Another one get the "TopSecurity.Net" trojan Please help

Willeey

Logfile of HijackThis v1.99.1
Scan saved at 6:58:36 PM, on 6/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\4a9e4c61.exe
C:\WINDOWS\system32\ab345c2a.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FAH1\FAH504-Console.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\FAH1\FahCore_82.exe
C:\Program Files\FAH1\FahCore_82.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [New Value #1] c:\sysprep\test\ftest\ftest.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [4a9e4c61.exe] C:\WINDOWS\system32\4a9e4c61.exe
O4 - HKLM\..\Run: [ab345c2a.exe] C:\WINDOWS\system32\ab345c2a.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [4a9e4c61.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\4a9e4c61.exe
O4 - HKCU\..\Run: [ab345c2a.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\ab345c2a.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winabt32 - C:\WINDOWS\SYSTEM32\winabt32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Any help would be appriciated.

I hope to get back to normal.

kaleen15

Quick solution:
In Internet Explorer, under Tools choose Manage Add-ons, disable options you do not recognise. I disabled
- SpywareBlock class
- Nothing
Try Avast to remove the trojans
Hope this helps you. It helped me.

Willeey

kaleen15 wrote:

Quick solution:
In Internet Explorer, under Tools choose Manage Add-ons, disable options you do not recognise. I disabled
- SpywareBlock class
- Nothing
Try Avast to remove the trojans
Hope this helps you. It helped me.

I have tried the above and I am still infected with the trojan. I have however regained my homepage, although everything is running slow and I still get some unwanted security alerts.

Any other advice would help.

Thanks

Willeey

I'm sorry if I might have sounded a little demanding earlier. I would really appriciate any help at all in righting the wrong that I have created for myself. The first Hijack log is old, and I have done a lot of scans and fixes in the last couple of days, so I thought it would be better to resummit all of my new information. This way it would be easier for you guys/gals to help me out.

Again I appologise for any rudeness I might have caused.

Finnally I know for sure I have a Trogan in one of my .dll files. I have tried many different virus removal software to no avail. I am still able to use my system. So this is no rush, but I'll check back daily to see if any advice is given.

Thanks again in advance.

You guys rock for providing such a valuable service.



New Hijack File and others PLEASE HELP CLEAN MY SYSTEM!!!


KASPERSKY ON-LINE SCANNER REPORT
Thursday, June 15, 2006 7:50:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/06/2006
Kaspersky Anti-Virus database records: 188784


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 33992
Number of viruses found 7
Number of infected objects 20
Number of suspicious objects 0
Duration of the scan process 00:17:06

Infected Object Name Virus Name Last Action
C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP81\A0003177.tlb Infected: Trojan-Downloader.Win32.Zlob.sp skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP81\A0003178.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP83\A0003203.exe Infected: Trojan-Downloader.Win32.PurityScan.cr skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP83\A0003244.tlb Infected: Trojan-Downloader.Win32.Zlob.sp skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP85\A0003267.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP85\A0003268.tlb Infected: Trojan-Downloader.Win32.Zlob.sp skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP86\A0003281.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP89\A0003309.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP90\A0003331.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003425.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003426.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003428.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003432.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003436.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003437.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003438.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP94\A0003704.exe Infected: Trojan-Downloader.Win32.Zlob.sr skipped

C:\WINDOWS\Downloaded Program Files\rdgCA2405.exe Infected: Trojan-Downloader.Win32.Agent.alf skipped

C:\WINDOWS\system32\ld101.tmp Infected: Trojan-Downloader.Win32.Zlob.sq skipped

C:\WINDOWS\system32\simpole.tlb Infected: Trojan-Downloader.Win32.Zlob.sp skipped

Scan process completed.




BitDefender Online Scanner



Scan report generated at: Thu, Jun 15, 2006 - 17:52:49





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistics

Time
00:20:10

Files
151006

Folders
3515

Boot Sectors
3

Archives
7130

Packed Files
10659




Results

Identified Viruses
3

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
10




Engines Info

Virus Definitions
388218

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
39

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP90\A0003344.dll
Infected with: Trojan.Agent.QF

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP90\A0003344.dll
Disinfection failed

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP90\A0003344.dll
Deleted

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003427.dll=>(Quarantine-2)
Infected with: Trojan.Agent.QF

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003427.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003427.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003430.dll=>(Quarantine-2)
Infected with: Trojan.Agent.QF

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003430.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003430.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003433.dll=>(Quarantine-2)
Infected with: Trojan.Agent.QF

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003433.dll=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003433.dll=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003435.exe=>(Quarantine-2)
Infected with: Trojan.Startpage.EX

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003435.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{D2A308C1-9361-401A-A52C-C2144E1F810C}\RP93\A0003435.exe=>(Quarantine-2)
Deleted

C:\WINDOWS\system32\regperf.exe
Infected with: Trojan.Downloader.Zlob.OA

C:\WINDOWS\system32\regperf.exe
Disinfection failed

C:\WINDOWS\system32\regperf.exe
Deleted

















Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Administrator\Favorites\Antivirus Test Online.url
Dialer:dialer.no Not disinfected C:\WINDOWS\Downloaded Program Files\rdgCA2405.exe
Adware:adware/spywarequake Not disinfected C:\WINDOWS\system32\1024\ldFABD.tmp
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\ld101.tmp




Logfile of HijackThis v1.99.1
Scan saved at 7:53:30 PM, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [New Value #1] c:\sysprep\test\ftest\ftest.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} -

http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winabt32 - winabt32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -
C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program

Files\Sunbelt Software\Personal Firewall\kpf4ss.exe