istrum Posted June 9, 2007 ID:5162 Share Posted June 9, 2007 After clicking on #8 at start........... windows starts in regular mode. is there any other way to start in safe mode? plus..........I believe my browser has been hijacked. When ever I open a page and click on a subkect uit recerts me to some other search page. very Frustrating!Thank you all,Here is my log file:Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 9:18:42 PM, on 6/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\WINDOWS\explorer.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exec:\program files\panda software\panda antivirus 2007\WebProxy.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exeF2 - REG:system.ini: Shell=explorer.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /sO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO17 - HKLM\System\CCS\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CCS\Services\Tcpip\..\{BC576AC5-18D6-4BBF-B226-8A105E8823F3}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EFCBC9-797B-4209-B179-6BC871B97E04}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212O17 - HKLM\System\CS1\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212O17 - HKLM\System\CS2\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXEO23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXEO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe--End of file - 5555 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted June 9, 2007 ID:5173 Share Posted June 9, 2007 Hi again please take note of this information here: We are sorry for the inconvenience but it is for the good in the end.What is the page you are being redirected to? Details are a great help in assisting you.The following explains how to remove items from your computer that are malware. These items must be fixed!Please set your system to show all files; please see here if you're unsure how to do this.Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:F2 - REG:system.ini: Shell=explorer.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CCS\Services\Tcpip\..\{BC576AC5-18D6-4BBF-B226-8A105E8823F3}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EFCBC9-797B-4209-B179-6BC871B97E04}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212O17 - HKLM\System\CS1\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212O17 - HKLM\System\CS2\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212Click on Fix Checked when finished and exit HijackThis.Reboot into Safe Mode: reboot your computer in SafeMode by doing the following: 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8 not #8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the first option, to run Windows in Safe Mode.Using Windows Explorer, locate the following files/folders, and delete them:F2 - REG:system.ini: Shell=explorer.exeExit Explorer, and reboot as normal afterwards.If you were unable to find any of the files then please follow these additional instructions:Download Pocket Killbox and unzip it; save it to your Desktop.Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.Let the system reboot.http://www.pandasoftware.com/products/activescan.htmPost back a fresh HijackThis log and we will take another look.You are running an old outdated and unsafe version of the Java Runtime Environment. For safety you must update to the newest version. First go to Start>Control Panel>Add/Remove Programs and uninstall any and all existing Java programs. Then go to your program files and delete all Java folders. Now go here and get the off line version and download it. Save the URL and after install go back and verify that the install was successful. Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5175 Share Posted June 9, 2007 Got rid of said log entries, .......... installed updated Java,.............. but still can't reboot in Safe Mode! Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5176 Share Posted June 9, 2007 Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 1:53:56 AM, on 6/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exec:\program files\panda software\panda antivirus 2007\WebProxy.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exeO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXEO23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXEO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe--End of file - 5749 bytes Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5177 Share Posted June 9, 2007 I'm being directed to Toseeka, and a few others!Thanks Link to post Share on other sites More sharing options...
JeanInMontana Posted June 9, 2007 ID:5178 Share Posted June 9, 2007 Again, details are crucial. Where are you being redirected? Is this still happening? Did you follow all instructions? Do you get error messages as to why you can't reboot to safe mode? Why do you want to boot to safe mode? Link to post Share on other sites More sharing options...
JeanInMontana Posted June 9, 2007 ID:5179 Share Posted June 9, 2007 I'm being directed to Toseeka, and a few others!ThanksWhat others?? Help me help you. Please answer all questions. Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5180 Share Posted June 9, 2007 F8 Duh! okay with safe mode! Panda Active scan rinning right now. Link to post Share on other sites More sharing options...
