I think that someone is trying to hack my computer+ spyware and A/V issues

sodabonesodabone
edited November 2006 in Spyware & Virus Removal
Someone keeps on trying to connect to my comouter. Then whilst in Google mail, it said the server was down but it look like a fake because there was no Trademark sign next to the google logo.

Here are my log files:

Logfile of HijackThis v1.99.1
Scan saved at 1:46:45 AM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hide IP Platinum\hideippla.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\PostgreSQL\8.0\bin\postmaster.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\PokerStars\PokerStarsCommunicate.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Jason\Desktop\VundoFix.exe
C:\Documents and Settings\Jason\Desktop\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thehendonmob.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.192.100.121:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {830E7C88-E6C9-4DCF-BF5B-24CD374F9B20} - C:\DOCUME~1\Jason\LOCALS~1\Temp\~DP1591.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: BlondePokerLeague - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\BLONDE~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: Poker Poker - {5EC1258A-7D9F-417e-B0B4-6C0A46CD9AC5} - C:\Program Files\123pokerMPP\MPPoker.exe
O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - Unknown owner - C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe" runservice -N "pgsql-8.0" -D "C:\Program Files\PostgreSQL\8.0\data\ (file missing)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks in advance:thumbsup:

Comments

  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Hi Sodabone! I got your message. What makes you believe someone is trying to connect to your PC? Are there certain symptoms?

    Do you really use all those gaming programs you have installed? The reason I ask is that most carry with them the threat of reduced security and bundled adware. I will look over the log but could you please post the answer to the above questions?
  • sodabonesodabone
    edited October 2006
    skywalker45 wrote:
    Hi Sodabone! I got your message. What makes you believe someone is trying to connect to your PC? Are there certain symptoms?

    Do you really use all those gaming programs you have installed? The reason I ask is that most carry with them the threat of reduced security and bundled adware. I will look over the log but could you please post the answer to the above questions?

    I play Poker for a living; so they have to stay ;)

    I've been using Zonealarm for a few months now and recently, I have been getting loads of warning pop-ups, stating that another program or computer is trying and has failed to connect to my computer.

    I also keep getting a junk mail message once a day. The English doesn't make sense and it has a .gif image attached, which must be a virus. I do not read or open the email - I just delete it - but it is really annoying and obviously, I am unable to unsubscribe from this email or block it??? (Gmail)

    Does Zone Alarm have log files? Maybe I can post them here.

    Thanks in advance :)
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    I'm not sure about Zone Alarms capability to make log files. It's a great program but I don't use it. I'm behind a Symantec firewall and a hardware firewall so I don't need any more protection:D

    You might open the program and look for any areas where logs might be saved. I would like to see what it says it's blocking. Whether it's an outside IP or an actual program (or single file) trying to get through.

    The gaming programs can stay as long as you use them. Just be very careful. I'm going to have you run a program that will give us some idea of what's changed with your PC over the past few weeks. Please follow the instructions below:
    • Download this file - combofix.exe
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

    Post back with the Combofix log and a fresh Hijack This log.
  • sodabonesodabone
    edited October 2006
    Hi :D ,

    Jason - 06-10-25 14:35:40.24 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Jason\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))


