f,3e,\
dd,ab,d9,e4,10,0b,3f,60,47,45,75,65,6c,39,23,54,73,65,6d,75,3b,1a,65,32,30,\
00,1c,ac,86,ab,91,74,48,2b,07,ae,85,8b,61,34,18,cb,b7,30,3f,e5,ad,75,24,b9,\
eb,5d,3c,d7,82,21,f6,81,78,fc,8c,36,d5,73,43,fa,64,f5,8a,17,b0,27,d4,57,b9,\
36,e8,69,f1,5e,df,24,c8,7c,fc,56,c5,33,ed,4b,96,e0,5d,ad,0e,6e,9f,78,86,e0,\
4d,8d,fe,2e,d1,d2,38,7c,bc,e1,7c,22,8c,e5,20,7e,94,c1,1f,35,33,da,f8,f3,0a,\
2b,54,6e,95,e4,fa,f5,0b,12,38,23,54,57,25,3f,66,74,75,69,6e,6a,37,2c,36,57,\
54,2c,34,07,0d,ae,8e,e4,cc,61,45,20,00,e4,d0,8b,7f,21,1d,99,fe,3d,27,e5,ac,\
65,7c,ae,a8,64,34,d4,98,2e,bb,c4,14,f5,98,31,c0,6c,12,f9,03,ba,d9,49,bc,25,\
c2,57,f8,77,ec,66,ee,78,bc,26,d9,7c,fc,45,c2,25,fd,44,9c,fe,5d,a1,13,20,d8,\
2b,9c,e2,19,94,f8,2e,d3,83,62
"h_www.wwtw.biz"=hex:fa,b1,08,83,22,29,14,1f,71,60,51,57,a1,9e,f0,cf,33,14


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\comDAL
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryGNT

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd383aab-7686-11da-b8a9-00112f1a065d}]
Shell\AutoRun\command K:\JDSecure\Windows\JDSecure31.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd383aac-7686-11da-b8a9-00112f1a065d}]
Shell\AutoRun\command K:\JDSecure\Windows\JDSecure31.exe


-- End of ComboScan: finished at 2007-03-18 at 22:32:51 ------------------------

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 AM

Posted 18 March 2007 - 10:01 PM

Hi nelyjuggalo,




You have a suspicious file we need to check.

You will need to configure Windows to show Hidden files.

Go to Jotti Online File Scanner copy and paste C:\WINDOWS\system32\powres.exe to the upload and scan it.

Let me know the results.
Copy and paste the output to this thread

It should look something like this sample:

File: GoogleToolbarInstaller.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: CEXE

AntiVir No viruses found (0.15 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender No viruses found (0.97 seconds taken)
ClamAV No viruses found (0.39 seconds taken)
Dr.Web No viruses found (0.52 seconds taken)
F-Prot Antivirus No viruses found (0.06 seconds taken)
Kaspersky Anti-Virus No viruses found (0.74 seconds taken)
mks_vir No viruses found (0.21 seconds taken)
NOD32 No viruses found (0.42 seconds taken)
Norman Virus Control No viruses found (0.40 seconds taken)


If Jotti's Malware scan is busy, use Virus Total
http://www.virustotal.com/flash/index_en.html


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial

Please disable AVG Anitspyware Guard while we are using hijackthis.
Open AVG Antispyware and in the main window click "Resident Shield", then toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
You can enable it when we have your computer clean.


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O4 - HKLM\..\Run: [wjmv] C:\WINDOWS\wjmv.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O20 - Winlogon Notify: comDAL - comDAL.dll (file missing)
O20 - Winlogon Notify: cryGNT - cryGNT.dll (file missing)



*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\ALCXMNTR.EXE <==file
C:\WINDOWS\wjmv.exe <==file

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.



Let's empty the temp files:

Run CCleaner.

Do not use the "Issues" block . It's meant for professionals.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Finally, reboot to the Normal Mode , post a new Hijackthis log, the results of the Jotti scan, and tell me how your computer is running.

Edited by SifuMike, 18 March 2007 - 10:02 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 nelyjuggalo

nelyjuggalo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 March 2007 - 12:21 AM

Hi, SifuMike. After doing the Jotti File Scanner thing, I got this message:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

I'm getting the same message from Virus Total.