JeanInMontana Posted June 9, 2007 ID:5181 Share Posted June 9, 2007 F8 Duh! okay with safe mode! Panda Active scan rinning right now.OK post the Panda log please. Why do you want to get to Safe? What other redirects? Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5182 Share Posted June 9, 2007 Panda log has an error on the page and won't post! Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5183 Share Posted June 9, 2007 How do I find these folders to delete them?Using Windows Explorer, locate the following files/folders, and delete them:F2 - REG:system.ini: Shell=explorer.exeExit Explorer, and reboot as normal afterwards. Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5184 Share Posted June 9, 2007 I have uninstalled PandaActive scan, and reinstalled it but when asked select a device to scan, I select my computer and an error comes on the page. Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5185 Share Posted June 9, 2007 My home page is Google and when I click a subject in the box it redirects me to other search engines. Countless ....that's why it is difficult to put them all down!Anyway nt browser is still doing that. I seem to have a virus and I believe it is ZLop!I down/loaded the Panda ActionScan but an error on the page keeps coming up! I deleted all the entries in hijack no problem, I just have the browser popup problem now!Thanks, Mike Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5186 Share Posted June 9, 2007 When I press the red button in killbox with F2 - REG:system.ini: Shell=explorer. in it, an error comes up (this file does not seem to exsist). Link to post Share on other sites More sharing options...
JeanInMontana Posted June 9, 2007 ID:5191 Share Posted June 9, 2007 Mike what is "the browser popup problem"? You have never mentioned popups before. What do they say?What happens if you use IE? I'm only finding bad press for NT browser and that it has a primary use of P2P. This is most likely the root of your problem. P2P file sharing is notorious for spreading infection and allowing unauthorized access to your system. There is no Zlop there is Zlob and there is Lop, what makes you think you have either? I'm not following with the search thing either, how do you click an item in the search box? You need to type in something right and click search. Is that what you mean? What are you searching for? Run a scan with AVG Anti Spyware free Please be through in following instructions. When given the option to take action make sure you do. Remove all items found, and post the AVG log please. Reboot and post a new HJT log. Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5195 Share Posted June 9, 2007 My home page is Google.........when I type in a subject to research and click find, something diverts me to a whole bunch of other search engines. Toseeka, ect. I just did a search on a subject and it is working fine now??????????????? When I try to down load AVG , I get an Exception Processing Message c0000013 Parameters 75b6f9c 75b6bf9c............ This error message also comes up when I boot windows. I usually click continue 7 times and it goes away. I am D/L AVG now and will run a scan,---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 12:50:56 PM 6/9/2007 + Scan result: HKU\S-1-5-21-1801674531-515967899-2147161785-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31615D5C-5126-448A-818A-A7CDFEE85A9B} -> Adware.Generic : Cleaned.HKU\S-1-5-21-1801674531-515967899-2147161785-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615D5C-5126-448A-818A-A7CDFEE85A9B} -> Adware.Generic : Cleaned.C:\System Volume Information\_restore{F144B279-AA43-4FAA-972B-C0FDB10387A8}\RP2\A0000023.exe -> Adware.SpyHunter : Cleaned.C:\System Volume Information\_restore{F144B279-AA43-4FAA-972B-C0FDB10387A8}\RP9\A0004766.dll -> Downloader.Agent.bkd : Cleaned.C:\Documents and Settings\Mike\Cookies\mike@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Mike\Cookies\mike@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.C:\Documents and Settings\Mike\Cookies\mike@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.::Report end then send you the HJL log.Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 12:52:19 PM, on 6/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exec:\program files\panda software\panda antivirus 2007\WebProxy.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\RogueRemover PRO\RogueRemoverPRO.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exeO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitorO4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor (User '?')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXEO23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXEO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe--End of file - 5420 bytesQuite a mess huh?Mike Link to post Share on other sites More sharing options...
JeanInMontana Posted June 9, 2007 ID:5197 Share Posted June 9, 2007 Well it looks like AVG took out a trojan. How is it running now? Your log looks good. You need to flush your system restore to make sure it's clean. Then manually set a new clean restore point. Your Adobe Reader is an old version with known security flaws also.I strongly reccommend you add a layer of prevention protection.JavaCool's SpywareBlasterhpHosts fileWinPatrolAll of these are free. Also make sure you go to Windows Updates and get the latest updates. There will be new ones come out on Tuesday. Link to post Share on other sites More sharing options...
istrum Posted June 9, 2007 Author ID:5202 Share Posted June 9, 2007 i have tried to restore toprevious date but it seems that option is turned off. How can I change that?I really do appreciate everything you have done for me!Mike Link to post Share on other sites More sharing options...
