Options

help with trojan.dialer.premium

Unknown
edited October 2006 in Spyware & Virus Removal
hello guys hope some one can help me been trying to remove this dialer. what i have done to remove it is down loaded sysdump,Atf-cleaner,killbox,cleanup,combofix ,also downloaed hijackthis. I will post the logs from hijackthis and combofix. I tryed to run everything in safe mode as well. here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:08, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv2K.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5556EFF5-CF91-ED9D-CA2D-09562C546C18} - C:\WINDOWS\system32\yefjsd.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: ["C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup] "C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Load.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O16 - DPF: wcloader_cab - http://download.paltalk.com/wcloader/wcloader.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153442500828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153442493859
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe


here is the combofix log:

Administrator - 06-10-06 10:24:07.73 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))


2006-10-05 22:53 24,576 --a
C:\WINDOWS\system32\StkSrv2k.exe
2006-10-05 22:49 94,132 --a
C:\WINDOWS\system32\drivers\usbVM31b.sys
2006-10-05 22:49 61,440 --a
C:\WINDOWS\system32\VM31bSTI.dll
2006-10-05 22:49 53,248 --a
C:\WINDOWS\StillCap.exe
2006-10-05 22:49 49,152 --a
C:\WINDOWS\amcap.exe
2006-10-05 22:49 45,056 --a
C:\WINDOWS\system32\camprp.dll
2006-10-05 22:49 40,960 --a
C:\WINDOWS\Vm_sti.exe
2006-10-05 22:49 307,200 --a
C:\WINDOWS\vidcap32.Exe
2006-10-05 22:49 147,456 --a
C:\WINDOWS\VMCap.exe
2006-10-05 22:49 111,304 --a
C:\WINDOWS\system32\drivers\usbcam.sys
2006-10-05 21:19 0 ---hs---- C:\WINDOWS\system32\gebbyvu.dll
2006-10-05 15:49 51,072 --a
C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-05 15:49 30,592 --a
C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-05 15:12 28,966 --a
C:\Undo DAMIAN-B0A476A7 20061005 151257.Reg
2006-10-05 13:46 93,696 --a
C:\WINDOWS\system32\yfaijnf.dll
2006-10-05 13:46 72,704 --a
C:\WINDOWS\system32\yefjsd.dll
2006-10-05 13:46 18,432 --a
C:\WINDOWS\system32\winzzc32.dll
2006-10-05 09:24 55,888 --a
C:\WINDOWS\system32\drivers\Teefer.sys
2006-10-05 09:24 18,515 --a
C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-10-05 09:24 11,914 --a
C:\WINDOWS\system32\drivers\wg3n.sys
2006-10-04 23:41 29,306 --a
C:\Undo DAMIAN-B0A476A7 20061004 234115.Reg
2006-10-03 23:45 72,466 --a
C:\Undo DAMIAN-B0A476A7 20061003 234534.Reg
2006-10-03 18:15 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-03 18:03 610,304 --a
C:\WINDOWS\system32\eraser.dll
2006-10-03 18:03 282,624 --a
C:\WINDOWS\system32\erasext.dll
2006-10-03 18:03 233,472 --a
C:\WINDOWS\system32\eraserl.exe
2006-10-02 07:12 73,728 --a
C:\WINDOWS\system32\CavEmLSP.dll
2006-10-02 07:11 55,424 --a
C:\WINDOWS\system32\drivers\cavasm.sys
2006-10-02 02:07 77,824 --a
C:\WINDOWS\system32\LLClientMiddleWare3.dll
