CA Anti Virus Says Infeced??
coll
Ireland
Hi All
I have CA Anti Virus loaded on XP Pro, I have noticed the past few scans says the I am infected (not me the computer), but I can't remove tham. Is this a problem for me ?? Can any one point me in the right direction
Thanks
Coll
I have CA Anti Virus loaded on XP Pro, I have noticed the past few scans says the I am infected (not me the computer), but I can't remove tham. Is this a problem for me ?? Can any one point me in the right direction
Thanks
Coll
0
Comments
Welcome to icrontic Malware Removal Forum.
My name is peku006 and I will be assisting you.
Lets start with this:
Click here to download HJTsetup.exe
Here is a copy of my log
Logfile of HijackThis v1.99.1
Scan saved at 12:02:30, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hjack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TEXTHE~3.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {E6280729-9251-41D7-BC1C-572C9548C962} - C:\WINDOWS\system32\HPI4.dll (file missing)
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
You aren't running Firewall Software. Please download and install one of them first!
Use a Firewall - Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound/outbound not sure). Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
Computer Safety On line - Software Firewalls
I use ZoneAlarm Free Edition (which is free for personal use) but you might just prefer something different!
As you did this, we can begin with the fix.
Step 1: Disable Windows Defender
Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:
- Open Windows Defender
- Click Tools
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection (recommended)
- Close Windows Defender
Once your log is clean you can re-enable Windows Defender Real Time Protection.Step 2: Remove bad HijackThis entries
- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
Step 3: Download and Run AFT CleanerO2 - BHO: (no name) - {E6280729-9251-41D7-BC1C-572C9548C962} - C:\WINDOWS\system32\HPI4.dll (file missing)
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Step 4: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives Scan Mail Bases
- Click OK
- Now under select a target to scan:
- Select My Computer
- The program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
Step 5: Download and run Deckard’s System ScannerDownload Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Finally, please post Kaspersky Online Scan Report , Dss.main.txt and Dss.extra.txt
Well I have carried out your instruction. But when I try to install the ZoneAlarm firewall it's telling me to uninstall my ca anti virus? is there a way around this or do I just buy the ca firewall add on?
Here is the logs you asked for
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 04, 2007 11:09:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/07/2007
Kaspersky Anti-Virus database records: 358115
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
E:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\
Scan Statistics:
Total number of scanned objects: 64478
Number of viruses found: 2
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:59:27
Infected Object Name / Virus Name / Last Action
C:\D2\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12eb7ad9fa32b65e65afa36b23e411b4_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1dfc3ab224b53f6aed64c5428d703ace_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b4de064124d264dc2f45db124933848_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f2d56e85b320e653cd490d59534e2a2_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\348a34b31822cc68afbb0af3ade1f806_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36f922a045d8f27c80e803e006b7a26b_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d685697359925adf40f2924392f0b5_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3cf0d53722df2b78e3bca153a236d71c_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\464a0e7233b77d10fb8b5390cc549677_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46bc100066384d2527482e157d9607be_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\566214c40f9d1abe070d4898386373f8_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57ce3c0e4d817dc55c6211f01163b270_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59cd672f0ae1d7ff67b0d44f91657bfb_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5dcaf1aae8d36016579fab19839c2641_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