While looking for files to remove, I couldn't locate C:\WINDOWS\wjmv.exe

My computer has been running much better so far, thanks to you. :thumbsup:

Here's the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 01:21, on 07-03-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Desktop\Help!\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [psoj39W] powres.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Documents and Settings\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: FLV Getter - C:\Program Files\FlvGetter\FlvGetter.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Edited by nelyjuggalo, 19 March 2007 - 12:24 AM.


#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 AM

Posted 19 March 2007 - 11:25 AM

Hi nelyjuggalo,

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Please double-click on My Computer and locate the file "C:\WINDOWS\system32\powres.exe". 
Right-click on it and choose "Properties", then click on the "Version" tab at the top. 
Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each.

Edited by SifuMike, 19 March 2007 - 11:27 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 nelyjuggalo

nelyjuggalo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 March 2007 - 06:22 PM

Hmm.. I can't seem to find powres.exe anywhere in the system32 folder, even though allowed all hidden files and stuff to be seen.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 AM

Posted 19 March 2007 - 10:13 PM

It may be the file has been deleted and only the registry entry is there.
Do another ComboScan, post the log and lets seen if it is there.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 nelyjuggalo

nelyjuggalo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 March 2007 - 10:31 PM

Ok, here it is:

ComboScan v20070306.20 run by nelson on 2007-03-19 at 23:26:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as nelson.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:27, on 07-03-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Desktop\Help!\comboscan.exe
C:\DOCUME~1\NELSON~1.YOU\Desktop\Help!\nelson.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [psoj39W] powres.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Documents and Settings\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "nelson"
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: FLV Getter - C:\Program Files\FlvGetter\FlvGetter.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


-- Files created between 2007-02-19 and 2007-03-19 -----------------------------

2007-03-19 20:56:45 0 d-------- C:\Program Files\Atlantis
2007-03-19 20:48:12 0 d-------- C:\FlySuite
2007-03-19 01:00:16 0 d-------- C:\Program Files\CCleaner
2007-03-18 19:57:21 0 d-------- C:\ComboFix
2007-03-18 16:12:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-18 01:05:45 0 d-------- C:\WINDOWS\BDOSCAN8
2007-03-17 17:51:19 27348 --a------ C:\WINDOWS\system32\vtsqq.exe
2007-03-17 17:29:23 116952 --a------ C:\sysevqb.exe
2007-03-17 17:25:26 0 --a------ C:\WINDOWS\system32\drivers\YOURAPP.EXE
2007-03-17 17:25:18 0 --a------ C:\WINDOWS\ORUN32.EXE
2007-03-17 17:25:09 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-03-17 17:20:20 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\SuperAdBlocker.com<SUPERA~1.COM>
2007-03-17 17:18:45 0 d-------- C:\Program Files\SuperAdBlocker.com<SUPERA~1.COM>
2007-03-16 23:29:29 8535 --a------ C:\WINDOWS\system32\ssqrpnn.dll
2007-03-16 22:22:43 0 dr-h----- C:\$VAULT$.AVG
2007-03-16 21:37:53 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\AVG7
2007-03-16 21:37:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-03-16 21:37:26 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-03-16 21:37:25 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-03-16 21:37:25 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-03-16 21:37:25 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-03-16 21:37:24 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-03-16 21:37:22 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-03-16 21:37:15 0 d-------- C:\Program Files\Grisoft
2007-03-16 21:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-03-16 21:37:15 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-03-16 18:57:36 27177 --a------ C:\WINDOWS\system32\pmkjh.exe
2007-03-16 18:43:36 8535 --a------ C:\WINDOWS\system32\gebcyya.dll
2007-03-13 01:07:47 487936 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-03-10 00:24:45 0 d-------- C:\WINDOWS\system32\bak
2007-03-10 00:24:45 0 d-------- C:\WINDOWS\system\bak
2007-03-10 00:24:45 0 d-------- C:\WINDOWS\bak
2007-03-04 21:40:45 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP<AOLOCP~1>
2007-03-04 21:40:25 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-03-04 21:39:18 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-02-28 21:55:08 0 d-------- C:\Program Files\Magic Video Batch Converter<MAGICV~1>
2007-02-19 16:26:09 0 d-------- C:\Program Files\PeerGuardian2<PEERGU~1>