JeanInMontana Posted June 9, 2007 ID:5203 Share Posted June 9, 2007 Glad to help. Go to Control Panel>System then click on the System Restore tab. Uncheck the box to turn it off and clear old infected restore points. Also see how much disk space you have allowed to use for System Resotre. I have mine at the max, and still have plenty of disk space. Then click all the OK's. Go to Help and Support, under Pick a Task, click on Undo Changes Your Computer With System Restore. Click on Create a System Restore Point. Label it New Clean Restore Point or something you will know is a good point to restore to and create the restore point. You can also access your Restore Settings here on the left side of the box.So how are things running now? Do you seem to be OK? Link to post Share on other sites More sharing options...
istrum Posted June 10, 2007 Author ID:5229 Share Posted June 10, 2007 Glad to help. Go to Control Panel>System then click on the System Restore tab. Uncheck the box to turn it off and clear old infected restore points. Also see how much disk space you have allowed to use for System Resotre. I have mine at the max, and still have plenty of disk space. Then click all the OK's. Go to Help and Support, under Pick a Task, click on Undo Changes Your Computer With System Restore. Click on Create a System Restore Point. Label it New Clean Restore Point or something you will know is a good point to restore to and create the restore point. You can also access your Restore Settings here on the left side of the box.So how are things running now? Do you seem to be OK? Link to post Share on other sites More sharing options...
istrum Posted June 10, 2007 Author ID:5230 Share Posted June 10, 2007 I must still have a virus but I can't find it! When ever I type a subjet in google and click search I am reverted to a different page wothj a different search engine! This is very frustrating!MikeLogfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 12:35:40 PM, on 6/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeC:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\RogueRemover PRO\RogueRemoverPRO.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exec:\program files\panda software\panda antivirus 2007\WebProxy.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitorO4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor (User '?')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXEO23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXEO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe--End of file - 5470 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted June 11, 2007 ID:5243 Share Posted June 11, 2007 OK do this for me. Open HiJack This and click on the Miscellaneous tools tab. At the very top you will see the option to generate a start up list. Put a check in both boxes for that option and generate the list and then post it in this thread. Where are you being redirected to? Did you ever get a Panda scan to run? If so do you have a log? You need to use IE for that online scan and allow the active x to install. Link to post Share on other sites More sharing options...
istrum Posted June 11, 2007 Author ID:5248 Share Posted June 11, 2007 OK do this for me. Open HiJack This and click on the Miscellaneous tools tab. At the very top you will see the option to generate a start up list. Put a check in both boxes for that option and generate the list and then post it in this thread. Where are you being redirected to? Did you ever get a Panda scan to run? If so do you have a log? You need to use IE for that online scan and allow the active x to install. StartupList report, 6/11/2007, 6:02:26 AMStartupList version: 1.52.2Started from : C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v7.00 (7.00.6000.16441)* Using default options* Including empty and uninteresting sections* Showing rarely important sections==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeC:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exec:\program files\panda software\panda antivirus 2007\WebProxy.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\RogueRemover PRO\RogueRemoverPRO.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exe--------------------------------------------------Listing of startup folders:Shell folders Startup:[C:\Documents and Settings\Mike\Start Menu\Programs\Startup]*No files*Shell folders AltStartup:*Folder not found*User shell folders Startup:*Folder not found*User shell folders AltStartup:*Folder not found*Shell folders Common Startup:[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeHP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeKodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeKodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeMicrosoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEShell folders Common AltStartup:*Folder not found*User shell folders Common Startup:*Folder not found*User shell folders Alternate Common Startup:*Folder not found*--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]*Registry key not found*[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]*Registry value not found*[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RuniTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"IgfxTray = C:\WINDOWS\system32\igfxtray.exeAdobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottimeHP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exeAPVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /sSunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedAdobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx(Default) = --------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\Runctfmon.exe = C:\WINDOWS\system32\ctfmon.exeWMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exeRogueMonitor = C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run[OptionalComponents] = --------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce[setup]*No values found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------File association entry for .EXE:HKEY_CLASSES_ROOT\exefile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .COM:HKEY_CLASSES_ROOT\comfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .BAT:HKEY_CLASSES_ROOT\batfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .PIF:HKEY_CLASSES_ROOT\piffile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .SCR:HKEY_CLASSES_ROOT\scrfile\shell\open\command(Default) = "%1" /S--------------------------------------------------File association entry for .HTA:HKEY_CLASSES_ROOT\htafile\shell\open\command(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*--------------------------------------------------File association entry for .TXT:HKEY_CLASSES_ROOT\txtfile\shell\open\command(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1--------------------------------------------------Enumerating Active Setup stub paths:HKLM\Software\Microsoft\Active Setup\Installed Components(* = disabled by HKCU twin)[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *StubPath = C:\WINDOWS\system32\ieudinit.exe[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP[>{26923b43-4d38-484f-9b9e-de460746276c}] *StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub[{7790769C-0471-11d2-AF11-00C04FA35D02}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install[{89820200-ECBD-11cf-8B85-00AA005B4340}] *StubPath = regsvr32.exe /s /n /i:U shell32.dll[{89820200-ECBD-11cf-8B85-00AA005B4383}] *StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install--------------------------------------------------Enumerating ICQ Agent Autostart apps:HKCU\Software\Mirabilis\ICQ\Agent\Apps*Registry key not found*--------------------------------------------------Load/Run keys from C:\WINDOWS\WIN.INI:load=*INI section not found*run=*INI section not found*Load/Run keys from Registry:HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=--------------------------------------------------Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*Shell & screensaver key from Registry:Shell=explorer.exeSCRNSAVE.EXE=drivers=*Registry value not found*Policies Shell key:HKCU\..\Policies: Shell=*Registry value not found*HKLM\..\Policies: Shell=*Registry value not found*--------------------------------------------------Checking for EXPLORER.EXE instances:C:\WINDOWS\Explorer.exe: PRESENT!C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present--------------------------------------------------Checking for superhidden extensions:.lnk: HIDDEN! (arrow overlay: yes).pif: HIDDEN! (arrow overlay: yes).exe: not hidden.com: not hidden.bat: not hidden.hta: not hidden.scr: not hidden.shs: HIDDEN!.shb: HIDDEN!.vbs: not hidden.vbe: not hidden.wsh: not hidden.scf: HIDDEN! (arrow overlay: NO!).url: HIDDEN! (arrow overlay: yes).js: not hidden.jse: not hidden--------------------------------------------------Verifying REGEDIT.EXE integrity:- Regedit.exe found in C:\WINDOWS- .reg open command is normal (regedit.exe %1)- Company name OK: 'Microsoft Corporation'- Original filename OK: 'REGEDIT.EXE'- File description: 'Registry Editor'Registry check passed--------------------------------------------------Enumerating Browser Helper Objects:*No BHO's found*--------------------------------------------------Enumerating Task Scheduler jobs:Ace Optimizer Maintenance.job--------------------------------------------------Enumerating Download Program Files:[shockwave ActiveX Control]InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dllCODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab[Windows Genuine Advantage Validation Tool]InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLLCODEBASE = http://download.microsoft.com/download/9/b...heckControl.cab[Java Plug-in 1.6.0_01]InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Java Plug-in 1.5.0_06]InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01]InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01]InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dllCODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[shockwave Flash Object]InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocxCODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab--------------------------------------------------Enumerating Winsock LSP files:NameSpace #1: C:\WINDOWS\System32\mswsock.dllNameSpace #2: C:\WINDOWS\System32\winrnr.dllNameSpace #3: C:\WINDOWS\System32\mswsock.dllProtocol #1: c:\program files\panda software\panda antivirus 2007\pavlsp.dllProtocol #2: c:\program files\panda software\panda antivirus 2007\pavlsp.dllProtocol #3: c:\program files\panda software\panda antivirus 2007\pavlsp.dllProtocol #4: C:\WINDOWS\system32\mswsock.dllProtocol #5: C:\WINDOWS\system32\mswsock.dllProtocol #6: C:\WINDOWS\system32\mswsock.dllProtocol #7: C:\WINDOWS\system32\rsvpsp.dllProtocol #8: C:\WINDOWS\system32\rsvpsp.dllProtocol #9: C:\WINDOWS\system32\mswsock.dllProtocol #10: C:\WINDOWS\system32\mswsock.dllProtocol #11: C:\WINDOWS\system32\mswsock.dllProtocol #12: C:\WINDOWS\system32\mswsock.dllProtocol #13: C:\WINDOWS\system32\mswsock.dllProtocol #14: C:\WINDOWS\system32\mswsock.dllProtocol #15: C:\WINDOWS\system32\mswsock.dllProtocol #16: C:\WINDOWS\system32\mswsock.dllProtocol #17: c:\program files\panda software\panda antivirus 2007\pavlsp.dll--------------------------------------------------Enumerating Windows NT/2000/XP servicesMicrosoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)AFD: \SystemRoot\System32\drivers\afd.sys (system)Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)dcptp: system32\DRIVERS\DcPTP.sys (manual start)DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Disk Driver: system32\DRIVERS\disk.sys (system)Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)dmboot: System32\drivers\dmboot.sys (disabled)Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Event Log: %SystemRoot%\system32\services.exe (autostart)COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)Exportit: system32\DRIVERS\exportit.sys (system)Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)FltMgr: system32\DRIVERS\fltMgr.sys (system)Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)HP Port Resolver: C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE (manual start)HP Status Server: C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (manual start)IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)HTTP: System32\Drivers\HTTP.sys (manual start)HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (disabled)i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)ialm: system32\DRIVERS\ialmnt5.sys (manual start)CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (disabled)Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)IntelIde: system32\DRIVERS\intelide.sys (system)Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (disabled)IPSEC driver: system32\DRIVERS\ipsec.sys (system)IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart)Server: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (disabled)Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (disabled)Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)MRXSMB: system32\DRIVERS\mrxsmb.sys (system)Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (disabled)Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)NetBIOS Interface: system32\DRIVERS\netbios.sys (system)NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)Network DDE: %SystemRoot%\system32\netdde.exe (disabled)Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)Net Logon: %SystemRoot%\system32\lsass.exe (disabled)Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (disabled)Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)VGA USB Camera: System32\Drivers\ov519vid.sys (manual start)Panda Software Controller: "C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe" (autostart)Parallel port driver: system32\DRIVERS\parport.sys (manual start)Panda Antivirus Filter Driver for x86: \??\C:\WINDOWS\system32\Drivers\pavdrv51.sys (autostart)Panda anti-virus service: "C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe" (autostart)PCI Bus Driver: system32\DRIVERS\pci.sys (system)PCIIde: system32\DRIVERS\pciide.sys (system)Plug and Play: %SystemRoot%\system32\services.exe (manual start)Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (disabled)IPSEC Services: %SystemRoot%\system32\lsass.exe (disabled)WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)Protected Storage: %SystemRoot%\system32\lsass.exe (disabled)QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)Panda IManager Service: "C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe" (autostart)Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)PxHelp20: System32\Drivers\PxHelp20.sys (system)Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)Direct Parallel: system32\DRIVERS\raspti.sys (manual start)Rdbss: system32\DRIVERS\rdbss.sys (system)RDPCDD: System32\DRIVERS\RDPCDD.sys (system)Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (disabled)Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)QoS RSVP: %SystemRoot%\system32\rsvp.exe (disabled)SABProcEnum: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys (manual start)Security Accounts Manager: %SystemRoot%\system32\lsass.exe (disabled)SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Secdrv: system32\DRIVERS\secdrv.sys (manual start)Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)Serial port driver: system32\DRIVERS\serial.sys (system)Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)Intel ® System Management BIOS Service: system32\DRIVERS\SMBios.sys (manual start)Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)System Restore Filter Driver: system32\DRIVERS\sr.sys (system)System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Srv: system32\DRIVERS\srv.sys (manual start)SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Webroot Spy Sweeper Keylogger Shield Keyboard Filter: System32\Drivers\sskbfd.sys (manual start)Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{6B0863FA-474D-4DF5-8BA5-0822AEA5E18D} (disabled)Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (disabled)szkg: system32\DRIVERS\szkg.sys (system)Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)Terminal Device Driver: system32\DRIVERS\termdd.sys (system)Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (disabled)Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)Microcode Update Driver: system32\DRIVERS\update.sys (manual start)Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (disabled)USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)Usbscan: system32\DRIVERS\usbscan.sys (manual start)USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)VgaSave: \SystemRoot\System32\drivers\vga.sys (system)Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (disabled)Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (disabled)Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (disabled)Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (disabled)Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (disabled)Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)--------------------------------------------------Enumerating Windows NT logon/logoff scripts:*No scripts set to run*Windows NT checkdisk command:BootExecute = autocheck autochk *Windows NT 'Wininit.ini':PendingFileRenameOperations: C:\Documents and Settings\Mike\Local Settings\temp\hpodvd09.log||C:\Documents and Settings\Mike\Local Settings\temp\hpodvd09.log||C:\Documents and Settings\Mike\Local Settings\temp\hpodvd09.log||C:\Documents and Settings\Mike\Local Settings\temp\hpodvd09.log--------------------------------------------------Enumerating ShellServiceObjectDelayLoad items:PostBootReminder: C:\WINDOWS\system32\SHELL32.dllCDBurn: C:\WINDOWS\system32\SHELL32.dllWebCheck: %system%\webcheck.dllSysTray: C:\WINDOWS\system32\stobject.dllWPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run*No values found*--------------------------------------------------End of report, 35,892 bytesReport generated in 0.188 secondsCommand line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Link to post Share on other sites More sharing options...