    2006-10-21 13:46 15,440 --a
    C:\WINDOWS\system32\drivers\hamachi.sys
    2006-10-16 00:42 385,024 --a
    C:\WINDOWS\system32\sqlite3odbc.dll
    2006-10-08 13:40 502,368 --a
    C:\WINDOWS\system32\drivers\amon.sys
    2006-10-08 13:40 274,432 --a
    C:\WINDOWS\system32\imon.dll
    2006-10-02 23:07 761,856 --a
    C:\WINDOWS\system32\xvidcore.dll
    2006-10-02 23:07 75,264 --a
    C:\WINDOWS\system32\MACDec.dll
    2006-10-02 23:07 61,440 --a
    C:\WINDOWS\system32\libfaac.dll
    2006-10-02 23:07 45,568 --a
    C:\WINDOWS\system32\huffyuv.dll
    2006-10-02 23:07 446,464 --a
    C:\WINDOWS\system32\vp31vfw.dll
    2006-10-02 23:07 438,272 --a
    C:\WINDOWS\system32\vp6vfw.dll
    2006-10-02 23:07 421,888 --a
    C:\WINDOWS\system32\OpenQuicktimeLib.dll
    2006-10-02 23:07 413,760 --a
    C:\WINDOWS\system32\mpg4c32.dll
    2006-10-02 23:07 344,064 --a
    C:\WINDOWS\system32\msvcr70.dll
    2006-10-02 23:07 286,720 --a
    C:\WINDOWS\system32\3ivxVfWCodec.dll
    2006-10-02 23:07 245,408 --a
    C:\WINDOWS\system32\unicows.dll
    2006-10-02 23:07 2,024,448 --a
    C:\WINDOWS\system32\divx.dll
    2006-10-02 23:07 19,968 --a
    C:\WINDOWS\system32\cpuinf32.dll
    2006-10-02 23:07 180,224 --a
    C:\WINDOWS\system32\xvidvfw.dll
    2006-10-02 23:07 1,415,680 --a
    C:\WINDOWS\system32\WMV9VCM.dll
    2006-10-02 23:07 1,024,000 --a
    C:\WINDOWS\system32\3ivx.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-25 14:40
    d
    C:\Program Files\PeerGuardian2
    2006-10-25 13:04
    d
    C:\Program Files\Poker Tracker Omaha
    2006-10-25 09:22
    d
    C:\Program Files\iPod
    2006-10-25 07:32
    d
    C:\Program Files\PokerStars
    2006-10-25 06:26
    d
    C:\Program Files\Mozilla Firefox
    2006-10-25 05:07
    d
    C:\Program Files\Poker Tracker V2
    2006-10-24 18:53
    d
    C:\Program Files\Full Tilt Poker
    2006-10-24 16:28
    d
    C:\Program Files\Apple Software Update
    2006-10-24 13:34
    d
    C:\Program Files\ewido anti-spyware 4.0
    2006-10-23 23:44
    d
    C:\Program Files\SpywareBlaster
    2006-10-23 23:19
    d
    C:\Program Files\Spyware Doctor
    2006-10-23 22:56
    d
    C:\Program Files\MaxTV Online
    2006-10-23 21:54
    d
    C:\Program Files\MaxSoftware
    2006-10-22 13:45
    d
    C:\Documents and Settings\Jason\Application Data\Skype
    2006-10-22 13:42
    d
    C:\Documents and Settings\Jason\Application Data\PPMate
    2006-10-22 13:41
    d
    C:\Program Files\PPMate
    2006-10-22 13:22
    d
    C:\Documents and Settings\Jason\Application Data\ppStream
    2006-10-22 13:20
    d
    C:\Program Files\PPStream
    2006-10-22 11:52
    d
    C:\Program Files\Betfair Poker
    2006-10-22 09:21
    d
    C:\Documents and Settings\Jason\Application Data\Microgaming
    2006-10-22 05:36
    d
    C:\Program Files\Hide IP Platinum
    2006-10-21 14:15
    d
    C:\Documents and Settings\Jason\Application Data\Hamachi
    2006-10-21 13:49
    d
    C:\Program Files\Hamachi
    2006-10-21 12:15
    d
    C:\Program Files\Gabest
    2006-10-21 10:52
    d
    C:\Program Files\IdleMiner Full Tilt
    2006-10-20 20:55
    d
    C:\Program Files\royalvegasMPP
    2006-10-20 20:55
    d
    C:\Program Files\ladbrokesMPP
    2006-10-20 20:55
    d
    C:\Program Files\123pokerMPP
    2006-10-20 15:25
    d
    C:\Program Files\stanjamesgibMPP
    2006-10-20 10:12
    d
    C:\Program Files\Advanced Registry Doctor
    2006-10-18 21:20
    d
    C:\Program Files\21cn
    2006-10-18 20:20
    d
    C:\Program Files\TVUPlayer
    2006-10-18 00:53
    d
    C:\Documents and Settings\Jason\Application Data\Ahead
    2006-10-16 05:43
    d
    C:\Program Files\Absolute Poker
    2006-10-16 05:13
    d
    C:\Program Files\BlondePokerLeague
    2006-10-16 00:41
    d
    C:\Program Files\SQLite ODBC Driver
    2006-10-15 15:47
    d
    C:\Program Files\TruePoker
    2006-10-14 15:02
    d
    C:\Program Files\ParadisePoker
    2006-10-14 02:22
    d
    C:\Program Files\UltimateBet
    2006-10-13 14:48
    d
    C:\Program Files\Bodog Poker
    2006-10-10 12:48
    d
    C:\Program Files\ESET
    2006-10-09 15:41
    d--h
    C:\Program Files\InstallShield Installation Information
    2006-10-09 14:05
    d
    C:\Program Files\Titan Poker
    2006-10-08 19:26
    d
    C:\Program Files\InterPoker
    2006-10-08 16:21
    d
    C:\Program Files\HollywoodPoker
    2006-10-08 15:53
    d
    C:\Program Files\PKR
    2006-10-08 15:46
    d
    C:\Program Files\EurobetPoker
    2006-10-08 15:45
    d
    C:\Program Files\Poker
    2006-10-08 14:41
    d
    C:\Program Files\William Hill Poker
    2006-10-03 15:27
    d
    C:\Program Files\GSpot
