1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Csrss - AM is not a valid integer value

Discussion in 'Virus & Other Malware Removal' started by charliedeft, Jan 31, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    I'm also having this problem with the extra csrss.exe. i've tried a few times to delete the extra one, but it's back every time i restart. also, every few minutes i get a message that says, "AM is not a valid integer value." or "PM is not a valid integer value." i put together a hijack this log and a combofix log(from safemode).

    hijackthis log

     
  2. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    ComboFix Log from safemode
     
  3. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    i'm having another problem now, on top of the problems mentioned before, my computer freezes everytime i restart my computer. after loading up windows, my computer freezes once it reaches the desktop. i usually have to start up in safemode and restore to an earlier point. i also found a rundl132.exe that starts up.
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
    ======================

    Download Superantispyware

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  5. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    thanks for your time and sorry for the delayed response, i was away for the weekend. i did what you said on top of scanning my system with avg. here's my new hijackthis log:
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please post the log and not use code - they are had to read

    You added simew new problems - run combofix again

    Where is the log from SuperAnti and SDFix

    ========================

    Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Scroll down to the download section

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  7. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    whoops sorry about that, i forgot to post the logs. i'll do so now
    SUPER AntiSpyware:

    SUPERAntiSpyware Scan Log
    Generated 02/03/2007 at 06:24 PM

    Application Version : 3.5.1016

    Core Rules Database Version : 3177
    Trace Rules Database Version: 1187

    Scan type : Complete Scan
    Total Scan Time : 04:23:06

    Memory items scanned : 459
    Memory threats detected : 0
    Registry items scanned : 6512
    Registry threats detected : 90
    File items scanned : 117677
    File threats detected : 31

    Kontiki Download Manager Browser Helper Object
    HKLM\Software\Classes\CLSID\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}
    HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}
    HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}
    HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\InprocServer32
    HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\InprocServer32#ThreadingModel
    HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\ProgID
    HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\Programmable
    HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\TypeLib
    HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\VersionIndependentProgID
    C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
    HKLM\Software\Classes\CLSID\{0CF993CD-8A9F-4c26-BB7C-CF9EED62245E}
    HKCR\CLSID\{0CF993CD-8A9F-4C26-BB7C-CF9EED62245E}
    HKCR\CLSID\{0CF993CD-8A9F-4C26-BB7C-CF9EED62245E}
    HKCR\CLSID\{0CF993CD-8A9F-4C26-BB7C-CF9EED62245E}\InprocServer32
    HKCR\CLSID\{0CF993CD-8A9F-4C26-BB7C-CF9EED62245E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0CF993CD-8A9F-4C26-BB7C-CF9EED62245E}\ProgID
    HKCR\CLSID\{0CF993CD-8A9F-4C26-BB7C-CF9EED62245E}\Programmable
    HKCR\CLSID\{0CF993CD-8A9F-4C26-BB7C-CF9EED62245E}\TypeLib
    HKCR\CLSID\{0CF993CD-8A9F-4C26-BB7C-CF9EED62245E}\VersionIndependentProgID
    HKLM\Software\Classes\CLSID\{1632C030-61AA-4ba9-908C-4822E1060166}
    HKCR\CLSID\{1632C030-61AA-4BA9-908C-4822E1060166}
    HKCR\CLSID\{1632C030-61AA-4BA9-908C-4822E1060166}
    HKCR\CLSID\{1632C030-61AA-4BA9-908C-4822E1060166}\InprocServer32
    HKCR\CLSID\{1632C030-61AA-4BA9-908C-4822E1060166}\InprocServer32#ThreadingModel
    HKCR\CLSID\{1632C030-61AA-4BA9-908C-4822E1060166}\ProgID
    HKCR\CLSID\{1632C030-61AA-4BA9-908C-4822E1060166}\Programmable
    HKCR\CLSID\{1632C030-61AA-4BA9-908C-4822E1060166}\TypeLib
    HKCR\CLSID\{1632C030-61AA-4BA9-908C-4822E1060166}\VersionIndependentProgID
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}

    Adware.Tracking Cookie
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][3].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][2].txt
    C:\Documents and Settings\Francis Deogracias\Cookies\francis [email protected][1].txt

    Unclassified.Unknown Origin
    HKCR\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}
    HKCR\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}#AppID
    HKCR\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}\InprocServer32
    HKCR\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}\InprocServer32#ThreadingModel
    HKCR\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}\ProgID
    HKCR\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}\Programmable
    HKCR\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}\TypeLib
    HKCR\CLSID\{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8}\VersionIndependentProgID
    HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}
    HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}\InProcServer32
    HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}\InProcServer32#ThreadingModel