ddc77b2eb18e1143f6c54b1bf56e852_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f6e29493e06a7706cc82e43d1b20013_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\71e698e3000e0c16b1f667d1a0659506_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fc1e4dadae2288bf4908ed74301fc19_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b21b2dae7e62d121cda842eb0133cfca_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2617c3f3473febaa06df89a92a7a11f_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6ceb26a6e29d8753e026bb1caa86ffc_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c305656cfa8dcda9d03f266ead4d14c1_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9e20d7e58fc71a43707a0b2c26b40c6_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f17b5162db2952ba4b07abd9280867ad_c45aee67-82f2-49af-831d-e17e050dc968 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03042007-122116.log Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\cert8.db Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\flashgot.log Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\history.dat Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\key3.db Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\parent.lock Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\search.sqlite Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Thunderbird\Profiles\r28lkz73.default\abook.mab Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Thunderbird\Profiles\r28lkz73.default\Mail\Local Folders\Inbox.msf Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Thunderbird\Profiles\r28lkz73.default\Mail\Local Folders\Junk.msf Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Thunderbird\Profiles\r28lkz73.default\Mail\Local Folders\Templates.msf Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Thunderbird\Profiles\r28lkz73.default\panacea.dat Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Application Data\Thunderbird\Profiles\r28lkz73.default\parent.lock Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Application Data\Mozilla\Firefox\Profiles\kzil65vp.Default User\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Temp\~DF138D.tmp Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Temp\~DF1E4A.tmp Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Colm Sharkey\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Colm Sharkey\ntuser.dat Object is locked skipped
C:\Documents and Settings\Colm Sharkey\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\KService\data\error.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{83767DCC-0C7A-4321-808C-10CE6692115E}\RP386\A0034768.exe Infected: Trojan-Clicker.Win32.Delf.hd skipped
C:\System Volume Information\_restore{83767DCC-0C7A-4321-808C-10CE6692115E}\RP386\A0034769.exe Infected: Trojan-Clicker.Win32.Delf.hd skipped
C:\System Volume Information\_restore{83767DCC-0C7A-4321-808C-10CE6692115E}\RP388\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngenrootstorelock.dat Object is locked skipped
C:\WINDOWS\Microsoft.NET\ngenservice_pri3_lock.dat Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Colm\EXE files\exe 2\win avi& rar\WinRAR.v3.41.Final.Incl.Working.Key.rar/wrar341.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped
E:\Colm\EXE files\exe 2\win avi& rar\WinRAR.v3.41.Final.Incl.Working.Key.rar RAR: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{83767DCC-0C7A-4321-808C-10CE6692115E}\RP388\change.log Object is locked skipped
P:\Acronis Back Ups\Colm\EXE files\exe 2\win avi& rar\WinRAR.v3.41.Final.Incl.Working.Key.rar/wrar341.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped
P:\Acronis Back Ups\Colm\EXE files\exe 2\win avi& rar\WinRAR.v3.41.Final.Incl.Working.Key.rar RAR: infected - 1 skipped
P:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\System Volume Information\_restore{83767DCC-0C7A-4321-808C-10CE6692115E}\RP388\change.log Object is locked skipped
Scan process completed.
================================================
Deckard's System Scanner v20070611.50
Run by Colm Sharkey on 2007-07-04 at 23:16:23
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
44: 2007-07-04 22:16:30 UTC - RP389 - Deckard's System Scanner Restore Point
43: 2007-07-04 09:20:59 UTC - RP388 - Software Distribution Service 3.0
42: 2007-07-03 22:28:58 UTC - RP387 - System Checkpoint
41: 2007-07-02 21:28:58 UTC - RP386 - System Checkpoint
40: 2007-07-01 21:12:03 UTC - RP385 - System Checkpoint