    2006-10-03 15:14
    d
    C:\Program Files\MPlayer
    2006-10-03 15:07
    d
    C:\Program Files\XviD
    2006-10-02 23:24
    d
    C:\Program Files\WinAVIVideoConverter
    2006-10-02 23:19
    d
    C:\Documents and Settings\Jason\Application Data\vlc
    2006-10-02 23:18
    d
    C:\Program Files\VideoLAN
    2006-10-02 23:09
    d
    C:\Program Files\K-Lite Codec Pack
    2006-10-02 23:09
    d
    C:\Documents and Settings\Jason\Application Data\Media Player Classic
    2006-10-02 23:06
    d
    C:\Program Files\Common Files\Real
    2006-10-02 23:06
    d
    C:\Program Files\Common Files
    2006-10-02 23:05
    d
    C:\Documents and Settings\Jason\Application Data\Real
    2006-10-02 23:04
    d
    C:\Program Files\DivX
    2006-10-01 04:45
    d
    C:\Program Files\PartyGaming
    2006-09-24 14:59
    d
    C:\Program Files\QuickTime
    2006-09-24 14:55
    d
    C:\Program Files\SuperStreaming
    2006-09-24 14:55
    d
    C:\Program Files\Mediacenter
    2006-09-21 16:28
    d---s---- C:\Documents and Settings\Jason\Application Data\Microsoft
    2006-09-21 16:22
    d
    C:\Program Files\Microsoft Windows Vista Upgrade Advisor
    2006-09-21 15:33
    d
    C:\Program Files\Microsoft Script Debugger
    2006-09-19 10:16
    d
    C:\Program Files\WorldPx
    2006-09-17 15:28
    d
    C:\Program Files\QO Labs
    2006-09-17 15:20
    d
    C:\Program Files\TVAnts
    2006-09-16 12:06
    d
    C:\Program Files\GutshotPoker
    2006-09-13 20:30
    d
    C:\Documents and Settings\Jason\Application Data\SopCast
    2006-09-13 20:28
    d
    C:\Program Files\SopCast
    2006-09-13 06:01 1084416 --a
    C:\WINDOWS\system32\msxml3.dll
    2006-09-09 21:25
    d
    C:\Program Files\ACW
    2006-09-09 09:15
    d
    C:\Documents and Settings\Jason\Application Data\LimeWire
    2006-09-09 08:21
    d
    C:\Program Files\IdleMiner
    2006-09-08 08:31
    d
    C:\Program Files\Yahoo!
    2006-09-07 22:54
    d
    C:\Program Files\TonyG
    2006-09-04 05:13
    d
    C:\Program Files\GameTimePlus
    2006-09-03 19:51
    d
    C:\Program Files\_uninstallation_info
    2006-09-03 02:38
    d
    C:\Program Files\PokerAce Hud
    2006-09-02 23:27
    d
    C:\Program Files\Common Files\AOL
    2006-09-02 23:27
    d
    C:\Program Files\AOL Companion
    2006-09-02 23:27
    d
    C:\Program Files\AOL 9.0
    2006-09-02 19:20
    d
    C:\Program Files\VoyagerTest
    2006-09-02 19:20
    d
    C:\Program Files\Common Files\FTL Shared
    2006-09-02 19:19
    d
    C:\Program Files\BT Voyager 105 ADSL Modem
    2006-09-02 19:18
    d
    C:\Program Files\VoyagerModem105Drivers
    2006-09-02 19:16
    d
    C:\Program Files\VoyagerModemDrivers
    2006-09-02 01:06
    d
    C:\Documents and Settings\Jason\Application Data\AdobeUM
    2006-08-31 18:00 51072 --a
    C:\WINDOWS\system32\drivers\ikhlayer.sys
    2006-08-30 12:13
    d
    C:\Program Files\UltimateBuddy
    2006-08-29 14:59
    d
    C:\Program Files\Skype
    2006-08-29 01:12
    d
    C:\Documents and Settings\Jason\Application Data\Adobe
    2006-08-28 15:51
    d
    C:\Program Files\PostgreSQL
    2006-08-28 14:54
    d
    C:\Program Files\PPLive
    2006-08-28 14:53
    d
    C:\Program Files\MSXML 4.0
    2006-08-28 07:18
    d
    C:\Program Files\Common Files\Synacast
    2006-08-28 07:17
    d
    C:\Program Files\GAOV
    2006-08-27 22:29
    d
    C:\Documents and Settings\Jason\Application Data\Sun
    2006-08-26 23:18
    d
    C:\Program Files\MANSION
    2006-08-26 23:07
    d
    C:\Program Files\PokerStove
    2006-08-26 20:56
    d
    C:\Program Files\Diskeeper Corporation
    2006-08-26 14:51
    d
    C:\Documents and Settings\Jason\Application Data\--Nemesis--
    2006-08-26 14:26
    d
    C:\Documents and Settings\Jason\Application Data\InterVideo
    2006-08-26 14:25
    d
    C:\Program Files\Common Files\InterVideo
    2006-08-26 14:24
    d
    C:\Program Files\InterActual
    2006-08-26 14:21
    d
    C:\Program Files\InterVideo Information Service
    2006-08-26 14:21
    d
    C:\Documents and Settings\Jason\Application Data\Google
    2006-08-26 14:19
    d
    C:\Program Files\Google
    2006-08-26 14:14
    d
    C:\Program Files\InterVideo
    2006-08-26 14:03
    d
    C:\Documents and Settings\Jason\Application Data\Leadertech
    2006-08-26 14:00
    d
    C:\Program Files\WinRAR
    2006-08-26 13:44
    d
    C:\Program Files\Java
    2006-08-26 13:39
    d
    C:\Program Files\LimeWire
    2006-08-26 13:36
    d
    C:\Program Files\Common Files\Java
    2006-08-26 13:06
    d
    C:\Documents and Settings\Jason\Application Data\AOL
    2006-08-26 13:05
    d
    C:\Program Files\Viewpoint