-- Find3M Report ---------------------------------------------------------------

2007-03-19 23:26:46 118 --a----c- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\iScrobbler.ini<ISCROB~1.INI>
2007-03-19 21:33:31 0 d-------- C:\Program Files\Trillian
2007-03-19 15:26:53 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-18 17:38:06 0 d-------- C:\Program Files\iTunes
2007-03-18 16:18:23 226935431 --a------ C:\WINDOWS\system32\digcache.dll
2007-03-18 16:00:15 0 d-------- C:\Program Files\ewido anti-spyware 4.0<EWIDOA~1.0>
2007-03-18 00:53:06 0 d-------- C:\Program Files\Java
2007-03-18 00:35:41 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-17 23:52:00 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-03-17 21:33:33 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-17 21:33:27 0 d-------- C:\Program Files\iPod
2007-03-17 21:30:44 0 d-------- C:\Program Files\Cacheman
2007-03-17 17:25:13 0 d-------- C:\Program Files\IntelliMover Data Transfer Demo<INTELL~1>
2007-03-17 17:17:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-15 14:38:14 25250 --a------ C:\WINDOWS\system32\shfonder.dat
2007-03-14 23:53:20 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-13 01:09:44 0 d-------- C:\Program Files\Common Files\Webroot Shared<WEBROO~1>
2007-03-13 01:09:40 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\Webroot
2007-03-10 13:57:57 0 --a------ C:\WINDOWS\system32\tsddq.dat
2007-03-10 13:57:57 0 --a------ C:\WINDOWS\system32\pschtprf.dat
2007-03-10 13:57:57 19547 --a------ C:\WINDOWS\system32\mslsq1mo.dat
2007-03-10 13:57:57 0 --a------ C:\WINDOWS\system32\ksusejm.dat
2007-03-10 13:55:58 0 --a------ C:\WINDOWS\system32\wdfatiww.dat
2007-03-10 13:55:58 0 --a------ C:\WINDOWS\system32\sprio6z0.dat
2007-03-10 13:55:58 0 --a------ C:\WINDOWS\system32\mr310mpc.dat
2007-03-04 21:40:22 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-03-04 21:39:49 335 --a----c- C:\WINDOWS\nsreg.dat
2007-03-04 21:39:49 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\Mozilla
2007-03-01 21:19:03 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-28 22:04:32 0 d-------- C:\Program Files\Gabest
2007-02-17 20:17:58 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-02-06 20:07:01 0 d-------- C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Application Data\Comodo
2007-02-06 20:03:26 0 d-------- C:\Program Files\Comodo
2007-02-06 19:25:34 0 d-------- C:\Program Files\NetRatingsNetmeter<NETRAT~1>
2007-02-05 18:37:46 298 --a------ C:\WINDOWS\system32\lfepsj1n.dat
2007-01-29 16:13:35 0 d-------- C:\Program Files\Antadis