    Adware.WhenU
    HKCR\ACM.ACMFactory
    HKCR\ACM.ACMFactory\CLSID
    HKCR\ACM.ACMFactory\CurVer
    HKCR\ACM.ACMFactory.1
    HKCR\ACM.ACMFactory.1\CLSID
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
    HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
    HKCR\AppId\ACM.DLL
    HKCR\AppId\ACM.DLL#AppID
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version

    Trojan.SSLdr/32
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssldr
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssldr#Asynchronous
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssldr#Impersonate
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssldr#DLLName
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssldr#Logon
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssldr#Logoff

    Trojan.Child/Bug
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} [ OutPost FireWall ]

    Trojan.PestTrap
    HKU\S-1-5-21-3848448594-4024994690-2552189465-1006\Software\SNO2

    Adware.MyWay
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout

    Adware.ClearSearch
    C:\PROGRAM FILES\LYCOS\IEAGENT\CSSSINST.DLL

    Trojan.Downloader-GRDMgr
    C:\WINDOWS\SYSTEM32\GRDMGR.EXE
     
  8. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    this is the SD Fix Log:


    SDFix: Version 1.63

    Sat 02/03/2007 - 13:29:41.68

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    .NET Connection Service
    SVKP

    Path:
    C:\WINDOWS\svchost.exe
    \??\C:\WINDOWS\system32\SVKP.sys

    .NET Connection Service Deleted
    SVKP Deleted

    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\windows\svchost.exe - Deleted
    C:\windows\system32\o - Deleted
    C:\windows\system32\SVKP.SYS - Deleted
    C:\windows\system32\TFTP5044 - Deleted
    C:\windows\system32\TFTP5624 - Deleted


    Folder C:\windows\system32\drv32dta - Removed

    ADS Check:

    C:\windows\system32
    No streams found.

    Final Check:

    Remaining Services:
    ------------------


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Direct Connect\\Direct Connect.exe"="C:\\Program Files\\Direct Connect\\Direct Connect.exe:*:Enabled:Direct Connect"
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\Kontiki\\bin\\kontiki.exe"="C:\\Program Files\\Kontiki\\bin\\kontiki.exe:*:Enabled:Kontiki Client"
    "C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\AIM95\\AIM95_c1\\aim.exe"="C:\\Program Files\\AIM95\\AIM95_c1\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
    "C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\AIM95\\AIM95_c2\\aim.exe"="C:\\Program Files\\AIM95\\AIM95_c2\\aim.exe:*:Disabled:AOL Instant Messenger"
    "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
    "F:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"="F:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe:*:Enabled:BattlefrontII"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\AIM95\\AIM95_c4\\aim.exe"="C:\\Program Files\\AIM95\\AIM95_c4\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.EXE"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.EXE:*:Enabled:Jedi Academy MultiPlayer"
    "C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jampDed.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jampDed.exe:*:Enabled:Jedi Academy MP Dedicated Server"
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
    "C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
    "C:\\WINDOWS\\SYSTEM32\\FSCAgent.exe"="C:\\WINDOWS\\SYSTEM32\\FSCAgent.exe:*:Enabled:???? ???? ??"
    "C:\\WINDOWS\\SYSTEM32\\ClubBox.exe"="C:\\WINDOWS\\SYSTEM32\\ClubBox.exe:*:Enabled:嬷´¹ú½º æäàïàü¼û °ü¸®àú"
    "C:\\WINDOWS\\SYSTEM32\\grdmgr.exe"="C:\\WINDOWS\\SYSTEM32\\grdmgr.exe:*:Enabled:CDN ???? ??"
    "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\AIM95\\AIM95_c0\\aim.exe"="C:\\Program Files\\AIM95\\AIM95_c0\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Common Files\\AOL\\1124823980\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1124823980\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\Documents and Settings\Francis Deogracias\Desktop\charchar\downloads\John Legend - Get Lifted (2004) - RnB [www.torrentazos.com]\Thumbs.db
    C:\Documents and Settings\Francis Deogracias\NetHood\kapamilya_card on www.abs-cbni.com\Desktop.ini
    C:\Documents and Settings\Francis Deogracias\NetHood\support on www.vinnell.com\Desktop.ini
    C:\Documents and Settings\Francis Deogracias\Local Settings\Temp\98.dll
    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\WINDOWS\SYSTEM32\PackethSvc.exe
    C:\WINDOWS\SYSTEM32\twunk32.exe
    C:\hiberfil.sys
    C:\Documents and Settings\Francis Deogracias\Application Data\Microsoft\Word\~WRL2979.tmp
    C:\WINDOWS\SYSTEM32\CONFIG\default.tmp.LOG
    C:\WINDOWS\SYSTEM32\CONFIG\software.tmp.LOG
    C:\WINDOWS\SYSTEM32\CONFIG\system.tmp.LOG