    2006-08-26 13:05
    d
    C:\Program Files\Learn2.com
    2006-08-26 13:05
    d
    C:\Program Files\Common Files\aolshare
    2006-08-26 13:05
    d
    C:\Program Files\Common Files\aolback
    2006-08-26 13:05
    d
    C:\Documents and Settings\Jason\Application Data\You've Got Pictures Screensaver
    2006-08-26 13:04
    d
    C:\Program Files\Common Files\Nullsoft
    2006-08-26 13:00
    d
    C:\Documents and Settings\Jason\Application Data\Mozilla
    2006-08-26 12:49 1369 --a
    C:\Documents and Settings\Jason\Application Data\AdobeDLM.log
    2006-08-26 12:49 0 --a
    C:\Documents and Settings\Jason\Application Data\dm.ini
    2006-08-26 12:45
    d
    C:\Program Files\Common Files\Adobe
    2006-08-26 12:43
    d
    C:\Program Files\Adobe
    2006-08-26 12:36
    d
    C:\Program Files\Windows Media Player
    2006-08-26 12:29
    d
    C:\Program Files\Real
    2006-08-26 12:13
    d
    C:\Program Files\BitComet
    2006-08-26 11:27
    d
    C:\Program Files\OfficeUpdate11
    2006-08-26 11:26
    d
    C:\Program Files\Microsoft Office
    2006-08-26 10:10
    d
    C:\Program Files\Common Files\Microsoft Shared
    2006-08-26 09:53
    d
    C:\Program Files\Zone Labs
    2006-08-26 08:34
    d
    C:\Program Files\Microsoft Works
    2006-08-26 08:14
    d
    C:\Program Files\Microsoft.NET
    2006-08-26 08:14
    d
    C:\Program Files\Microsoft ActiveSync
    2006-08-26 08:12
    d
    C:\Program Files\Common Files\DESIGNER
    2006-08-26 08:11
    d
    C:\Program Files\Microsoft Visual Studio
    2006-08-26 08:11
    d
    C:\Program Files\Common Files\System
    2006-08-26 08:09
    d
    C:\Program Files\Opera
    2006-08-26 08:09
    d
    C:\Documents and Settings\Jason\Application Data\Opera
    2006-08-26 07:25
    d
    C:\Program Files\Messenger
    2006-08-26 07:01
    d
    C:\Program Files\Common Files\Ahead
    2006-08-26 06:58
    d
    C:\Program Files\Nero
    2006-08-26 06:32
    d
    C:\Program Files\CCleaner
    2006-08-26 06:20
    d
    C:\Documents and Settings\Jason\Application Data\Apple Computer
    2006-08-26 06:18
    d
    C:\Program Files\WinZip
    2006-08-26 06:05
    d
    C:\Program Files\Outlook Express
    2006-08-26 05:58
    d
    C:\Documents and Settings\Jason\Application Data\PC Tools
    2006-08-26 05:57
    d
    C:\Program Files\Internet Explorer
    2006-08-26 05:55
    d
    C:\Program Files\Lavasoft
    2006-08-26 05:55
    d
    C:\Documents and Settings\Jason\Application Data\Lavasoft
    2006-08-26 05:47
    d
    C:\Documents and Settings\Jason\Application Data\Macromedia
    2006-08-26 05:17
    d
    C:\Documents and Settings\Jason\Application Data\Dell
    2006-08-26 05:16
    d
    C:\Program Files\Apoint
    2006-08-26 05:15
    d
    C:\Program Files\Dell
    2006-08-26 05:13
    d
    C:\Program Files\SigmaTel
    2006-08-26 05:12
    d
    C:\Program Files\Dell TrueMobile 5100
    2006-08-26 05:10
    d
    C:\Program Files\ATI Technologies
    2006-08-26 05:08
    d
    C:\Program Files\Intel
    2006-08-26 05:07
    d
    C:\Program Files\Common Files\InstallShield
    2006-08-26 04:45
    d
    C:\Program Files\Belkin
    2006-08-26 04:34
    d
    C:\Program Files\Movie Maker
    2006-08-26 04:33
    d
    C:\Program Files\Windows NT
    2006-08-26 04:33
    d
    C:\Program Files\NetMeeting
    2006-08-26 04:22
    d--h
    C:\Program Files\Uninstall Information
    2006-08-26 04:22
    d
    C:\Documents and Settings\Jason\Application Data\Identities
    2006-08-26 04:18
    d
    C:\Program Files\xerox
    2006-08-26 04:18
    d
    C:\Program Files\microsoft frontpage
    2006-08-26 04:17 0 -rahs---- C:\MSDOS.SYS
    2006-08-26 04:17 0 -rahs---- C:\IO.SYS
    2006-08-26 04:17 0 --a
    C:\CONFIG.SYS
    2006-08-26 04:17 0 --a
    C:\AUTOEXEC.BAT
    2006-08-26 04:15
    d
    C:\Program Files\ComPlus Applications
    2006-08-26 04:15
    d
    C:\Program Files\Common Files\Services
    2006-08-26 04:15
    d
    C:\Program Files\Common Files\MSSoap
    2006-08-26 04:14
    d--h
    C:\Program Files\WindowsUpdate
    2006-08-26 04:14
    d
    C:\Program Files\Online Services
    2006-08-26 04:14
    d
    C:\Program Files\MSN Gaming Zone
    2006-08-26 04:14
    d
    C:\Program Files\MSN
    2006-08-26 02:28
    d
    C:\Program Files\Common Files\SpeechEngines
    2006-08-26 02:28
    d
    C:\Program Files\Common Files\ODBC
    2006-08-26 02:27 62 --ahs---- C:\Documents and Settings\Jason\Application Data\desktop.ini
    2006-08-25 16:45 617472 --a
    C:\WINDOWS\system32\comctl32.dll
    2006-08-23 00:31 5906432
    C:\WINDOWS\system32\ieframe.dll
    2006-08-23 00:31 50688
    C:\WINDOWS\system32\msfeedsbs.dll