2006-10-02 02:07 40,960 --a
C:\WINDOWS\system32\coreEncryptDecrypt.dll
2006-10-02 02:07 40,448 --a
C:\WINDOWS\system32\regobj.dll
2006-10-02 02:07 36,864 --a
C:\WINDOWS\system32\LLInstances3.dll
2006-10-02 02:07 32,768 --a
C:\WINDOWS\system32\XLLDFRequest3.dll
2006-10-02 02:07 32,768 --a
C:\WINDOWS\system32\LLClasses3.dll
2006-10-02 02:07 28,672 --a
C:\WINDOWS\system32\setupEncryptDecrypt.dll
2006-10-02 02:07 24,576 --a
C:\WINDOWS\system32\GUID.dll
2006-10-02 02:07 151,552 --a
C:\WINDOWS\system32\LLHttpsUpload2.dll
2006-10-01 15:05 499,712 --a
C:\WINDOWS\system32\msvcp71.dll
2006-10-01 02:30 69,668 --a
C:\Undo DAMIAN-B0A476A7 20061001 023041.Reg
2006-09-27 22:20 69,632 --a
C:\WINDOWS\system32\lfgif13n.dll
2006-09-27 22:20 57,344 --a
C:\WINDOWS\system32\lfbmp13n.dll
2006-09-27 22:20 462,848 --a
C:\WINDOWS\system32\ltkrn13n.dll
2006-09-27 22:20 450,560 --a
C:\WINDOWS\system32\ltimg13n.dll
2006-09-27 22:20 401,408 --a
C:\WINDOWS\system32\lfcmp13n.dll
2006-09-27 22:20 299,008 --a
C:\WINDOWS\system32\ltdis13n.dll
2006-09-27 22:20 206,336 --a
C:\WINDOWS\system32\ltefx13n.dll
2006-09-27 22:20 163,840 --a
C:\WINDOWS\system32\ltfil13n.dll
2006-09-25 00:48 413,760 --a
C:\WINDOWS\system32\MPG4c32.dll
2006-09-25 00:48 1,700,352 --a
C:\WINDOWS\system32\gdiplus.dll
2006-09-24 19:23 302,592 --a
C:\WINDOWS\mauninst.exe
2006-09-24 18:43 200,704 C:\WINDOWS\system32Serif MediaPlus.scr
2006-09-24 18:31 63,488 --a
C:\WINDOWS\system32\unam4ie.exe
2006-09-24 18:31 4,608 --a
C:\WINDOWS\system32\w95inf32.dll
2006-09-24 18:31 38,160 --a
C:\WINDOWS\system32\LMRTREND.dll
2006-09-24 18:31 21,008
C:\WINDOWS\system32\CTL3D.DLL
2006-09-24 18:31 2,272 --a
C:\WINDOWS\system32\w95inf16.dll
2006-09-24 18:31 194,320 --a
C:\WINDOWS\system32\qcut.dll
2006-09-24 18:31 182,032 --a
C:\WINDOWS\system32\dxtmsft3.dll
2006-09-24 18:31 10,240 --a
C:\WINDOWS\system32\vidx16.dll
2006-09-23 00:55 87,040 --a
C:\WINDOWS\system32\wiafbdrv.dll
2006-09-23 00:55 32,768 --a
C:\WINDOWS\system32\hpgtmcro.dll
2006-09-23 00:55 15,104 --a
C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-23 00:55 126,976 --a
C:\WINDOWS\system32\hpgt34tk.dll
2006-09-23 00:55 101,376 --a
C:\WINDOWS\system32\hpgt34.dll
2006-09-20 01:20 423,784 --a
C:\WINDOWS\system32\XceedBkp.dll
2006-09-17 22:55 92,160 --a
C:\WINDOWS\system32\evntwin.exe
2006-09-17 22:55 8,704 --a
C:\WINDOWS\system32\snmptrap.exe
2006-09-17 22:55 6,144 --a
C:\WINDOWS\system32\snmpmib.dll
2006-09-17 22:55 39,936 --a
C:\WINDOWS\system32\hostmib.dll
2006-09-17 22:55 33,792 --a
C:\WINDOWS\system32\lmmib2.dll
2006-09-17 22:55 32,768 --a
C:\WINDOWS\system32\snmp.exe
2006-09-17 22:55 24,064 --a
C:\WINDOWS\system32\evntcmd.exe
2006-09-17 22:55 22,528 --a
C:\WINDOWS\system32\lpdsvc.dll
2006-09-17 22:55 18,944 --a
C:\WINDOWS\system32\lprmon.dll
2006-09-17 22:55 101,888 --a
C:\WINDOWS\system32\evntagnt.dll
2006-09-15 14:46 47,360 --a
C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-14 10:34 48,424 --a
C:\WINDOWS\system32\sirenacm.dll
2006-09-12 17:28 856,064 --a
C:\WINDOWS\system32\xvidcore.dll
2006-09-12 17:28 77,824 --a