-- First Restore Point --
1: 2007-06-03 02:01:25 UTC - RP346 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Colm Sharkey.exe)
Logfile of HijackThis v1.99.1
Scan saved at 23:17:33, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\KService\KService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Downloads\dss.exe
C:\PROGRA~1\HJACKT~1\Colm Sharkey.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TEXTHE~3.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
-- HijackThis Fixed Entries (C:\PROGRA~1\HJACKT~1\backups\)
backup-20070502-165833-420 O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
backup-20070704-201700-773 O2 - BHO: (no name) - {E6280729-9251-41D7-BC1C-572C9548C962} - C:\WINDOWS\system32\HPI4.dll (file missing)
-- File Associations
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R3 Cap7134 (Philips Cap7134 Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 PhTVTune (Philips WDM TVTuner) - c:\windows\system32\drivers\phtvtune.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - c:\windows\system32\drivers\bvrpmpr5.sys <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows>
S3 usbsermptxp (Motorola USB Modem Driver for MPT XP) - c:\windows\system32\drivers\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 KService - "c:\program files\kservice\kservice.exe" <Not Verified; Kontiki Inc.; Delivery Manager>
-- Scheduled Tasks
2007-07-04 20:05:28 330 --ah
C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-06-28 16:43:00 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-06-04 and 2007-07-04
2007-07-04 20:31:16 0 d
C:\WINDOWS\system32\Kaspersky Lab
2007-07-04 20:31:15 0 d
C:\WINDOWS\LastGood
2007-07-03 20:09:21 0 d
C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-03 18:47:31 0 d
C:\WINDOWS\system32\Panda Software
2007-06-30 15:00:55 0 d
C:\Program Files\AVI MPEG Splitter
2007-06-30 14:59:56 0 d
C:\Program Files\AVI MPEG RM WMV Joiner
2007-06-26 23:57:06 0 d--hs---- C:\found.000
2007-06-26 23:14:54 0 d
C:\D2
2007-06-23 11:18:17 0 d
C:\Program Files\DVD Decrypter
2007-06-21 19:26:36 0 d
C:\Program Files\iPod
2007-06-21 19:26:21 0 d
C:\Program Files\iTunes
2007-06-18 22:21:36 0 d
C:\WINDOWS\EFE9ACA6605640CD83250E0BE2CB622B.TMP
2007-06-18 22:00:11 0 d
C:\Program Files\DustBuster XP
2007-06-15 12:03:23 0 d
C:\Documents and Settings\All Users\Application Data\Acronis
2007-06-15 11:58:52 0 d
C:\Program Files\Common Files\Acronis
2007-06-15 11:58:52 0 d
C:\Program Files\Acronis
2007-06-14 22:01:50 0 d
C:\Program Files\Runtime Software
2007-06-14 21:57:18 299520 --a
C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-06-11 19:46:49 8405015 --a
C:\WINDOWS\TempFile
2007-06-11 19:43:16 6656 --a
C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2007-06-11 19:43:16 383 --a
C:\WINDOWS\system32\haspdos.sys
2007-06-11 19:43:16 47616 --a
C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
2007-06-11 19:26:54 0 d
C:\Documents and Settings\Colm Sharkey\Application Data\Bruel and Kjaer
2007-06-11 19:23:08 0 d
C:\Program Files\Common Files\Bruel and Kjaer
2007-06-11 19:23:07 0 d
C:\Program Files\Bruel and Kjaer
2007-06-11 19:23:07 0 d
C:\Documents and Settings\All Users\Application Data\Bruel and Kjaer
2007-06-10 22:45:25 0 d
C:\Program Files\PowerQuest
2007-06-07 20:29:28 0 d
C:\Program Files\QuickTime
2007-06-04 22:20:00 719872 --a
C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-06-04 22:20:00 314368 --a
C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-06-04 22:19:58 0 d
C:\Program Files\Magic Video Converter
-- Find3M Report
2007-07-04 23:17:27 0 d
C:\Program Files\Hjack This
2007-07-04 11:44:09 37268 --a
C:\Documents and Settings\Colm Sharkey\Application Data\wklnhst.dat
2007-07-03 19:24:33 0 d
C:\Program Files\Windows Defender
2007-07-03 19:18:27 0 d
C:\Program Files\KService
2007-07-03 19:15:25 0 d
C:\Program Files\Common Files\Autodesk Shared
2007-07-03 19:14:30 0 d
C:\Program Files\AutoCAD 2005
2007-07-03 18:47:33 8030 --a
C:\WINDOWS\mozver.dat
2007-06-28 09:59:21 2560 --a
C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-06-21 19:28:50 0 d
C:\Program Files\DivX
2007-06-10 22:45:51 0 d--h
C:\Program Files\InstallShield Installation Information
2007-06-01 19:24:50 0 d
C:\Program Files\Mozilla Thunderbird
2007-05-31 07:44:55 823296 --a
C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 07:44:54 802816 --a
C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-31 07:44:54 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-31 07:44:54 740442 --a