2007-01-29 16:05:36 0 d-------- C:\Program Files\Translation Office 3000 V7<TRANSL~1>
2007-01-29 16:04:16 56 --ah----- C:\WINDOWS\system32\t3xnelson.sys<T3XNEL~1.SYS>
2007-01-27 23:35:03 0 d-------- C:\Program Files\Replay Music 2<REPLAY~3>
2007-01-27 23:34:16 737280 --a----c- C:\WINDOWS\iun6002.exe
2007-01-06 23:51:12 71168 --a------ C:\WINDOWS\system32\LxrJD31s.exe
2007-01-06 23:51:12 146432 --a----c- C:\WINDOWS\system32\LxrJD31p.exe
2007-01-06 23:51:12 163840 --a----c- C:\WINDOWS\system32\LxrJD31c.exe
2007-01-06 23:51:12 249856 --a----c- C:\WINDOWS\system32\LxrJD31.dll
2007-01-06 23:51:12 61440 --a----c- C:\WINDOWS\system32\LxrJD20Sat.dll<LXRJD2~1.DLL>
2006-12-29 19:56:46 68 --a----c- C:\WINDOWS\system32\fs_di002_2.dll<FS_DI0~1.DLL>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow!"=""
"AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-Watch.exe\""
"Steam"=""
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"SuperAdBlocker"="C:\\Program Files\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Index Washer"="C:\\Program Files\\Webroot\\Washer\\WashIdx.exe \"nelson\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"UpdateManager"="\"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"psoj39W"="powres.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Zone Labs Client"="C:\\Documents and Settings\\ZoneAlarm\\zlclient.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VirtualBouncer"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VBouncer\\VirtualBouncer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdates"
"hkey"="HKLM"
"command"="C:\\Program Files\\winupdates\\winupdates.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdtl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdtl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\winupdtl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"h_wwtw.biz"=hex:fa,b1,08,83,22,29,14,1f,71,60,51,57,a1,9e,f0,cf,33,14
"pstincl"=hex:88,36,74,db,64,6a,4a,0a,24,30,10,1c,ff,cf,a6,88,72,55,2c,52,e0,\
db,8a,2a,23,1e,d6,a9,7f,3b,e5,b5,65,32,ed,ae,7e,36,ca,92,2f,e3,94,50,f4,d2,\
30,ce,6b,04,aa,12,e0,90,0a,ea,21,d2,4a,ed,2b,e0,60,e4,6e,f5,6d,ef,79,fc,56,\
8a,29,bf,10,9c,e2,47,a1,15,62,c0,2a,82,f9,57,83,f8,24,ca,c9,3c,7d,a6,f6,24,\
61,a3,e8,2c,71,b7,d7,06,25,63,df,d5,ff,0e,2d,4f,3b,80,a7,ca,ff,0c,0a,25,7b,\
44,57,7c,62,32,71,72,69,65,3f,79,71,6b,4b,5d,25,6a,14,0a,e3,de,b6,85,3b,54,\
37,0c,e2,d7,85,7c,25,4a,c1,b4,71,20,e8,fa,70,32,f3
"ip"=hex:c5,88,90,47,3d,78,04,16,25,29,10,0b,f1,c7,a1,95,2e,43,25,07,f5,ca,90,\
7e,6e,14,d7,f6,3a,66,e8,ae,67,28,ea,99,71,2b,d0,98,23,e4,88,58,e2,8c,37,8f,\
68,15,a9,0e,b0,d4,01,f1,34,d5,04,b4,78,a9,23,c2,6c,e0,72,ec,37,b9,09,dd,60,\