C:\WINDOWS\system32\mplaw7.dll
2006-09-12 17:28 77,824 --a
C:\WINDOWS\system32\mplaa6.dll
2006-09-12 17:28 65,536 --a
C:\WINDOWS\system32\mplapx.dll
2006-09-12 17:28 65,536 --a
C:\WINDOWS\system32\mplam6.dll
2006-09-12 17:28 630,784 --a
C:\WINDOWS\system32\vp7vfw.dll
2006-09-12 17:28 594,450 --a
C:\WINDOWS\system32\x264vfw.dll
2006-09-12 17:28 438,272 --a
C:\WINDOWS\system32\vp6vfw.dll
2006-09-12 17:28 39,936 --a
C:\WINDOWS\system32\huffyuv.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\yv12vfw.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\xvidvfw.dll
2006-09-12 17:28 217,088 --a
C:\WINDOWS\system32\i420vfw.dll
2006-09-12 17:28 200,704 --a
C:\WINDOWS\system32\ssldivx.dll
2006-09-12 17:28 144,384 --a
C:\WINDOWS\system32\Iacenc.dll
2006-09-12 17:28 1,415,680 --a
C:\WINDOWS\system32\WMV9VCM.dll
2006-09-12 17:27 90,112 --a
C:\WINDOWS\system32\dpl100.dll
2006-09-12 17:27 620,180 --a
C:\WINDOWS\system32\divx.dll
2006-09-12 17:27 348,160 --a
C:\WINDOWS\system32\msvcr71.dll
2006-09-12 17:27 3,596,288 --a
C:\WINDOWS\system32\qt-dx331.dll
2006-09-12 17:27 200,704 --a
C:\WINDOWS\system32\dtu100.dll
2006-09-12 17:27 19,968 --a
C:\WINDOWS\system32\cpuinf32.dll
2006-09-12 17:27 1,044,480 --a
C:\WINDOWS\system32\libdivx.dll
2006-09-10 15:07 98,304 --a
C:\WINDOWS\system32\asrupdate.exe
2006-09-06 22:25 104,221 C:\WINDOWSRapishare Free Account Check Uninstaller.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-06 08:53
d
C:\Documents and Settings\Administrator\Application Data\Ahead
2006-10-06 08:52
d
C:\Program Files\Common Files\Ahead
2006-10-06 08:33
d
C:\Program Files\Eraser
2006-10-05 22:54
d
C:\Program Files\videoview
2006-10-05 22:49
d--h
C:\Program Files\InstallShield Installation Information
2006-10-05 22:49
d
C:\Program Files\ZSMC
2006-10-05 22:49
d
C:\Program Files\Vimicro
2006-10-05 21:54
d
C:\Program Files\Common Files
2006-10-05 21:31
d
C:\Documents and Settings\Administrator\Application Data\BullGuard
2006-10-05 19:12
d
C:\Program Files\Advanced Spyware Remover
2006-10-05 19:07
d
C:\Program Files\Spyware Doctor
2006-10-05 18:13
d
C:\Program Files\RegToy
2006-10-05 15:21
d
C:\Documents and Settings\Administrator\Application Data\PC Tools
2006-10-05 15:18
d
C:\Program Files\Google
2006-10-05 09:26 14416 --a
C:\WINDOWS\system32\client_cc.dll
2006-10-05 09:26 13904 --a
C:\WINDOWS\system32\lccl.dll
2006-10-05 09:24
d
C:\Program Files\BullGuard Software
2006-10-04 23:52
d
C:\Program Files\Dedaulus SC EN
2006-10-04 10:27
d
C:\Program Files\Paltalk Web Client
2006-10-03 20:49
d
C:\Documents and Settings\Administrator\Application Data\Corel
2006-10-03 18:15
d
C:\Program Files\Corel
2006-10-03 18:15
d
C:\Program Files\Common Files\Corel
2006-10-03 13:41
d
C:\Documents and Settings\Administrator\Application Data\Google
2006-10-02 21:29 41 --a--c--- C:\Documents and Settings\Administrator\Application Data\sversion.ini
2006-10-02 07:51 164146 ---h-c--- C:\Documents and Settings\Administrator\Application Data\TurboLaunch_IconCache.dat
2006-10-02 07:51
d
C:\Program Files\a-squared Free
2006-10-02 07:21
d
C:\Program Files\CleanUp!