istrum Posted June 11, 2007 Author ID:5249 Share Posted June 11, 2007 StartupList report, 6/11/2007, 6:02:26 AMStartupList version: 1.52.2Started from : C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v7.00 (7.00.6000.16441)* Using default options* Including empty and uninteresting sections* Showing rarely important sections==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeC:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exec:\program files\panda software\panda antivirus 2007\WebProxy.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\RogueRemover PRO\RogueRemoverPRO.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exe--------------------------------------------------Listing of startup folders:Shell folders Startup:[C:\Documents and Settings\Mike\Start Menu\Programs\Startup]*No files*Shell folders AltStartup:*Folder not found*User shell folders Startup:*Folder not found*User shell folders AltStartup:*Folder not found*Shell folders Common Startup:[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeHP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeKodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeKodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeMicrosoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEShell folders Common AltStartup:*Folder not found*User shell folders Common Startup:*Folder not found*User shell folders Alternate Common Startup:*Folder not found*--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]*Registry key not found*[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]*Registry value not found*[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RuniTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"IgfxTray = C:\WINDOWS\system32\igfxtray.exeAdobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottimeHP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exeAPVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /sSunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedAdobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx(Default) = --------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\Runctfmon.exe = C:\WINDOWS\system32\ctfmon.exeWMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exeRogueMonitor = C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run[OptionalComponents] = --------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce[setup]*No values found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------File association entry for .EXE:HKEY_CLASSES_ROOT\exefile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .COM:HKEY_CLASSES_ROOT\comfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .BAT:HKEY_CLASSES_ROOT\batfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .PIF:HKEY_CLASSES_ROOT\piffile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .SCR:HKEY_CLASSES_ROOT\scrfile\shell\open\command(Default) = "%1" /S--------------------------------------------------File association entry for .HTA:HKEY_CLASSES_ROOT\htafile\shell\open\command(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*--------------------------------------------------File association entry for .TXT:HKEY_CLASSES_ROOT\txtfile\shell\open\command(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1--------------------------------------------------Enumerating Active Setup stub paths:HKLM\Software\Microsoft\Active Setup\Installed Components(* = disabled by HKCU twin)[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *StubPath = C:\WINDOWS\system32\ieudinit.exe[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP[>{26923b43-4d38-484f-9b9e-de460746276c}] *StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub[{7790769C-0471-11d2-AF11-00C04FA35D02}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install[{89820200-ECBD-11cf-8B85-00AA005B4340}] *StubPath = regsvr32.exe /s /n /i:U shell32.dll[{89820200-ECBD-11cf-8B85-00AA005B4383}] *StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install--------------------------------------------------Enumerating ICQ Agent Autostart apps:HKCU\Software\Mirabilis\ICQ\Agent\Apps*Registry key not found*--------------------------------------------------Load/Run keys from C:\WINDOWS\WIN.INI:load=*INI section not found*run=*INI section not found*Load/Run keys from Registry:HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=--------------------------------------------------Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*Shell & screensaver key from Registry:Shell=explorer.exeSCRNSAVE.EXE=drivers=*Registry value not found*Policies Shell key:HKCU\..\Policies: Shell=*Registry value not found*HKLM\..