C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-25 10:00:48 0 d
C:\Program Files\Common Files\InstallShield
2007-05-20 11:38:03 0 d
C:\Program Files\CA
2007-05-18 17:58:08 0 d
C:\Program Files\LimeWire
2007-05-18 17:01:25 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2007-05-14 23:41:14 0 d
C:\Program Files\BitTorrent_DNA
2007-05-14 23:40:56 0 d
C:\Program Files\BitTorrent
2007-05-12 20:28:20 0 d
C:\Documents and Settings\Colm Sharkey\Application Data\U3
2007-05-11 19:03:20 0 d
C:\Program Files\BitComet
2007-05-11 02:15:39 0 d
C:\Program Files\Common Files\{342988A4-08A2-2057-1029-04030504002c}
2007-05-07 21:46:53 0 d
C:\Documents and Settings\Colm Sharkey\Application Data\BitTorrent
2007-05-05 00:11:55 205824 --a
C:\WINDOWS\system32\iehelper3.dll
2007-04-23 01:15:29 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 01:02:34 196608 --a
C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-04-23 01:02:34 73728 --a
C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-04-23 01:01:47 12288 --a
C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{060235DC-6D84-47BD-95D7-A4EF5099A59D} C:\PROGRA~1\TEXTHE~1\READAN~1\TEXTHE~3.DLL
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
{49E0E0F0-5C30-11D4-945D-000000000000} C:\WINDOWS\system32\iehelper3.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0relog_ap\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"="ALCXMNTR.EXE"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"EPSON Stylus Photo R240 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAHE.EXE /P30 \"EPSON Stylus Photo R240 Series\" /O6 \"USB001\" /M \"Stylus Photo R240\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
"backup"="C:\\WINDOWS\\pss\\AutoCAD Startup Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\AUTODE~1\\ACSTAR~1.EXE "
"item"="AutoCAD Startup Accelerator"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\palmOne\\Hotsync.exe -logon"
"item"="HotSync Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk]
"backup"="C:\\WINDOWS\\pss\\TV Remote Control.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\TEVION~1\\TV713X~1\\P3XRCtl.exe "
"item"="TV Remote Control"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colm Sharkey^Start Menu^Programs^Startup^palmOne Registration.lnk]
"backup"="C:\\WINDOWS\\pss\\palmOne Registration.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\palmOne\\register.exe /remind /language=EN /PRNM=\"palmOne\""
"item"="palmOne Registration"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SetHook"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Scheduled"
"hkey"="HKLM"
"command"="C:\\Program Files\\Tevion multimedia\\PVR Plus\\TVR\\Scheduled.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of Deckard's System Scanner: finished at 2007-07-04 at 23:19:56
=========================================================
THE DSS EXTRA LOG
Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 511.48 MiB / 249.35 MiB
Pagefile Memory (total/avail): 1248.88 MiB / 981.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.3 MiB
C: is Fixed (NTFS) - 49.68 GiB total, 25.03 GiB free.
E: is Fixed (NTFS) - 99.37 GiB total, 76.34 GiB free.
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)
N: is CDROM (No Media)
O: is CDROM (No Media)
P: is Fixed (NTFS) - 465.76 GiB total, 286.51 GiB free.
-- Security Center
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: CA Anti-Virus v8.4.0.24 (CA, Inc.)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Colm Sharkey\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COLM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Colm Sharkey
LOGONSERVER=\\COLM
MIGO_DRIVE=Q
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COLMSH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COLMSH~1\LOCALS~1\Temp
USERDOMAIN=COLM
USERNAME=Colm Sharkey
USERPROFILE=C:\Documents and Settings\Colm Sharkey
windir=C:\WINDOWS
-- User Profiles
Colm Sharkey (admin)
Hilary (admin)
-- Add/Remove Programs
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Able2Extract v4.0 --> C:\Program Files\Investintech.com Inc\Able2Extract 4.0\Uninstal.exe
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
Agere Systems PCI Soft Modem --> agrsmdel
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AutoCAD 2005 - English --> MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVI & MPEG Splitter 1.48 --> "C:\Program Files\AVI MPEG Splitter\unins000.exe"
