Jump to content

Recommended Posts

After clicking on #8 at start........... windows starts in regular mode. is there any other way to start in safe mode?

plus..........I believe my browser has been hijacked. When ever I open a page and click on a subkect uit recerts me to some other search page. very Frustrating!

Thank you all,

Here is my log file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 9:18:42 PM, on 6/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exe

F2 - REG:system.ini: Shell=explorer.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O17 - HKLM\System\CCS\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212

O17 - HKLM\System\CCS\Services\Tcpip\..\{BC576AC5-18D6-4BBF-B226-8A105E8823F3}: NameServer = 85.255.114.72,85.255.112.212

O17 - HKLM\System\CCS\Services\Tcpip\..\{E5EFCBC9-797B-4209-B179-6BC871B97E04}: NameServer = 85.255.114.72,85.255.112.212

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212

O17 - HKLM\System\CS1\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212

O17 - HKLM\System\CS2\Services\Tcpip\..\{21DC2F58-8BDB-4E6B-9A3B-73E61DB4494D}: NameServer = 85.255.114.72,85.255.112.212

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.72 85.255.112.212

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--

End of file - 5555 bytes

Share this post


Link to post
Share on other sites

Hi again please take note of this information here: We are sorry for the inconvenience but it is for the good in the end.

What is the page you are being redirected to? Details are a great help in assisting you.

http://www.pandasoftware.com/products/activescan.htm

Post back a fresh HijackThis log and we will take another look.

You are running an old outdated and unsafe version of the Java Runtime Environment. For safety you must update to the newest version. First go to Start>Control Panel>Add/Remove Programs and uninstall any and all existing Java programs. Then go to your program files and delete all Java folders. Now go here and get the off line version and download it. Save the URL and after install go back and verify that the install was successful.

Share this post


Link to post
Share on other sites

Got rid of said log entries, .......... installed updated Java,.............. but still can't reboot in Safe Mode!

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:53:56 AM, on 6/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--

End of file - 5749 bytes

Share this post


Link to post
Share on other sites

Again, details are crucial. Where are you being redirected? Is this still happening? Did you follow all instructions? Do you get error messages as to why you can't reboot to safe mode? Why do you want to boot to safe mode?

Share this post


Link to post
Share on other sites
I'm being directed to Toseeka, and a few others!

Thanks

What others?? Help me help you. Please answer all questions.

Share this post


Link to post
Share on other sites
F8 Duh! okay with safe mode! Panda Active scan rinning right now.

OK post the Panda log please. Why do you want to get to Safe? What other redirects?

Share this post


Link to post
Share on other sites

How do I find these folders to delete them?

Using Windows Explorer, locate the following files/folders, and delete them:

F2 - REG:system.ini: Shell=explorer.exe

Exit Explorer, and reboot as normal afterwards.

Share this post


Link to post
Share on other sites

I have uninstalled PandaActive scan, and reinstalled it but when asked select a device to scan, I select my computer and an error comes on the page.

Share this post


Link to post
Share on other sites

My home page is Google and when I click a subject in the box it redirects me to other search engines. Countless ....that's why it is difficult to put them all down!

Anyway nt browser is still doing that. I seem to have a virus and I believe it is ZLop!

I down/loaded the Panda ActionScan but an error on the page keeps coming up!

I deleted all the entries in hijack no problem, I just have the browser popup problem now!

Thanks, Mike

Share this post


Link to post
Share on other sites

When I press the red button in killbox with F2 - REG:system.ini: Shell=explorer. in it, an error comes up (this file does not seem to exsist).

Share this post


Link to post
Share on other sites

Mike what is "the browser popup problem"? You have never mentioned popups before. What do they say?

What happens if you use IE? I'm only finding bad press for NT browser and that it has a primary use of P2P. This is most likely the root of your problem. P2P file sharing is notorious for spreading infection and allowing unauthorized access to your system. There is no Zlop there is Zlob and there is Lop, what makes you think you have either? I'm not following with the search thing either, how do you click an item in the search box? You need to type in something right and click search. Is that what you mean? What are you searching for?

Run a scan with AVG Anti Spyware free Please be through in following instructions. When given the option to take action make sure you do. Remove all items found, and post the AVG log please. Reboot and post a new HJT log.

Share this post


Link to post
Share on other sites

My home page is Google.........when I type in a subject to research and click find, something diverts me to a whole bunch of other search engines. Toseeka, ect.

I just did a search on a subject and it is working fine now???????????????

When I try to down load AVG , I get an Exception Processing Message c0000013 Parameters 75b6f9c 75b6bf9c............ This error message also comes up when I boot windows. I usually click continue 7 times and it goes away.