\Policies: Shell=*Registry value not found*--------------------------------------------------Checking for EXPLORER.EXE instances:C:\WINDOWS\Explorer.exe: PRESENT!C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present--------------------------------------------------Checking for superhidden extensions:.lnk: HIDDEN! (arrow overlay: yes).pif: HIDDEN! (arrow overlay: yes).exe: not hidden.com: not hidden.bat: not hidden.hta: not hidden.scr: not hidden.shs: HIDDEN!.shb: HIDDEN!.vbs: not hidden.vbe: not hidden.wsh: not hidden.scf: HIDDEN! (arrow overlay: NO!).url: HIDDEN! (arrow overlay: yes).js: not hidden.jse: not hidden--------------------------------------------------Verifying REGEDIT.EXE integrity:- Regedit.exe found in C:\WINDOWS- .reg open command is normal (regedit.exe %1)- Company name OK: 'Microsoft Corporation'- Original filename OK: 'REGEDIT.EXE'- File description: 'Registry Editor'Registry check passed--------------------------------------------------Enumerating Browser Helper Objects:*No BHO's found*--------------------------------------------------Enumerating Task Scheduler jobs:Ace Optimizer Maintenance.job--------------------------------------------------Enumerating Download Program Files:[shockwave ActiveX Control]InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dllCODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab[Windows Genuine Advantage Validation Tool]InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLLCODEBASE = http://download.microsoft.com/download/9/b...heckControl.cab[Java Plug-in 1.6.0_01]InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Java Plug-in 1.5.0_06]InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01]InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllCODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01]InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dllCODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[shockwave Flash Object]InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocxCODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab--------------------------------------------------Enumerating Winsock LSP files:NameSpace #1: C:\WINDOWS\System32\mswsock.dllNameSpace #2: C:\WINDOWS\System32\winrnr.dllNameSpace #3: C:\WINDOWS\System32\mswsock.dllProtocol #1: c:\program files\panda software\panda antivirus 2007\pavlsp.dllProtocol #2: c:\program files\panda software\panda antivirus 2007\pavlsp.dllProtocol #3: c:\program files\panda software\panda antivirus 2007\pavlsp.dllProtocol #4: C:\WINDOWS\system32\mswsock.dllProtocol #5: C:\WINDOWS\system32\mswsock.dllProtocol #6: C:\WINDOWS\system32\mswsock.dllProtocol #7: C:\WINDOWS\system32\rsvpsp.dllProtocol #8: C:\WINDOWS\system32\rsvpsp.dllProtocol #9: C:\WINDOWS\system32\mswsock.dllProtocol #10: C:\WINDOWS\system32\mswsock.dllProtocol #11: C:\WINDOWS\system32\mswsock.dllProtocol #12: C:\WINDOWS\system32\mswsock.dllProtocol #13: C:\WINDOWS\system32\mswsock.dllProtocol #14: C:\WINDOWS\system32\mswsock.dllProtocol #15: C:\WINDOWS\system32\mswsock.dllProtocol #16: C:\WINDOWS\system32\mswsock.dllProtocol #17: c:\program files\panda software\panda antivirus 2007\pavlsp.dll--------------------------------------------------Enumerating Windows NT/2000/XP servicesMicrosoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)AFD: \SystemRoot\System32\drivers\afd.sys (system)Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)dcptp: system32\DRIVERS\DcPTP.sys (manual start)DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Disk Driver: system32\DRIVERS\disk.sys (system)Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)dmboot: System32\drivers\dmboot.sys (disabled)Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)Intel Link to post Share on other sites More sharing options...
JeanInMontana Posted June 11, 2007 ID:5251 Share Posted June 11, 2007 OK let's do this: Take your time and be thorough.You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout from one of these sites:SubratamBleeping ComputingSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once rebooted please post the text that will open (report.txt) and a new Hijackthis log file into this thread.If you get a file output similar to below:Check for missing files..... C:\WINDOWS\system32\AUTOEXEC.NT not there..... End check for missing files..... VXD CheckREGEDIT4[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\VirtualDeviceDrivers]"VDD"=hex(7):00..... End vxd checkGo here and run the fix appropriate to your version of Windows: http://www.tech-forums.net/computer/topic/29806.htmlThen re-run Fixwareout please, thanks. Link to post Share on other sites More sharing options...
Recommended Posts