e2,54,c9,bd,48,b4,11,20,86,78,c6,e4,5d,da,ad,6f,85,d6,67,2c,ab,f6,7f,3c,a3,\
f6,77,53,b5,c5,07,25,31,80,dc,b0,1d,36,40,6e,92,a2,cc,e2,1c,0a,32,29,50,57,\
23,37,32,29,60,20,26,61,71,64,6b,45,5f,25,25,4a,1b,f1,c7,a1,92,74,4e,6a,0c,\
e3,96,ce,3e,2c,1e,c3,b0,7e,19,e5,b3,74,28,e7,bc,7c,38,d6,94,33,bf,8c,4d,fd,\
ce,64,8c,65,41,b0,4d,b0,d4,0c,f1,67,de,54,e9,71,fa,77,f6,64,a6,24,a4,7c,b9,\
17,81,70,fc,05,89,e0,09,e3,5d,62,d3,7a,d5,f2,4b,da,b7,2e,93,d7,29,36,a7,e6,\
32,70,e7,ea,2b,63,a9,98,18,2e,61,91,cd,b0,1d,3d,51,65,dc,e6,d9,f1,0a,17,26,\
2f,43,40,3b,30,7a,6d,7b,65,3c,26,31,32,39,49,50,38,3d,01,17,f7,dd,ac,dc,22,\
19,66,49,fe,d8,89,74,7d,53,d0,ab,71,27,f7,a7,22,61,e7,a5,71,2a,d7,cc,62,f2,\
89,5b,f3,86,29,c3,6f,43,fa,0e,b0,d4,05,b5,24,d8,50,f0,7f,e7,65,ed,3d,a6,29,\
e7,71,f4,41,8c,6a,a5,16,98,fe,5a,a2,4b,20,8c,21,98,e5,58,88,e2,7d,db,d4,38,\
63,ba,f3,2e,72,a5,ae,69,3d,b4,c1,02,33,70,83,dc,f2,06,3c,1c,22,b1,ab,db,b0,\
1f,05,27,2f,43,08,39,79,67,70,73,6f,65,71,73,73,78,4a,11,33,24,44,1a,fc,c8,\
b2,84,20,45,21,49,e4,cb,85,7f,33,17,c1,ab,75,27,e7,a8,61,32,a6,ee,2b,74,c5,\
d1,67,f3,85,57,f5,9a,2a,c4,74,4f,a6,48,fe,9c,17,a5,2f,9f,41,ea,3f,a3,2b,ed,\
6f,e6,6d,e7,55,f4,54,c3,25,a2,05,8a,be,41,b0,0c,27,81,69,8c,b0,4d,80,b1,6d,\
99,84,7e,40,a8,f7,32,77,ae,f6,2d,37,f9,89,1d,60,22,d4,89,bd,08,34,51,20,c6,\
f8,86,e4,1d,5a,6d,6f,45,56,27,2c,6b,76,3f,3c,63,76,37,53,75,45,47,25,71,00,\
1c,b0,dd,b6,80,6e,52,22,0c,e2,dc,8a,72,29,10,d7,e3,37,72,a9,a0,20,66,e6,a8,\
7e,3c,d7,9f,25,e5,ca,5b,f1,87,21,d2,74,0e,ea,4c,e3,d6,4e,fe,2c,de,43,f0,7e,\
cc,69,f1,72,e4,77,e8,63,b7,4c,c5,2d,f6,44,d4,f5,09,b0,05,20,8c,2c,c9,b7,56,\
94,e1,21,82,d7,2e,74,ee,a4,6c,6c,e1,b7,79,20,f4,c5,01,30,31,c3,85,f2,1b,7a,\
1d,62,93,fa,8f,fe,1b,17,21,66,5f,46,6a,60,2f,6a,63,73,71,38,60,7e,69,51,45,\
60,25,1d,09,f5,94,e6,91,61,52,37,1e,ff,cb,80,33,60,02,cd,a3,75,74,a6,f9,22,\
61,e9,a8,68,35,c1,9f,27,e5,8c,04,b2,d1,66,81,6e,00,a9,4c,ad,db,10,a3,21,df,\
57,ff,32,a9,67,ed,61,f2,77,b4,32,fa,49,d3,23,be,09,9b,ff,0b,fa,46,20,8c,25,\
8d,f4,50,90,f8,2f,9f,c5,35,2d,ee,a9,2f,61,ac,e1,74,3a,ad,d6,10,2e,62,82,93,\
b0,44,21,50,75,80,a8,da,ad,53,14,30,33,42,53,76,62,6d,2e,21,2d,6c,61,7a,63,\
78,43,54,22,3e,1c,44,b2,f9,ab,93,20,47,25,1f,ff,cb,c8,31,29,1f,d0,ab,7f,2d,\
f1,bb,63,20,ea,e9,63,2c,84,92,2c,f0,92,5c,b0,8d,21,81,74,13,a5,47,e3,9f,01,\
a3,25,df,47,f0,71,fa,26,a6,3b,ac,65,a9,37,ee,53,c6,6e,b3,06,8f,f1,07,a1,12,\
2f,f5,08,ab,c3,16,90,fd,22,82,8b,33,63,b9,ab,24,73,b1,ab,21,7f,b4,c1,5e,29,\
7f,80,dc,e8,47,2e,52,70,c6,e4,84,f5,59,02,3e,32,5c,04,34,78,29,23,6c,65,73,\
6b,2e,30,34,48,11,77,60,54,54,f1,d9,b4,c1,27,1d,26,1b,b0,96,da,2d,2c,10,c6,\