AVI/MPEG/RM/WMV Joiner 4.11 --> "C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
Bink and Smacker --> C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
BitComet 0.90 --> C:\Program Files\BitComet\uninst.exe
Blaze Media Pro --> "C:\Documents and Settings\Colm Sharkey\Application Data\{FBDA53F5-763E-4114-A576-612E9769C133}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
CA Anti-Virus --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=av
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Concise Oxford English Dictionary (Eleventh Edition) --> C:\Program Files\COED11\Uninstal.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
djDecks (remove only) --> "C:\Program Files\djDecks\uninstall.exe"
Documents To Go --> MsiExec.exe /X{BDFE199D-E889-4BB6-BECB-C4BDF5700849}
DustBuster XP --> MsiExec.exe /I{7BEF8E43-094D-4C07-9684-EAEBE79BFA04}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Easy Video Joiner 5.21 --> "C:\Program Files\Easy Video Joiner\unins000.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
GetDataBack for NTFS --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Runtime Software\GetDataBack for NTFS\DeIsL1.isu" -c"C:\Program Files\Runtime Software\GetDataBack for NTFS\_ISREG32.DLL"
getPlus(R)_dll --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
HijackThis 1.99.1 --> C:\DOCUME~1\COLMSH~1\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
InterVideo MP3 XPack --> "C:\Program Files\InstallShield Installation Information\{99755640-9633-11D5-AB3C-0050DAB311CC}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 1.53 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
LimeWire PRO 4.9.20 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Magic Video Converter Trial Version (English) 8.0.2.18 --> "C:\Program Files\Magic Video Converter\unins000.exe"
MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
MediaFACE 4.01 Image Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{82AF77BC-423D-42DA-BE5B-FFCA04752181} /l1033
MemoriesOnTV 3.0.2 --> "D:\Program Files\MemoriesOnTV3\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Standard 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Microsoft Works 2004 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP N:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.1) --> C:\PROGRA~1\MOZILL~1\uninstall\uninst.exe
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.2) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.2 (en)"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
palmOne --> MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
PConPoint v3.5 --> "C:\Program Files\PConPoint\unins000.exe"
Philips TeleText --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70FDCCEE-E169-47DB-9D2A-2EF70377910E}\Setup.exe" -l0x9 -uninst
Philips TV713X WDM Drivers --> C:\WINDOWS\p3xunist.exe
PowerDESIGNS --> MsiExec.exe /I{7271B9EF-0737-4FDA-93CA-D0C9B8C7653E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PVR Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Read And Write 8.1 Demo --> MsiExec.exe /I{EFE9ACA6-6056-40CD-8325-0E0BE2CB622B}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tevion TV713X Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{477AB148-138C-46D2-820B-0DBFA744CEE8}\Setup.exe" -l0x9 -uninst
Type 2250 SDK --> MsiExec.exe /I{EE0AB47D-EB74-4895-89E9-58C307756FE6}
Win2PDF 3.10 --> "C:\WINDOWS\system32\spool\drivers\w32x86\3\Win2PDF\unins000.exe"
WinAVI VideoConverter --> "d:\Program Files\WinAVI VideoConverter\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xbox Backup Creator --> MsiExec.exe /X{C8DC2C30-0657-4E7F-96F2-047BD3D10743}
-- End of Deckard's System Scanner: finished at 2007-07-04 at 23:19:56
Thanks Coll
Please let me know if you are using CA Internet Security Suite
(CA Internet Security Suite includes:Personal Firewall)
Please do the following...
Step 1: Run AVG Anti-Spyware
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine[/color] (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Step 2: Download and Run ComboFixIMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Finally, please post AVG Anti-Spyware Report , Combofix.txt.
I am useing securty centre V 3.2.1.14:smiles:
I will start working on your latest instructions
Thanks
Coll
when I ran the AVG scan I accidently deleted them instead of "set all elements to quarantine". also it would not allow me to save report. Sorry. ther is the combofix log.