    2006-08-23 00:31 457728
    C:\WINDOWS\system32\msfeeds.dll
    2006-08-23 00:31 413696 --a
    C:\WINDOWS\system32\vbscript.dll
    2006-08-23 00:31 225792 --a
    C:\WINDOWS\system32\webcheck.dll
    2006-08-23 00:31 175616
    C:\WINDOWS\system32\ieui.dll
    2006-08-23 00:31 152064 --a
    C:\WINDOWS\system32\msls31.dll
    2006-08-23 00:18 78336 --a
    C:\WINDOWS\system32\ieencode.dll
    2006-08-23 00:18 206336
    C:\WINDOWS\system32\WinFXDocObj.exe
    2006-08-23 00:17 40448 --a
    C:\WINDOWS\system32\licmgr10.dll
    2006-08-23 00:17 105472 --a
    C:\WINDOWS\system32\url.dll
    2006-08-23 00:17 100352 --a
    C:\WINDOWS\system32\occache.dll
    2006-08-23 00:16 16896 --a
    C:\WINDOWS\system32\corpol.dll
    2006-08-23 00:14 378368 --a
    C:\WINDOWS\system32\iedkcs32.dll
    2006-08-23 00:14 229376 --a
    C:\WINDOWS\system32\ieaksie.dll
    2006-08-23 00:13 71680 --a
    C:\WINDOWS\system32\admparse.dll
    2006-08-23 00:13 55296 --a
    C:\WINDOWS\system32\iesetup.dll
    2006-08-23 00:13 54784 --a
    C:\WINDOWS\system32\ie4uinit.exe
    2006-08-23 00:13 43008 --a
    C:\WINDOWS\system32\iernonce.dll
    2006-08-23 00:13 152064 --a
    C:\WINDOWS\system32\ieakeng.dll
    2006-08-23 00:13 122880 --a
    C:\WINDOWS\system32\advpack.dll
    2006-08-23 00:13 11776 --a
    C:\WINDOWS\system32\ieudinit.exe
    2006-08-23 00:11 12288
    C:\WINDOWS\system32\msfeedssync.exe
    2006-08-23 00:10 61440
    C:\WINDOWS\system32\icardie.dll
    2006-08-23 00:10 35328 --a
    C:\WINDOWS\system32\imgutil.dll
    2006-08-23 00:09 262656
    C:\WINDOWS\system32\iertutil.dll
    2006-08-23 00:07 45568 --a
    C:\WINDOWS\system32\mshta.exe
    2006-08-22 23:37 48128 --a
    C:\WINDOWS\system32\mshtmler.dll
    2006-08-22 23:36 380928
    C:\WINDOWS\system32\ieapfltr.dll
    2006-08-22 23:30 161792 --a
    C:\WINDOWS\system32\ieakui.dll
    2006-08-21 13:21 16896 --a
    C:\WINDOWS\system32\fltlib.dll
    2006-08-21 10:14 23040 --a
    C:\WINDOWS\system32\fltmc.exe
    2006-08-16 12:58 100352 --a
    C:\WINDOWS\system32\6to4svc.dll
    2006-07-27 14:24 679424 --a
    C:\WINDOWS\system32\inetcomm.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
    "PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Hide IP Platinum"="C:\\Program Files\\Hide IP Platinum\\hideippla.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ATIModeChange"="Ati2mdxx.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\QuickSet.exe"
    "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "QuickTime Task"="\"C:\\Program Files\\K-Lite Codec Pack\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,b6,00,00,00,00,00,00,00,ca,06,00,00,8e,04,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,8e,04,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,8e,04,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoResolveTrack"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL 9.0 Tray Icon.lnk"
    "backup"="C:\\WINDOWS\\pss\\AOL 9.0 Tray Icon.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\AOL9~1.0\\aoltray.exe -check"
    "item"="AOL 9.0 Tray Icon"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
    "item"="InterVideo WinCinema Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office OneNote 2003 Quick Launch.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.EXE /tsr"
    "item"="Microsoft Office OneNote 2003 Quick Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    "path"="C:\\Documents and Settings\\Jason\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
    "backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
    "item"="LimeWire On Startup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_pgaccount]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pgaccount"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\ProcessGuard\\pgaccount.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!1_ProcessGuard_Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="procguard"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="fts"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AOLDial"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NMBgMonitor"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DkIcon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dslagent"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dslstat"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GC75-Manager-Class]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GPRSMgr"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Dell TrueMobile 5100\\GPRSMgr.exe\" -startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    Completion time: 06-10-25 14:49:12.87
    C:\ComboFix.txt ... 06-10-25 14:49