I am D/L AVG now and will run a scan,---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 12:50:56 PM 6/9/2007

+ Scan result:

HKU\S-1-5-21-1801674531-515967899-2147161785-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31615D5C-5126-448A-818A-A7CDFEE85A9B} -> Adware.Generic : Cleaned.

HKU\S-1-5-21-1801674531-515967899-2147161785-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615D5C-5126-448A-818A-A7CDFEE85A9B} -> Adware.Generic : Cleaned.

C:\System Volume Information\_restore{F144B279-AA43-4FAA-972B-C0FDB10387A8}\RP2\A0000023.exe -> Adware.SpyHunter : Cleaned.

C:\System Volume Information\_restore{F144B279-AA43-4FAA-972B-C0FDB10387A8}\RP9\A0004766.dll -> Downloader.Agent.bkd : Cleaned.

C:\Documents and Settings\Mike\Cookies\mike@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Mike\Cookies\mike@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Mike\Cookies\mike@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

::Report end

then send you the HJL log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:52:19 PM, on 6/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor (User '?')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--

End of file - 5420 bytes

Quite a mess huh?

Mike

Share this post


Link to post
Share on other sites

Well it looks like AVG took out a trojan. How is it running now? Your log looks good. You need to flush your system restore to make sure it's clean. Then manually set a new clean restore point. Your Adobe Reader is an old version with known security flaws also.

I strongly reccommend you add a layer of prevention protection.

  1. JavaCool's SpywareBlaster
  2. hpHosts file
  3. WinPatrol

All of these are free. Also make sure you go to Windows Updates and get the latest updates. There will be new ones come out on Tuesday.

Share this post


Link to post
Share on other sites

i have tried to restore toprevious date but it seems that option is turned off. How can I change that?

I really do appreciate everything you have done for me!

Mike

Share this post


Link to post
Share on other sites

Glad to help. Go to Control Panel>System then click on the System Restore tab. Uncheck the box to turn it off and clear old infected restore points. Also see how much disk space you have allowed to use for System Resotre. I have mine at the max, and still have plenty of disk space. Then click all the OK's. Go to Help and Support, under Pick a Task, click on Undo Changes Your Computer With System Restore. Click on Create a System Restore Point. Label it New Clean Restore Point or something you will know is a good point to restore to and create the restore point. You can also access your Restore Settings here on the left side of the box.

So how are things running now? Do you seem to be OK?

Share this post


Link to post
Share on other sites
Glad to help. Go to Control Panel>System then click on the System Restore tab. Uncheck the box to turn it off and clear old infected restore points. Also see how much disk space you have allowed to use for System Resotre. I have mine at the max, and still have plenty of disk space. Then click all the OK's. Go to Help and Support, under Pick a Task, click on Undo Changes Your Computer With System Restore. Click on Create a System Restore Point. Label it New Clean Restore Point or something you will know is a good point to restore to and create the restore point. You can also access your Restore Settings here on the left side of the box.

So how are things running now? Do you seem to be OK?

Share this post


Link to post
Share on other sites

I must still have a virus but I can't find it! When ever I type a subjet in google and click search I am reverted to a different page wothj a different search engine! This is very frustrating!

Mike

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:35:40 PM, on 6/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')

O4 - HKUS\S-1-5-21-1801674531-515967899-2147161785-1004\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor (User '?')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--

End of file - 5470 bytes

Share this post


Link to post
Share on other sites

OK do this for me. Open HiJack This and click on the Miscellaneous tools tab. At the very top you will see the option to generate a start up list. Put a check in both boxes for that option and generate the list and then post it in this thread.

Where are you being redirected to? Did you ever get a Panda scan to run? If so do you have a log? You need to use IE for that online scan and allow the active x to install.

Share this post


Link to post
Share on other sites
OK do this for me. Open HiJack This and click on the Miscellaneous tools tab. At the very top you will see the option to generate a start up list. Put a check in both boxes for that option and generate the list and then post it in this thread.

Where are you being redirected to? Did you ever get a Panda scan to run? If so do you have a log? You need to use IE for that online scan and allow the active x to install.