2006-10-02 07:12
d
C:\Program Files\Trustix
2006-10-02 07:06
d
C:\Program Files\Arovax AntiSpyware
2006-10-02 04:04
d
C:\Program Files\BulletProofSoft.com
2006-10-02 03:52
d
C:\Documents and Settings\Administrator\Application Data\BullGuard(2)
2006-10-02 02:16
d
C:\Documents and Settings\Administrator\Application Data\Zeon
2006-10-02 02:08
d
C:\Program Files\Common Files\InstallShield
2006-10-02 02:06
d
C:\Program Files\Common Files\Download Manager
2006-10-01 02:04
d
C:\Program Files\Nsasoft
2006-09-29 21:55
d
C:\Program Files\MSN Messenger
2006-09-29 21:55
d
C:\Program Files\DIFX
2006-09-29 21:53
d
C:\Program Files\Messenger
2006-09-28 23:28
d
C:\Program Files\Zg cd extractor
2006-09-28 10:48
d
C:\Program Files\Amazing Planet
2006-09-27 22:57
d
C:\Documents and Settings\Administrator\Application Data\Azureus
2006-09-25 00:53
d
C:\Program Files\Video Capture Convert Split Merge Burn Studio
2006-09-25 00:45 81920 --a
C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2006-09-25 00:45 7176 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
2006-09-25 00:45 47360 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2006-09-25 00:45 33 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.log
2006-09-25 00:45 1144 --a
C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
2006-09-25 00:45
d
C:\Program Files\VSO
2006-09-25 00:45
d
C:\Documents and Settings\Administrator\Application Data\Vso
2006-09-24 19:21
d
C:\Program Files\Focus Select
2006-09-24 18:44
d
C:\Documents and Settings\Administrator\Application Data\Serif
2006-09-24 18:43
d
C:\Program Files\Serif
2006-09-24 18:31
d
C:\Program Files\Windows Media Player
2006-09-23 01:53
d
C:\Program Files\DVDFab Platinum 3
2006-09-21 23:27
d
C:\Program Files\Babble
2006-09-21 20:57
d
C:\Program Files\Paltalk Messenger
2006-09-21 20:39
d
C:\Documents and Settings\Administrator\Application Data\Paltalk
2006-09-20 01:17
d
C:\Program Files\Opera
2006-09-18 22:32
d
C:\Program Files\Azureus Ultra Accelerator
2006-09-15 14:48
d
C:\Program Files\WinRAR
2006-09-15 10:37
d
C:\Program Files\QuickTime
2006-09-15 10:34
d
C:\Program Files\Apple Software Update
2006-09-15 01:58
d
C:\Program Files\Virtual DJ Studio
2006-09-15 01:47
d
C:\Documents and Settings\Administrator\Application Data\Opera
2006-09-15 01:46
d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-09-14 10:24
d
C:\Documents and Settings\Administrator\Application Data\Real
2006-09-13 20:08
d
C:\Program Files\Amaya-9.52
2006-09-12 22:47
d
C:\Program Files\Elecard
2006-09-12 22:41
d
C:\Program Files\DVD Shrink
2006-09-12 22:35
d
C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-09-12 17:29
d
C:\Program Files\Codec Pack - All In 1
2006-09-12 17:28
d
C:\Program Files\K-Lite Codec Pack
2006-09-12 00:31
d
C:\Documents and Settings\Administrator\Application Data\Download Manager
2006-09-12 00:28
d
C:\Program Files\SpamNullifier
2006-09-07 23:15
d
C:\Program Files\Gmail Notifier GPL
2006-09-06 22:25 104221 --a
C:\WINDOWS\Rapishare Free Account Check Uninstaller.exe
2006-09-06 22:25