    Hi-jack this:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:53:28 PM, on 10/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\aniServ.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\QuickSet.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Advanced Registry Doctor\RegManServ.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\PostgreSQL\8.0\bin\postmaster.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hide IP Platinum\hideippla.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
    C:\Program Files\Poker Tracker V2\ptrack2.exe
    C:\Program Files\PostgreSQL\8.0\bin\postgres.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Documents and Settings\Jason\Desktop\Spyware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thehendonmob.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.88.223.98:80
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {830E7C88-E6C9-4DCF-BF5B-24CD374F9B20} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: BlondePokerLeague - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\BLONDE~1\client.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
    O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
    O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe
    O9 - Extra button: Poker Poker - {5EC1258A-7D9F-417e-B0B4-6C0A46CD9AC5} - C:\Program Files\123pokerMPP\MPPoker.exe
    O9 - Extra button: Stan James Poker.com Poker - {7F2F6F5A-CAE2-4954-A461-36B3757B2BFB} - C:\Program Files\stanjamesgibMPP\MPPoker.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
    O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\Villa\MANSION.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - Unknown owner - C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe" runservice -N "pgsql-8.0" -D "C:\Program Files\PostgreSQL\8.0\data\ (file missing)
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Which Registry enhancement/mechanical software would you recomend?