bc,7c,69,e2,ae,72,7c,a6,aa,7c,38,d2,94,62,af,a7,55,f1,9f,21,81,64,04,e4,7d,\
e2,98,0a,a2,26,d4,56,fc,7e,ea,6d,e0,73,bd,2b,e5,71,fb,41,dd,7e,ed,0d,97,e0,\
5c,b0,41,74,c0,26,80,fe,5d,81,e9,7d,d3,97,7b,30,bd,fd,31,65,fc,a6,39,71,aa,\
d7,06,2f,63,80,9b,b0,04,25,59,6c,84,aa,ce,e4,11,59,73,71,04,06,39,63,60,7e,\
64,3d,23,36,39,32,39,4a,50,2d,34,59,5b,f3,c5,a5,97,65,03,64,00,f4,84,c6,72,\
2c,10,d2,bc,32,77,a3,e1,2d,20,e0,ad,79,2d,cd,9e,2e,f0,88,04,b7,c4,2a,c0,6d,\
04,f9,03,f3,95,05,a7,25,9b,04,b4,75,f8,71,e0,6c,f2,39,a3,40,f8,57,c2,37,be,\
16,9d,ba,09,e9,0c,65,d2,37,88,f7,5c,86,fe,38,cc,86,09,7f,bb,a4,27,61,b7,eb,\
3b,3c,f9,cd,1f,34,63,8b,dd,e5,13,27,40,6e,c1,b7,dc,b0,1a,08,30,36,54,04,7d,\
75,29,70,73,61,6f,77,6f,75,6b,41,5f,23,38,05,0a,b2,8e,ff,cc,61,01,63,0b,f2,\
cf,85,7f,25,05,cb,bf,76,20,e7,a4,2e,22,eb,a4,3f,73,8b,9d,2f,f6,8d,57,cf,8b,\
26,d7,61,0f,a1,5d,ff,9f,02,b8,23,d4,0a,f1,64,e4,68,a6,20,ac,61,a9,64,fd,04,\
9c,28,f1,43,89,f1,5a,b7,16,6f,d3,20,ce,b0,14,88,b1,72,c1,94,74,71,b9,f4,61,\
27,fd,ab,3d,74,e7,98,5e,34,63,da,85,f2,1b,7a,1d,62,93,fa,95,e4,0b,5a,6d,34,\
55,04,71,75,60,63,69,74,3c,26,3b,20,3b,04,52,2c,30,17,0a,ad,8b,a7,c3,3e,1d,\
37,19,f1,d7,c4,72,2c,10,d7,aa,2d,6b,f0,b9,74,23,e7,eb,2e,1a,c8,90,36,f4,c4,\
5d,f5,c9,30,d3,61,0f,b7,4f,f5,8b,01,bf,23,d8,45,ea,2c,a6,77,f1,61,ef,3a,b5,\
3f,ed,40,8f,7c,fe,10,8b,ae,15,a6,13,3e,9d,30,9b,ae,05,90,f5,60,99,c1,30,77,\
a1,f0,7c,22,f3,b4,6b,30,ba,c8,10,33,62,d9,9b,f3,4b,7a,1d,69,8f,b4,dc,e4,59,\
10,28,30,54,19,3b,60,68,77,72,77,6e,76,6d,32,39,4a,50,2d,34,59,5b,f3,c5,a5,\
97,65,03,64,1a,f9,c3,81,2c,62,40,92,fb,30,24,e5,b9,6c,24,ea,ae,64,31,99,d3,\
79,b3,c4,4d,f1,8b,2d,cf,64,04,bc,14,b2,cb,46,ef,67,91,09,f8,74,ed,6d,f5,69,\
ee,6a,e8,7c,a4,03,9c,2e,b0,09,9c,ad,03,a7,0d,61,d7,21,c3,b0,14,81,e0,35,90,\
c8,2a,2d,e3,f4,36,64,eb,a4,64,7d,bc,d7,02,21,76,81,db,ff,11,79,03,50,8e,b6,\
89,f6,18,12,3e,32,1d,04,70,7e,7d,76,6e,64,74,7e,6a,71,77,04,42,35,71,07,15,\
f1,df,a1,c1,64,44,64,1d,e2,d8,8a,62,26,14,d6,bc,7e,2a,ed,a0,73,63,a3,f2,3d,\
38,84,d6,28,e5,90,49,e3,d3,6b,8e,77,16,b3,1a,be,97,01,a5,22,d0,4a,f2,3e,ea,\
6b,ec,6d,e3,65,e7,7b,b7,47,de,2d,ff,05,8c,bf,47,a1,15,62,c0,2a,82,bf,5b,85,\
ff,2b,9c,c5,30,7e,ee,a4,6c,65,e1,f0,2d,30,f4,cc,51,67,41,85,ca,e3,1e,2b,53,\
64,cb,e3,89,bd,15,44,65,70,1c,56,7c,60,29,23,3d,74,60,66,65,75,39,47,54,2c,\
3d,14,18,f4,cd,ad,8f,67,1c,74,49,f3,dc,88,7d,33,01,c5,ba,79,27,e3,fc,30,7f,\
b8,bd,62,67,98,85,24,b1,87,55,f1,9a,37,9c,22,0d,ab,4e,ff,97,3b,bd,21,d3,41,\
f5,32,b7,38,ed,61,e3,61,e5,30,ff,4b,c3,7d,f3,14,98,e3,5a,b3,0e,72,c5,66,d7,\