"Colm Sharkey" - 2007-07-05 15:09:29 - ComboFix 07-07-04.4 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\COLMSH~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\M32CD55M\www.broadcaster.com
C:\DOCUME~1\COLMSH~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\COLMSH~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\{34298~1
C:\Program Files\Common Files\{84298~1
C:\Program Files\Common Files\{84298~2
((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))
2007-07-05 15:08 51,200 --a
C:\WINDOWS\nircmd.exe
2007-07-05 14:28 630,200 --a
C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-05 14:28 108,392 --a
C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-04 23:26 <DIR> d
C:\WINDOWS\Internet Logs
2007-07-04 23:16 5,013,504 --a
C:\DOCUME~1\COLMSH~1\ntuser.dat
2007-07-04 23:16 <DIR> d
C:\Deckard
2007-07-04 20:31 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2007-07-03 18:47 <DIR> d
C:\WINDOWS\system32\Panda Software
2007-06-30 15:00 <DIR> d
C:\Program Files\AVI MPEG Splitter
2007-06-30 14:59 <DIR> d
C:\Program Files\AVI MPEG RM WMV Joiner
2007-06-26 23:57 <DIR> d--hs---- C:\found.000
2007-06-26 23:14 <DIR> d
C:\D2
2007-06-23 11:18 <DIR> d
C:\Program Files\DVD Decrypter
2007-06-21 19:26 <DIR> d
C:\Program Files\iTunes
2007-06-21 19:26 <DIR> d
C:\Program Files\iPod
2007-06-18 22:21 <DIR> d
C:\WINDOWS\EFE9ACA6605640CD83250E0BE2CB622B.TMP
2007-06-18 22:00 <DIR> d
C:\Program Files\DustBuster XP
2007-06-15 12:03 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
2007-06-15 11:59 395,744 --a
C:\WINDOWS\system32\drivers\timntr.sys
2007-06-15 11:59 39,264 --a
C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-06-15 11:59 114,048 --a
C:\WINDOWS\system32\drivers\snapman.sys
2007-06-15 11:58 <DIR> d
C:\Program Files\Common Files\Acronis
2007-06-15 11:58 <DIR> d
C:\Program Files\Acronis
2007-06-14 22:01 <DIR> d
C:\Program Files\Runtime Software
2007-06-14 21:57 299,520 --a
C:\WINDOWS\uninst.exe
2007-06-11 19:43 685,056 --a
C:\WINDOWS\system32\drivers\hardlock.sys
2007-06-11 19:43 6,656 --a
C:\WINDOWS\system32\haspvdd.dll
2007-06-11 19:43 47,616 --a
C:\WINDOWS\system32\drivers\Haspnt.sys
2007-06-11 19:43 383 --a
C:\WINDOWS\system32\haspdos.sys
2007-06-11 19:26 <DIR> d
C:\DOCUME~1\COLMSH~1\APPLIC~1\Bruel and Kjaer
2007-06-11 19:23 <DIR> d
C:\Program Files\Common Files\Bruel and Kjaer
2007-06-11 19:23 <DIR> d
C:\Program Files\Bruel and Kjaer
2007-06-11 19:23 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bruel and Kjaer
2007-06-10 22:45 <DIR> d
C:\Program Files\PowerQuest
2007-06-07 20:29 <DIR> d
C:\Program Files\QuickTime
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-05 13:45:05
d
w C:\Program Files\Mozilla Thunderbird
2007-07-04 22:17:27
d
w C:\Program Files\Hjack This
2007-07-04 10:44:09 37,268 ----a-w C:\DOCUME~1\COLMSH~1\APPLIC~1\wklnhst.dat
2007-07-03 18:24:33
d
w C:\Program Files\Windows Defender
2007-07-03 18:18:27
d
w C:\Program Files\KService
2007-07-03 18:15:25
d
w C:\Program Files\Common Files\Autodesk Shared
2007-07-03 18:14:30
d
w C:\Program Files\AutoCAD 2005
2007-07-03 17:47:33 8,030 ----a-w C:\WINDOWS\mozver.dat
2007-06-28 21:55:56 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-28 08:59:21 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-06-21 18:28:50
d
w C:\Program Files\DivX
2007-06-10 22:56:42
d
w C:\Program Files\Magic Video Converter
2007-06-10 21:45:51
d--h--w C:\Program Files\InstallShield Installation Information
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-25 09:00:48
d
w C:\Program Files\Common Files\InstallShield
2007-05-20 10:38:03
d
w C:\Program Files\CA
2007-05-18 16:58:08
d
w C:\Program Files\LimeWire
2007-05-18 16:01:25
d
w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 22:41:14
d
w C:\Program Files\BitTorrent_DNA
2007-05-14 22:40:56
d
w C:\Program Files\BitTorrent
2007-05-12 19:28:20
d
w C:\DOCUME~1\COLMSH~1\APPLIC~1\U3
2007-05-11 18:03:20
d
w C:\Program Files\BitComet
2007-05-07 20:46:53
d
w C:\DOCUME~1\COLMSH~1\APPLIC~1\BitTorrent
2007-05-04 23:11:55 205,824 ----a-w C:\WINDOWS\system32\iehelper3.dll
2007-04-30 09:37:46 75,280 ----a-w C:\WINDOWS\system32\isafprod.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 10:36:06 99,904 ----a-w C:\WINDOWS\system32\isafeif.dll
2007-04-23 10:36:06 79,424 ----a-w C:\WINDOWS\system32\vetredir.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060235DC-6D84-47BD-95D7-A4EF5099A59D}]
2005-12-14 11:22 40960 --a
C:\PROGRA~1\TEXTHE~1\READAN~1\TEXTHE~3.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-06-14 14:07 443968 --a
C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000000}]
2007-05-05 00:11 205824 --a
C:\WINDOWS\system32\iehelper3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-04-30 10:36]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-14 20:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 21:12]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 21:17]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 21:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2006-08-07 14:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-02-13 10:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-03 20:08]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk]
backup=C:\WINDOWS\pss\TV Remote Control.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colm Sharkey^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
C:\Program Files\Tevion multimedia\PVR Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"=ALCXMNTR.EXE
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"EPSON Stylus Photo R240 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
Contents of the 'Scheduled Tasks' folder
2007-06-28 15:43:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-05 13:23:29 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 15:11:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-05 15:12:02
C:\ComboFix-quarantined-files.txt ... 2007-07-05 15:11
--- E O F ---
your problems with ZoneAlarm.......