    Thanks in advance :D
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    It will take me some time to go over this log. Please be patient and I'll be back with you as soon as possible. Registry Mechanic is one of the better known registry cleaning programs but there are several and you should weigh the benefits and drawbacks of each. I'll research some more and let you know. Be back soon.
    :)
  • sodabonesodabone
    edited October 2006
    tyvm.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Well I'm really not sure what's going on here but I would like to see another log from a different program. If nothing shows up there we'll run a check for rootkits and such.

    Download SmitfraudFix (by S!Ri) to your Desktop.
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd

    sirismit1ay1.jpg

    Select option #1 - Search by typing 1 and press Enter

    sirismit2ft8.jpg

    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

    IMPORTANT: Do NOT run any other options until you are asked to do so!
  • sodabonesodabone
    edited October 2006
    Hi :D


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jason


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jason\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jason\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Hi Sodabone! I don't see anything there either, so as I promised we'll check for rootkits just to make sure:

    Step 1.
    ==========
    - Please download F-Secure's trial Blacklight from here
    - Print out the help page for guidance. It will be found here
    - Click the "I Accept" button at the the license agreement
    - Click the "Download" button to start the download
    - Save it to your Desktop

    Step 2.
    ==========
    - Double-click the blbeta.exe file on your Desktop
    - Select the "I Accept the agreement" at the license agreement, then click "Next"
    - Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
    - Click "Scan
    - When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
    - A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
    - Paste the contents of that log back here.
  • sodabonesodabone
    edited October 2006
    10/28/06 04:01:40 [Info]: BlackLight Engine 1.0.47 initialized
    10/28/06 04:01:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    10/28/06 04:01:40 [Note]: 7019 4
    10/28/06 04:01:40 [Note]: 7005 0
    10/28/06 04:10:19 [Note]: 7006 0
    10/28/06 04:10:19 [Note]: 7011 688
    10/28/06 04:10:19 [Note]: 7026 0
    10/28/06 04:10:20 [Note]: 7026 0
    10/28/06 04:10:26 [Note]: FSRAW library version 1.7.1020
    10/28/06 04:27:46 [Note]: 7007 0
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Hi Sodabone. I'm sorry but I thought I already answered this. I don't see any problems in your logs. There is one more scan we can do that might reveal something. Instructions below:

    Go here and download then run Silent Runners.vbs. It generates a log, please post the information back in this thread.
    If you have a script blocking program, please allow the file to run. It is not malicious.
  • sodabonesodabone
    edited October 2006
    Also, my pc seems to be running at 100% a lot of the time? is this safe?
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    That would depend on what processes are currently running and how much CPU those use. My CPU runs at 100% all the time too, but I run the Folding at home program and this runs at low priority so it doesn't interfere with anything else I'm doing. Working at 100% all the time should not cause any damage, but that all depends on the apps and such.

    Could you please post the silent runners log and I would also like to see a list of processes. Instructions below:

    Start Hijack This and click the open the misc. tools section button. On the next window click the button that says Open process manager. On the next window click on the clipboard on the upper right corner of the white window. This will copy the running processes to your clipboard. Paste that log here along with the results of Silent Runners.
  • sodabonesodabone
    edited November 2006
    skywalker45 wrote:
    That would depend on what processes are currently running and how much CPU those use. My CPU runs at 100% all the time too, but I run the Folding at home program and this runs at low priority so it doesn't interfere with anything else I'm doing. Working at 100% all the time should not cause any damage, but that all depends on the apps and such.

    Could you please post the silent runners log and I would also like to see a list of processes. Instructions below:

    Start Hijack This and click the open the misc. tools section button. On the next window click the button that says Open process manager. On the next window click on the clipboard on the upper right corner of the white window. This will copy the running processes to your clipboard. Paste that log here along with the results of Silent Runners.

    where is my clipboard?

    Process list saved on 11:51:15 AM, on 11/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)