StartupList report, 6/11/2007, 6:02:26 AM

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16441)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Mike\Start Menu\Programs\Startup]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

IgfxTray = C:\WINDOWS\system32\igfxtray.exe

Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

APVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

RogueMonitor = C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

=

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

[setup]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

Ace Optimizer Maintenance.job

--------------------------------------------------

Enumerating Download Program Files:

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://download.microsoft.com/download/9/b...heckControl.cab

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

[Java Plug-in 1.5.0_06]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: c:\program files\panda software\panda antivirus 2007\pavlsp.dll

Protocol #2: c:\program files\panda software\panda antivirus 2007\pavlsp.dll

Protocol #3: c:\program files\panda software\panda antivirus 2007\pavlsp.dll

Protocol #4: C:\WINDOWS\system32\mswsock.dll

Protocol #5: C:\WINDOWS\system32\mswsock.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\rsvpsp.dll

Protocol #8: C:\WINDOWS\system32\rsvpsp.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: c:\program files\panda software\panda antivirus 2007\pavlsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)

AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)

AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)

AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)

CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)

DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)

Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)

Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

dcptp: system32\DRIVERS\DcPTP.sys (manual start)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Disk Driver: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Exportit: system32\DRIVERS\exportit.sys (system)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)

Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)

HP Port Resolver: C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE (manual start)

HP Status Server: C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (manual start)

IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (disabled)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

ialm: system32\DRIVERS\ialmnt5.sys (manual start)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (disabled)

Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)

IntelIde: system32\DRIVERS\intelide.sys (system)

Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (disabled)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (disabled)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (disabled)

Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)

WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (disabled)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)

NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)

Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (disabled)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (disabled)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

VGA USB Camera: System32\Drivers\ov519vid.sys (manual start)

Panda Software Controller: "C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe" (autostart)

Parallel port driver: system32\DRIVERS\parport.sys (manual start)

Panda Antivirus Filter Driver for x86: \??\C:\WINDOWS\system32\Drivers\pavdrv51.sys (autostart)

Panda anti-virus service: "C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe" (autostart)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (manual start)

Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (disabled)

IPSEC Services: %SystemRoot%\system32\lsass.exe (disabled)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (disabled)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Panda IManager Service: "C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe" (autostart)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (disabled)

Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (disabled)

SABProcEnum: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (disabled)

SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)

SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)

SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Serial port driver: system32\DRIVERS\serial.sys (system)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

Intel ® System Management BIOS Service: system32\DRIVERS\SMBios.sys (manual start)

Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Webroot Spy Sweeper Keylogger Shield Keyboard Filter: System32\Drivers\sskbfd.sys (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{6B0863FA-474D-4DF5-8BA5-0822AEA5E18D} (disabled)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (disabled)

szkg: system32\DRIVERS\szkg.sys (system)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (disabled)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (disabled)

USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)

Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)

Usbscan: system32\DRIVERS\usbscan.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (disabled)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (disabled)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (disabled)

Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (disabled)

Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)

World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (disabled)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\Documents and Settings\Mike\Local Settings\temp\hpodvd09.log||C:\Documents and Settings\Mike\Local Settings\temp\hpodvd09.log||C:\Documents and Settings\Mike\Local Settings\temp\hpodvd09.log||C:\Documents and Settings\Mike\Local Settings\temp\hpodvd09.log

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: %system%\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 35,892 bytes

Report generated in 0.188 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

StartupList report, 6/11/2007, 6:02:26 AM

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16441)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mike\Desktop\HiJackThis_v2.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Mike\Start Menu\Programs\Startup]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

IgfxTray = C:\WINDOWS\system32\igfxtray.exe

Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

APVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

RogueMonitor = C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

=

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

[setup]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

Ace Optimizer Maintenance.job

--------------------------------------------------

Enumerating Download Program Files:

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://download.microsoft.com/download/9/b...heckControl.cab

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

[Java Plug-in 1.5.0_06]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: c:\program files\panda software\panda antivirus 2007\pavlsp.dll

Protocol #2: c:\program files\panda software\panda antivirus 2007\pavlsp.dll

Protocol #3: c:\program files\panda software\panda antivirus 2007\pavlsp.dll

Protocol #4: C:\WINDOWS\system32\mswsock.dll

Protocol #5: C:\WINDOWS\system32\mswsock.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\rsvpsp.dll

Protocol #8: C:\WINDOWS\system32\rsvpsp.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: c:\program files\panda software\panda antivirus 2007\pavlsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)

AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)

AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)

AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)

CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)

DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)

Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)

Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

dcptp: system32\DRIVERS\DcPTP.sys (manual start)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Disk Driver: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Intel

Share this post


Link to post
Share on other sites

OK let's do this: Take your time and be thorough.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:

Subratam

Bleeping Computing

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once rebooted please post the text that will open (report.txt) and a new Hijackthis log file into this thread.

If you get a file output similar to below:

Check for missing files

.....

C:\WINDOWS\system32\AUTOEXEC.NT not there

.....

End check for missing files

.....

VXD Check

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\VirtualDeviceDrivers]

"VDD"=hex(7):00

.....

End vxd check

Go here and run the fix appropriate to your version of Windows:

http://www.tech-forums.net/computer/topic/29806.html

Then re-run Fixwareout please, thanks.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.