c0,58,97,e2,37,9e,d6,3d,3a,f5,ab,2d,61,a3,e1,25,2e,e5,8b,05,24,2f,d8,96,e4,\
1b,7a,1d,74,93,fa,95,e4,1d,44,32,2c,50,57,6a,2d,2b,68,6e,67,6e,6a,56,7c,78,\
46,54,2c,73,44,0a,e4,d0,a8,84,3d,03,34,08,f4,dd,8d,7f,27,5c,d0,b6,60,73,bd,\
b1,78,63,ba,f5,7c,38,c6,94,2c,b1,82,56,e2,d4,66,c0,6e,12,9b,18,b2,c7,25,bf,\
33,c6,41,eb,30,b8,2e,bd,2f,ed,65,eb,75,f5,1a,8d,6f,a5,00,c7,ac,06,b0,13,3e,\
9d,30,9b,ae,05,90,f5,60,92,c8,38,63,ba,b9,63,6c,ae,e3,26,7e,86,c8,10,22,74,\
88,9b,b0,1a,30,58,6c,84,f9,8b,e0,18,00,35,29,5f,43,34,64,66,74,3b,39,71,7c,\
2b,2e,25,48,50,22,34,08,59,f6,c6,b6,dc,22,40,2a,1a,cf,8b,c6,2f,01,1f,d7,ae,\
75,3b,a4,f3,2a,7d,ab,a5,71,3b,c1,9d,7e,ad,cb,4d,f4,d7,78,8e,74,13,fa,15,bf,\
8d,05,b3,2c,d4,1a,be,30,a4,65,e5,64,e8,70,e0,7f,f7,45,dd,7d,f6,49,97,f1,44,\
a1,5c,2a,c0,2a,9a,cf,0b,ce,b1,6d,94,d5,2c,71,a5,f7,7c,2a,eb,a4,64,7d,bc,d7,\
02,21,76,81,db,ff,11,79,03,50,8d,a1,c8,e3,1c,48,71,21,5f,57,6e,75,7b,24,75,\
77,6e,24,78,65,7c,57,45,29,3e,0a,0a,b2,8e,ff,cc,61,01,63,1e,e7,ce,ca,73,2f,\
00,8a,ba,7f,24,aa,a0,75,6e,cd,8b,40,2b,c1,82,25,ff,90,58,e4,80,2b,cf,2f,49,\
ee,00,bf,bd,01,b7,21,c4,48,ed,3e,e8,77,f1,78,a6,24,a4,75,b9,57,c5,32,be,0a,\
9e,b0,04,ac,41,27,f1,21,9b,e3,56,8a,f0,2c,d6,84,74,7c,e9,b6,73,2d,a0,f4,39,\
30,fe,98,15,29,67,c4,ca,e4,10,28,44,3d,c3,b4,c8,f4,1d,0d,3f,27,1c,50,76,60,\
33,35,34,70,79,26,37,46,78,48,44,25,71,25,0c,e4,c1,ab,93,69,52,25,1d,f9,d6,\
8a,31,03,1e,c0,bc,2a,75,ab,a5,69,37,ba,ee,2b,74,c5,d1,67,f9,90,4d,e0,9a,7e,\
8e,2f,16,b3,5e,be,8e,01,bd,2c,c2,42,f8,62,ee,6b,af,63,ee,69,ae,30,b4,41,91,\
34,b5,44,d4,f8,09,e3,12,69,c6,2a,ce,b0,14,88,b1,76,c1,94,74,62,ac,f4,61,27,\
fd,e6,3b,2e,ea,8a,51,01,45,a9,99,c0,20,0a,1d,62,93,fa,95,d9,37,34,04,14,11,\
50,60,60,6c,39,23,74,64,7c,7d,32,39,4a,50,2d,34,59,5b,f1,dd,a9,91,69,4f,66,\
57,ac,db,96,2f,7c,13,d6,e7,2c,25,e5,a3,65,2d,a4,af,7f,2b,99,d3,24,f4,97,4d,\
f9,87,25,d5,69,0e,aa,0b,ae,cd,4a,f1,13,d8,43,f7,30,c6,6a,a1,74,ee,38,a6,7c,\
f8,46,d4,2c,ef,5e,c5,f2,5b,e4,4e,3e,9d,37,8c,fc,5c,87,e5,60,9f,c5,34,75,f4,\
a6,25,65,b2,f0,20,7e,b8,d0,18,2f,7f,c6,99,f9,0d,79,03,64,84,b7,dd,f9,17,05,\
25,29,5e,4a,3b,30,7d,6d,75,6c,64,39,2b,43,7c,48,54,23,25,44,18,b0,cd,a1,92,\
74,48,2a,08,e4,d0,8b,7f,62,51,d0,b8,72,20,ea,a5,65,39,b9,eb,23,7b,9a,cd,2f,\
e1,90,50,ff,87,64,d7,61,0d,b1,4c,ad,db,25,b2,23,de,51,f7,64,da,71,ec,6d,e0,\
76,f0,32,b9,57,d4,2c,b4,07,8d,f5,4d,f9,43,73,c4,28,8c,f3,4d,81,f5,62,cf,e5,\
3a,73,a6,f1,2f,74,e1,d7,3c,7d,b4,c5,03,39,2d,cb,d6,e0,1d,2d,4e,6e,df,f8,c6,\
e0,0d,0d,3e,2e,11,52,78,7c,7c,61,3c,22,55,76,68,7e,6a,42,54,32,73,5a,2d,e2,\
c8,aa,92,66,44,36,55,bf,d6,94,65,29,1e,ca,e7,2c,26,f4,b5,69,2e,ea,e9,66,38,\