    [pid] [full path to filename] [file version] [company name]
    688 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
    736 C:\WINDOWS\system32\csrss.exe 5.1.2600.2180 Microsoft Corporation
    760 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
    808 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
    820 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
    968 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4079
    980 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    1056 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    1156 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    1208 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    1276 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    1388 C:\WINDOWS\system32\ZoneLabs\vsmon.exe 6.5.737.0 Zone Labs, LLC
    1768 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4079
    1840 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
    384 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
    1148 C:\WINDOWS\System32\aniServ.exe 1.0.0.1 Airgo Networks, Inc.
    1228 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe 10.0.608.0 Diskeeper Corporation
    1260 C:\Program Files\ewido anti-spyware 4.0\guard.exe 4.0.0.172 Anti-Malware Development a.s.
    1300 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 7.0.9466.0 Microsoft Corporation
    1740 C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe 1.0.0.1 Dell Inc.
    1780 C:\Program Files\Eset\nod32krn.exe 2.51.26.0 Eset
    1812 C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe 8.0.3.5131 PostgreSQL Global Development Group
    1928 C:\Program Files\Advanced Registry Doctor\RegManServ.exe
    2036 C:\Program Files\Spyware Doctor\sdhelp.exe 3.6.0.2025 PC Tools Research Pty Ltd
    376 C:\Program Files\PostgreSQL\8.0\bin\postmaster.exe 8.0.3.5131 PostgreSQL Global Development Group
    2208 C:\WINDOWS\System32\alg.exe 5.1.2600.2180 Microsoft Corporation
    2372 C:\WINDOWS\System32\wbem\wmiprvse.exe 5.1.2600.2180 Microsoft Corporation
    2824 C:\Program Files\PostgreSQL\8.0\bin\postgres.exe 8.0.3.5131 PostgreSQL Global Development Group
    2960 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 6.14.10.5028 ATI Technologies, Inc.
    2996 C:\Program Files\Dell\QuickSet\QuickSet.exe 1.0.0.1
    3020 C:\Program Files\Apoint\Apoint.exe 5.5.101.156 Alps Electric Co., Ltd.
    3036 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe 5.0.80.3 Sun Microsystems, Inc.
    3116 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 6.5.737.0 Zone Labs, LLC
    3128 C:\Program Files\Eset\nod32kui.exe 2.51.26.0 Eset
    3144 C:\Program Files\iTunes\iTunesHelper.exe 7.0.1.8 Apple Computer, Inc.
    3156 C:\Program Files\Spyware Doctor\swdoctor.exe 4.0.0.2618 PC Tools Research Pty Ltd
    3180 C:\Program Files\PeerGuardian2\pg2.exe 1.0.6.4 Methlabs
    3188 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
    3268 C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE 11.0.6550.0 Microsoft Corporation
    3380 C:\Program Files\PostgreSQL\8.0\bin\postgres.exe 8.0.3.5131 PostgreSQL Global Development Group
    3392 C:\Program Files\PostgreSQL\8.0\bin\postgres.exe 8.0.3.5131 PostgreSQL Global Development Group
    3412 C:\Program Files\iPod\bin\iPodService.exe 7.0.1.8 Apple Computer, Inc.
    3432 C:\Program Files\Apoint\HidFind.exe 1.1.0.23 Alps Electric Co., Ltd.
    3464 C:\Program Files\Apoint\Apntex.exe 5.5.1.22 Alps Electric Co., Ltd.
    3504 C:\Program Files\PostgreSQL\8.0\bin\postgres.exe 8.0.3.5131 PostgreSQL Global Development Group
    360 C:\Documents and Settings\Jason\Desktop\AbsolutePoker6_8_15.exe
    2604 C:\Program Files\Mozilla Firefox\firefox.exe 1.8.20061.1023 Mozilla Corporation
    2400 C:\Program Files\Poker Tracker V2\ptrack2.exe 7.0.3.10312
    1868 C:\Program Files\PostgreSQL\8.0\bin\postgres.exe 8.0.3.5131 PostgreSQL Global Development Group
    2056 C:\Program Files\Poker Tracker Omaha\pto.exe 7.0.3.10312
    2124 C:\Program Files\PostgreSQL\8.0\bin\postgres.exe 8.0.3.5131 PostgreSQL Global Development Group
    2292 C:\Program Files\Full Tilt Poker\FullTiltPoker.exe 4.5.34.3 Full Tilt Poker
    3784 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
    4092 C:\Documents and Settings\Jason\Desktop\Spyware\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited November 2006
    No malicious programs running here that I can see. Your clipboard is where stuff is copied to when you press (ctrl + V) or when you right click and the left click copy or cut. You did this correctly so I assume you are not having clipboard (copy and paste) problems.

    Could you please post the Silent Runners log as instructed earlier?
    :)
  • sodabonesodabone
    edited November 2006
    skywalker45 wrote:
    No malicious programs running here that I can see. Your clipboard is where stuff is copied to when you press (ctrl + V) or when you right click and the left click copy or cut. You did this correctly so I assume you are not having clipboard (copy and paste) problems.

    Could you please post the Silent Runners log as instructed earlier?
    :)

    Hi Skywalker,

    The silent runners log was too many characters (690000!!!) :type:
  • skywalker45skywalker45 Bloomington, IN. USA
    edited November 2006
    Yes I know. They can be huge. You can post it but you would need to post it over several separate posts.
    :)
  • sodabonesodabone
    edited November 2006
    Ok I will post later
  • skywalker45skywalker45 Bloomington, IN. USA
    edited November 2006
    Please do. Once you post the log it will take some time for me to go over it so please be patient.
    :)
Sign In or Register to comment.