Please try one of these
Agnitum
Sunbelt/Kerio
Comodo
Please do the following...
Step 1: Remove bad HijackThis entries
- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
Step 2: COMBOFIX-DOO2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll
Save this as ComboFix-Do.txt
Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
ther is the logs you ask me to post
"Colm Sharkey" - 2007-07-05 20:42:40 - ComboFix 07-07-04.4 - Service Pack 2
Command switches used :: C:\Documents and Settings\Colm Sharkey\Desktop\Downloads\ComboFix-Do.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\EFE9ACA6605640CD83250E0BE2CB622B.TMP
((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))
2007-07-05 18:05 <DIR> d
C:\DOCUME~1\COLMSH~1\APPLIC~1\Comodo
2007-07-05 18:05 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-05 18:02 <DIR> d
C:\Program Files\Comodo
2007-07-05 15:08 51,200 --a
C:\WINDOWS\nircmd.exe
2007-07-05 14:28 630,200 --a
C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-05 14:28 108,392 --a
C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-04 23:26 <DIR> d
C:\WINDOWS\Internet Logs
2007-07-04 23:16 5,767,168 --a
C:\DOCUME~1\COLMSH~1\ntuser.dat
2007-07-04 23:16 <DIR> d
C:\Deckard
2007-07-04 20:31 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2007-07-03 18:47 <DIR> d
C:\WINDOWS\system32\Panda Software
2007-06-30 15:00 <DIR> d
C:\Program Files\AVI MPEG Splitter
2007-06-30 14:59 <DIR> d
C:\Program Files\AVI MPEG RM WMV Joiner
2007-06-26 23:57 <DIR> d--hs---- C:\found.000
2007-06-26 23:14 <DIR> d
C:\D2
2007-06-23 11:18 <DIR> d
C:\Program Files\DVD Decrypter
2007-06-21 19:26 <DIR> d
C:\Program Files\iTunes
2007-06-21 19:26 <DIR> d
C:\Program Files\iPod
2007-06-18 22:00 <DIR> d
C:\Program Files\DustBuster XP
2007-06-15 12:03 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
2007-06-15 11:59 395,744 --a
C:\WINDOWS\system32\drivers\timntr.sys
2007-06-15 11:59 39,264 --a
C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-06-15 11:59 114,048 --a
C:\WINDOWS\system32\drivers\snapman.sys
2007-06-15 11:58 <DIR> d
C:\Program Files\Common Files\Acronis
2007-06-15 11:58 <DIR> d
C:\Program Files\Acronis
2007-06-14 22:01 <DIR> d
C:\Program Files\Runtime Software
2007-06-14 21:57 299,520 --a
C:\WINDOWS\uninst.exe
2007-06-11 19:43 685,056 --a
C:\WINDOWS\system32\drivers\hardlock.sys
2007-06-11 19:43 6,656 --a
C:\WINDOWS\system32\haspvdd.dll
2007-06-11 19:43 47,616 --a
C:\WINDOWS\system32\drivers\Haspnt.sys
2007-06-11 19:43 383 --a
C:\WINDOWS\system32\haspdos.sys
2007-06-11 19:26 <DIR> d
C:\DOCUME~1\COLMSH~1\APPLIC~1\Bruel and Kjaer
2007-06-11 19:23 <DIR> d
C:\Program Files\Common Files\Bruel and Kjaer
2007-06-11 19:23 <DIR> d
C:\Program Files\Bruel and Kjaer
2007-06-11 19:23 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bruel and Kjaer
2007-06-10 22:45 <DIR> d
C:\Program Files\PowerQuest
2007-06-07 20:29 <DIR> d
C:\Program Files\QuickTime
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-05 17:12:20
d
w C:\Program Files\Hjack This
2007-07-05 13:45:05
d
w C:\Program Files\Mozilla Thunderbird
2007-07-04 10:44:09 37,268 ----a-w C:\DOCUME~1\COLMSH~1\APPLIC~1\wklnhst.dat
2007-07-03 18:24:33
d
w C:\Program Files\Windows Defender
2007-07-03 18:18:27
d
w C:\Program Files\KService
2007-07-03 18:15:25
d
w C:\Program Files\Common Files\Autodesk Shared
2007-07-03 18:14:30
d
w C:\Program Files\AutoCAD 2005
2007-07-03 17:47:33 8,030 ----a-w C:\WINDOWS\mozver.dat
2007-06-28 21:55:56 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-28 08:59:21 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-06-21 18:28:50
d
w C:\Program Files\DivX
2007-06-10 22:56:42
d
w C:\Program Files\Magic Video Converter
2007-06-10 21:45:51
d--h--w C:\Program Files\InstallShield Installation Information