    Finished
     
  9. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    i'm going to run combofix now and redo HJT
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Need the log from combo and a new hijack log
     
  11. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    HiJackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:01:32 PM, on 2/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\windows\system32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\windows\Explorer.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\AIM+\AIM+.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\AIM95\aim.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.subfighter.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=68.101.180.152:24491
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.sdinsider.com"); (C:\Documents and Settings\Francis Deogracias\Application Data\Mozilla\Profiles\default\1fvm88oh.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Francis Deogracias\Application Data\Mozilla\Profiles\default\1fvm88oh.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [wsttrs] C:\windows\WINLOGON.EXE
    O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\svchost.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Francis Deogracias\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.clubbox.co.kr
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/ws1_x.cab
    O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/angelfire/Sidesearch.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093376882812
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://chereezy.multiply.com/photos/uploader.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.4.0.1071/bin/imvid.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {DAAD8E43-FAC2-41DD-8F02-9D2BD626F4BB} (AVChat_Inst Control) - http://chat.saram.net/avchat/AVChat_InstProj1.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/ieplugin.CAB
    O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\windows\Nhksrv.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
     
  12. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    ComboFix:

    "Francis Deogracias" - 07-02-11 22:36:17 Service Pack 2
    ComboFix 07-02-11 - Running from: "F:\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\windows\~tmp2051.exe
    C:\windows\~tmp8564.exe
    C:\_desktop.ini
    C:\windows\system32\1164684523.exe
    C:\windows\system32\1170108561.exe
    C:\windows\system32\1170375822.exe
    C:\windows\system32\drivers\cdntran.sys
    C:\windows\system32\drivers\npf.sys


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-11 to 2007-02-11 ))))))))))))))))))))))))))))))))))


    2007-02-09 13:59 <DIR> d-------- C:\DOCUME~1\FRANCI~1\Application Data\Ahead
    2007-02-09 13:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Nero
    2007-02-09 13:51 <DIR> d-------- C:\Program Files\Nero
    2007-02-03 19:12 <DIR> d-------- C:\Program Files\Speedbit Video Accelerator
    2007-02-03 13:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-02-03 13:52 <DIR> d-------- C:\DOCUME~1\FRANCI~1\Application Data\SUPERAntiSpyware.com
    2007-02-03 13:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
    2007-02-03 13:28 <DIR> d-------- C:\SDFix
    2007-02-03 13:01 <DIR> d-------- C:\DOCUME~1\FRANCI~1\Application Data\Viewpoint
    2007-02-02 10:29 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Google
    2007-02-02 00:06 12,283,656 --------- C:\AVG7QT.DAT
    2007-02-01 23:54 <DIR> dr-h----- C:\$VAULT$.AVG
    2007-02-01 23:53 839,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
    2007-02-01 23:53 4,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys
    2007-02-01 23:53 4,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
    2007-02-01 23:53 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
    2007-02-01 23:53 27,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
    2007-02-01 23:53 18,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
    2007-02-01 23:53 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
    2007-02-01 23:53 <DIR> d-------- C:\DOCUME~1\FRANCI~1\Application Data\AVG7
    2007-02-01 23:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
    2007-02-01 23:35 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2007-02-01 23:24 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
    2007-02-01 23:17 <DIR> d-------- C:\DOCUME~1\FRANCI~1\Application Data\WinRAR
    2007-02-01 23:01 <DIR> d-------- C:\Program Files\iTunes
    2007-02-01 22:34 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-01-29 12:45 1,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbue.sys
    2007-01-29 12:44 <DIR> d-------- C:\WINDOWS\uninstall
    2007-01-29 03:59 241,664 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
    2007-01-29 03:59 14,442,496 --a------ C:\DOCUME~1\FRANCI~1\ntuser.dat
    2007-01-22 04:01 <DIR> d-------- C:\Program Files\RSSoft
    2007-01-16 01:13 <DIR> d-------- C:\Program Files\FreeCDRipper