c8,84,25,ac,c6,7b,f9,85,28,f1,61,18,e6,17,d2,90,08,bd,60,e1,45,e0,2c,a6,6b,\
f1,74,e8,6b,e7,2e,a5,4b,c1,34,b8,0b,97,b0,5f,a5,0d,75,c4,79,cb,d2,4b,8b,fa,\
25,83,c5,3e,75,eb,ba,03,72,ae,ef,2c,62,b8,c3,14,7c,3e,8b,c9,e4,00,2b,4f,3e,\
dd,ab,d9,e4,10,0b,3f,60,47,45,75,65,6c,39,23,54,73,65,6d,75,3b,1a,65,32,30,\
00,1c,ac,86,ab,91,74,48,2b,07,ae,85,8b,61,34,18,cb,b7,30,3f,e5,ad,75,24,b9,\
eb,5d,3c,d7,82,21,f6,81,78,fc,8c,36,d5,73,43,fa,64,f5,8a,17,b0,27,d4,57,b9,\
36,e8,69,f1,5e,df,24,c8,7c,fc,56,c5,33,ed,4b,96,e0,5d,ad,0e,6e,9f,78,86,e0,\
4d,8d,fe,2e,d1,d2,38,7c,bc,e1,7c,22,8c,e5,20,7e,94,c1,1f,35,33,da,f8,f3,0a,\
2b,54,6e,95,e4,fa,f5,0b,12,38,23,54,57,25,3f,66,74,75,69,6e,6a,37,2c,36,57,\
54,2c,34,07,0d,ae,8e,e4,cc,61,45,20,00,e4,d0,8b,7f,21,1d,99,fe,3d,27,e5,ac,\
65,7c,ae,a8,64,34,d4,98,2e,bb,c4,14,f5,98,31,c0,6c,12,f9,03,ba,d9,49,bc,25,\
c2,57,f8,77,ec,66,ee,78,bc,26,d9,7c,fc,45,c2,25,fd,44,9c,fe,5d,a1,13,20,d8,\
2b,9c,e2,19,94,f8,2e,d3,83,62
"h_www.wwtw.biz"=hex:fa,b1,08,83,22,29,14,1f,71,60,51,57,a1,9e,f0,cf,33,14


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5dc638-14df-11d9-b622-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd383aab-7686-11da-b8a9-00112f1a065d}]
Shell\AutoRun\command K:\JDSecure\Windows\JDSecure31.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd383aac-7686-11da-b8a9-00112f1a065d}]
Shell\AutoRun\command K:\JDSecure\Windows\JDSecure31.exe


-- End of ComboScan: finished at 2007-03-19 at 23:28:33 ------------------------

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:55 AM

Posted 19 March 2007 - 11:06 PM

OK, the file is gone. :thumbsup:


let's disable AVG guard, as it may prevent registry changes:

Open AVG Antispyware and in the main window click "Resident Shield", then toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
You can enable it after we are done.


In Normal Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

O4 - HKLM\..\Run: [psoj39W] powres.exe

Run CCleaner to empty the temp files.

Reboot and post a fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 nelyjuggalo

nelyjuggalo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 20 March 2007 - 06:28 PM

Logfile of HijackThis v1.99.1
Scan saved at 19:24, on 07-03-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\nelson.YOUR-2S4KN5K0H3\Desktop\Help!\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Documents and Settings\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: FLV Getter - C:\Program Files\FlvGetter\FlvGetter.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

My computer has been running much better. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users