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-25 09:00:48
d
w C:\Program Files\Common Files\InstallShield
2007-05-20 10:38:03
d
w C:\Program Files\CA
2007-05-18 16:58:08
d
w C:\Program Files\LimeWire
2007-05-18 16:01:25
d
w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 22:41:14
d
w C:\Program Files\BitTorrent_DNA
2007-05-14 22:40:56
d
w C:\Program Files\BitTorrent
2007-05-12 19:28:20
d
w C:\DOCUME~1\COLMSH~1\APPLIC~1\U3
2007-05-11 18:03:20
d
w C:\Program Files\BitComet
2007-05-07 20:46:53
d
w C:\DOCUME~1\COLMSH~1\APPLIC~1\BitTorrent
2007-04-30 09:37:46 75,280 ----a-w C:\WINDOWS\system32\isafprod.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 10:36:06 99,904 ----a-w C:\WINDOWS\system32\isafeif.dll
2007-04-23 10:36:06 79,424 ----a-w C:\WINDOWS\system32\vetredir.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060235DC-6D84-47BD-95D7-A4EF5099A59D}]
2005-12-14 11:22 40960 --a
C:\PROGRA~1\TEXTHE~1\READAN~1\TEXTHE~3.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
2007-06-14 14:07 443968 --a
C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-04-30 10:36]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-14 20:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 21:12]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 21:17]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 21:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-05 18:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2006-08-07 14:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-02-13 10:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-03 20:08]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk]
backup=C:\WINDOWS\pss\TV Remote Control.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colm Sharkey^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
C:\Program Files\Tevion multimedia\PVR Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"=ALCXMNTR.EXE
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"EPSON Stylus Photo R240 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
*Newly Created Service* - CMDAGENT
*Newly Created Service* - CMDMON
*Newly Created Service* - INSPECT
Contents of the 'Scheduled Tasks' folder
2007-07-05 15:43:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-05 17:07:42 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 20:44:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-05 20:44:59
C:\ComboFix-quarantined-files.txt ... 2007-07-05 20:44
C:\ComboFix2.txt ... 2007-07-05 15:12
--- E O F ---
======================================================
Logfile of HijackThis v1.99.1
Scan saved at 20:48:36, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hjack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TEXTHE~3.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
excellent Work
Your comp looks clean.
we have two things to do
Lets start with this:
Step 1:Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
Turn off System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Check Turn off System Restore
Click Apply, and then click OK
Reboot.
Turn on System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Uncheck Turn off System Restore
Click Apply, and then click OK
NOTE: only do this ONCE, NOT on a regular basis!
Step 2 :Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:Virus, Spyware, and Malware Protection and Removal Resources
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Here are some additional utilities that will enhance your safety
- IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
- Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!Using Winpatrol to protect your computer from malicious software
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
Happy surfing and stay clean!
excellent thank you very much