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-02-11 19:59 -------- d-------- C:\Program Files\mozilla firefox
    2007-02-11 13:15 -------- d-------- C:\Program Files\Common Files\blizzard entertainment
    2007-02-10 13:12 -------- d-------- C:\Program Files\world of warcraft
    2007-02-09 13:58 -------- d-------- C:\Program Files\Common Files\ahead
    2007-02-07 23:39 -------- d-------- C:\Program Files\soulseek-test
    2007-02-05 07:33 -------- d--h----- C:\Program Files\installshield installation information
    2007-02-03 20:39 -------- d-------- C:\Program Files\jam's jedi knight kt v2.0
    2007-02-03 20:39 -------- d-------- C:\Program Files\imvu
    2007-02-03 20:39 -------- d-------- C:\Program Files\icqlite
    2007-02-03 20:39 -------- d-------- C:\Program Files\ibm pc camera
    2007-02-03 20:39 -------- d-------- C:\Program Files\gspot
    2007-02-03 20:38 -------- d-------- C:\Program Files\goldwave
    2007-02-03 20:38 -------- d-------- C:\Program Files\getright
    2007-02-03 20:38 -------- d-------- C:\Program Files\ewido anti-malware
    2007-02-03 20:38 -------- d-------- C:\Program Files\eo video
    2007-02-03 20:38 -------- d-------- C:\Program Files\discwizard for windows
    2007-02-03 20:38 -------- d-------- C:\Program Files\directvobsub
    2007-02-03 20:38 -------- d-------- C:\Program Files\direct connect
    2007-02-03 20:38 -------- d-------- C:\Program Files\dc++
    2007-02-03 20:38 -------- d-------- C:\Program Files\cliprex ds dvd player
    2007-02-03 20:38 -------- d-------- C:\Program Files\bsplayer
    2007-02-03 20:38 -------- d-------- C:\Program Files\bittornado
    2007-02-03 20:38 -------- d-------- C:\Program Files\azureus
    2007-02-03 20:38 -------- d-------- C:\Program Files\avicodec
    2007-02-03 20:38 -------- d-------- C:\Program Files\aol
    2007-02-03 20:38 -------- d-------- C:\Program Files\aod
    2007-02-03 20:38 -------- d-------- C:\Program Files\aim95
    2007-02-03 20:38 -------- d-------- C:\Program Files\aim+
    2007-02-03 13:52 -------- d-------- C:\Program Files\Common Files\wise installation wizard
    2007-02-03 13:17 -------- d-------- C:\Program Files\combined community codec pack
    2007-02-03 12:30 -------- d-------- C:\Program Files\hijackthis
    2007-02-03 12:30 -------- d-------- C:\Program Files\emule
    2007-02-03 12:30 -------- d-------- C:\Program Files\divx
    2007-02-03 10:00 -------- d-------- C:\Program Files\zoom player
    2007-02-03 10:00 -------- d-------- C:\Program Files\xvid
    2007-02-03 10:00 -------- d-------- C:\Program Files\xbconnect4
    2007-02-03 10:00 -------- d-------- C:\Program Files\wma to mp3 converter
    2007-02-03 10:00 -------- d-------- C:\Program Files\winmx
    2007-02-03 10:00 -------- d-------- C:\Program Files\ventsrv
    2007-02-03 10:00 -------- d-------- C:\Program Files\tvants
    2007-02-03 10:00 -------- d-------- C:\Program Files\teamspeak2_rc2
    2007-02-03 10:00 -------- d-------- C:\Program Files\regclean
    2007-02-03 10:00 -------- d-------- C:\Program Files\quicktime
    2007-02-03 09:59 -------- d-------- C:\Program Files\poweriso
    2007-02-03 09:59 -------- d-------- C:\Program Files\power mp3 wma converter
    2007-02-03 09:59 -------- d-------- C:\Program Files\pica
    2007-02-03 09:59 -------- d-------- C:\Program Files\norton utilities
    2007-02-03 09:59 -------- d-------- C:\Program Files\netropa
    2007-02-03 09:59 -------- d-------- C:\Program Files\mouse
    2007-02-03 09:59 -------- d-------- C:\Program Files\mkvtoolnix
    2007-02-03 09:59 -------- d-------- C:\Program Files\microsoft works
    2007-02-03 09:59 -------- d-------- C:\Program Files\microsoft intellipoint 4.12
    2007-02-03 09:59 -------- d-------- C:\Program Files\microsoft intellipoint 4.1
    2007-02-03 09:59 -------- d-------- C:\Program Files\microsoft intellipoint
    2007-02-03 09:59 -------- d-------- C:\Program Files\lexmarkx73
    2007-02-03 09:59 -------- d-------- C:\Program Files\karmatools
    2007-02-02 12:09 -------- d-------- C:\Program Files\flashget