d
C:\Program Files\Rapishare Free Account Check
2006-09-05 14:36
d
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2006-09-05 10:01 1212928 --a
C:\WINDOWS\system32\Incinerator.dll
2006-09-03 20:53
d
C:\Program Files\Hazard Perception Training 2004-2005
2006-09-03 20:51
d
C:\Program Files\Driving Test Success 2004-2005
2006-09-03 19:33
d
C:\Program Files\Microsoft Works
2006-09-03 19:33
d
C:\Program Files\Common Files\Microsoft Shared
2006-09-03 17:23
d
C:\Program Files\POPFile
2006-09-02 22:16
d
C:\Program Files\MSBuild
2006-09-02 22:12
d
C:\Program Files\Reference Assemblies
2006-09-01 20:19
d
C:\Program Files\TryFastMessenger
2006-09-01 20:04
d
C:\Program Files\eGames
2006-08-30 23:40
d
C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-08-30 23:39
d
C:\Program Files\iTunes
2006-08-30 23:39
d
C:\Program Files\iPod
2006-08-30 15:25
d---s---- C:\Program Files\Common Files\Teknum Systems
2006-08-30 10:05
d
C:\Program Files\ffdshow
2006-08-30 09:39
d
C:\Program Files\Rockstar Games
2006-08-26 09:58
d
C:\Program Files\DCI
2006-08-26 09:58
d
C:\Program Files\Common Files\Designer
2006-08-25 19:04
d
C:\Program Files\SysShield Tools
2006-08-25 19:00
d
C:\Program Files\HandyBits
2006-08-25 18:59 26624 --a
C:\WINDOWS\system32\ssmenu.dll
2006-08-25 18:50
d
C:\Documents and Settings\Administrator\Application Data\scar5
2006-08-24 16:48
d
C:\Program Files\SpyPry
2006-08-24 16:37
d
C:\Documents and Settings\Administrator\Application Data\WinPatrol
2006-08-24 08:49
d
C:\Program Files\Sunbelt Software
2006-08-23 01:59 9480 --a
C:\WINDOWS\system32\icardres.dll
2006-08-23 01:59 76800 --a
C:\WINDOWS\system32\infocardapi.dll
2006-08-23 01:59 546568 --a
C:\WINDOWS\system32\icardagt.exe
2006-08-22 20:23
d
C:\Program Files\Azureus
2006-08-22 20:16
d
C:\Program Files\BitComet
2006-08-21 13:21 16896 --a
C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a
C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a
C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 23:44
d
C:\Program Files\RFA Platinum
2006-08-17 23:59
d
C:\Program Files\Internet Explorer
2006-08-15 18:08 768816 --a
C:\WINDOWS\system32\PresentationNative_v0300.dll
2006-08-15 18:08 472368 --a
C:\WINDOWS\system32\evr.dll
2006-08-15 18:08 1957168 --a
C:\WINDOWS\system32\milcore.dll
2006-08-15 18:07 69424 --a
C:\WINDOWS\system32\dxva2.dll
2006-08-15 18:07 19760 --a
C:\WINDOWS\system32\PresentationHostProxy.dll
2006-08-15 18:07 186160 --a
C:\WINDOWS\system32\PresentationHost.exe
2006-08-15 18:07 158000 --a
C:\WINDOWS\system32\UIAutomationCore.dll
2006-08-15 18:07 104240 --a
C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2006-08-15 13:22
d
C:\Program Files\Nero
2006-08-14 11:20
d
C:\Program Files\CCleaner
2006-08-13 10:07 408576
c--- C:\WINDOWS\system32\photometadatahandler.dll
2006-08-13 10:07 273920
c--- C:\WINDOWS\system32\WMPhoto.dll
2006-08-13 10:06 706560
c--- C:\WINDOWS\system32\WindowsCodecs.dll
2006-08-13 10:06 349696
c--- C:\WINDOWS\system32\WindowsCodecsExt.dll
2006-08-12 23:16
d
C:\Program Files\Yahoo!
2006-08-12 22:51
d
C:\Program Files\ICQLite
2006-08-12 22:50
d
C:\Documents and Settings\Administrator\Application Data\ICQLite
2006-08-12 21:23
d
C:\Program Files\CounterPath
2006-08-12 21:23
d
C:\Program Files\Common Files\Intel
2006-08-11 18:58
d
C:\Program Files\directx
2006-08-11 18:58
d
C:\Program Files\Common Files\gst
2006-08-11 18:57
d
C:\Program Files\green label
2006-08-08 13:36
d
C:\Program Files\Windows X
2006-07-28 16:49 69632 --a--c--- C:\WINDOWS\uinst001.exe
2006-07-28 09:30 62744 --a--c--- C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a--c--- C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 14:24 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-07-24 00:15 164352 --a--c--- C:\WINDOWS\system32\SpoonUninstall.exe
2006-07-24 00:15 159744 --a--c--- C:\WINDOWS\Talking Time Keeper.scr
2006-07-24 00:09 14848 --a--c--- C:\WINDOWS\system32\BASSMOD.dll
2006-07-21 09:24 72704 --a--c--- C:\WINDOWS\system32\hlink.dll
2006-07-21 08:37 0 -rahs---- C:\MSDOS.SYS
2006-07-21 08:37 0 -rahs---- C:\IO.SYS
2006-07-21 08:37 0 --a
C:\CONFIG.SYS
2006-07-21 08:37 0 --a
C:\AUTOEXEC.BAT
2006-07-21 01:28 62 --ahsc--- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNRecode.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroVision.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroShowTime.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroMediaHome.exe
2006-07-14 17:29 966656 --a
C:\WINDOWS\UNNeroBackItUp.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BGNewsAgent"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\BgNewsUI.exe\""
"Eraser"="C:\\Program Files\\Eraser\\eraser.exe -hide"
"BullGuard"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\""
"\"C:\\Program Files\\Common Files\\{B08CD799-0AE9-2057-0525-05102005002c}\\Update.exe\" /startup"="\"C:\\Program Files\\Common Files\\{B08CD799-0AE9-2057-0525-05102005002c}\\Update.exe\" /startup"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=hex:00,00,00,00
"NoSaveSettings"=hex:00,00,00,00
"ClearRecentDocsOnExit"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"VerboseStatus"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Azureus Ultra Accelerator.lnk]
"path"=""
"location"="Startup"
"command"="C:\\PROGRA~1\\Azureus Ultra Accelerator\\Azureus Ultra Accelerator.exe "
"item"="Azureus Ultra Accelerator"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Undelete 5.0 Registration.lnk]
"location"="Startup"
"command"="C:\\PROGRA~1\\DISKEE~1\\DISKEE~1\\ESIREG~1.EXE /remind /language=ENG /PRNM=\"Undelete 5.0\""
"item"="Undelete 5.0 Registration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
"location"="Common Startup"
"item"="palstart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PALTAL~1\\palstart.exe "
"item"="PalStart"
"path"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\asrupdate.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="asrupdate"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\asrupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"hkey"="HKLM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\rfagent]
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rfagent"
"command"="\"C:\\Program Files\\RFA Platinum\\rfagent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpywareTerminator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareTerminatorShield"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunserver"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06/10/2006 10:24:40.17
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

hope you can help. just to let you know i might have to go out for a bit so if i dont respond i will be back trust me on that. thanks in advance for anyone that does help.

Comments

  • NecropolisNecropolis Hawarden, Wales Icrontian
    edited October 2006
    Moved to SVT
  • damo
    edited October 2006
    got it sorted downloaded ediwo now know as avg antispyware did all my ran atf-cleaner, combofix and the rest now it's gone. thanks anyway. I do know alittle bout computer but had not keep up with viruses for a few weeks was taking a break. now im back and will be reading up on them and if you need help here let me know im not the best but im open to learning all the time and helping people. here is a new hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:57:33, on 06/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Eraser\eraser.exe
    C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\StkSrv2K.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5556EFF5-CF91-ED9D-CA2D-09562C546C18} - C:\WINDOWS\system32\yefjsd.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [BGNewsAgent] "C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe"
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
    O4 - HKCU\..\Run: ["C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup] "C:\Program Files\Common Files\{B08CD799-0AE9-2057-0525-05102005002c}\Update.exe" /startup
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Load.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
    O16 - DPF: wcloader_cab - http://download.paltalk.com/wcloader/wcloader.cab
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153442500828
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153442493859
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Syntek DC-112X Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe
Sign In or Register to comment.