    2007-02-02 11:38 -------- d-------- C:\Program Files\soulseek
    2007-02-01 23:59 -------- d-------- C:\Program Files\d-tools
    2007-02-01 23:35 -------- d-------- C:\Program Files\grisoft
    2007-02-01 23:24 -------- d-------- C:\Program Files\winamp
    2007-02-01 22:41 -------- d-------- C:\Program Files\ipod
    2007-01-29 12:50 -------- d-------- C:\Program Files\worldnet
    2007-01-29 12:50 -------- d-------- C:\Program Files\winavi mp4 converter
    2007-01-29 12:50 -------- d-------- C:\Program Files\ventrilo
    2007-01-29 12:50 -------- d-------- C:\Program Files\silkroad
    2007-01-29 12:49 -------- d-------- C:\Program Files\mp3towma
    2007-01-29 12:49 -------- d-------- C:\Program Files\mirc
    2007-01-29 12:49 -------- d-------- C:\Program Files\mcafee virusscan professional edition 7.00 beta field test
    2007-01-29 12:49 -------- d-------- C:\Program Files\matroska pack
    2007-01-29 12:49 -------- d-------- C:\Program Files\lame
    2007-01-29 12:48 -------- d-------- C:\Program Files\avisynth2
    2007-01-29 12:48 -------- d-------- C:\Program Files\ac3filter
    2006-12-17 23:13 69 --a-s---- C:\WINDOWS\test.bat
    2006-12-14 13:02 -------- d-------- C:\DOCUME~1\FRANCI~1\Application Data\azureus
    2006-12-13 19:56 -------- d-------- C:\DOCUME~1\FRANCI~1\Application Data\bsplayer
    2006-12-13 19:51 -------- d-------- C:\Program Files\webteh
    2006-12-13 03:24 61440 --a------ C:\WINDOWS\SYSTEM32\nod.dll
    2006-12-13 03:22 52778 --a------ C:\WINDOWS\SYSTEM32\clubboxuninstall.exe
    2006-12-13 03:02 716597 --a------ C:\WINDOWS\today.exe
    2006-11-29 07:41 327680 -ra------ C:\WINDOWS\SYSTEM32\grdupdater.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "AIM"="\"C:\\Program Files\\AIM+\\AIM+.exe\" -cnetwait.odl"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
    "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
    "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
    "Lexmark X73 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe"
    "Lexmark X73 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "wsttrs"="C:\\windows\\WINLOGON.EXE"
    "cmdbcs"="C:\\WINDOWS\\svchost.exe"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma Loader.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GetRight - Tray Icon.lnk"
    "backup"="C:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\GetRight\\getright.exe "
    "item"="GetRight - Tray Icon"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Norton System Doctor.lnk"
    "backup"="C:\\WINDOWS\\pss\\Norton System Doctor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\NORTON~2\\SYSDOC32.EXE /STARTUP"
    "item"="Norton System Doctor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TFTP1168]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TFTP1168"
    "backup"="C:\\WINDOWS\\pss\\TFTP1168Common Startup"
    "location"="Common Startup"
    "command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TFTP1168"
    "item"="TFTP1168"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Francis Deogracias^Start Menu^Programs^Startup^Download Plus.lnk]
    "path"="C:\\Documents and Settings\\Francis Deogracias\\Start Menu\\Programs\\Startup\\Download Plus.lnk"
    "backup"="C:\\WINDOWS\\pss\\Download Plus.lnkStartup"
    "location"="Startup"
    "command"="C:\\Documents and Settings\\Francis Deogracias\\Application Data\\DownloadPlus.exe "
    "item"="Download Plus"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Francis Deogracias^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    "path"="C:\\Documents and Settings\\Francis Deogracias\\Start Menu\\Programs\\Startup\\PowerReg Scheduler V3.exe"
    "backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler V3.exeStartup"
    "location"="Startup"
    "command"="C:\\Documents and Settings\\Francis Deogracias\\Start Menu\\Programs\\Startup\\PowerReg Scheduler V3.exe"
    "item"="PowerReg Scheduler V3"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Francis Deogracias^Start Menu^Programs^Startup^SpywareGuard.lnk]
    "path"="C:\\Documents and Settings\\Francis Deogracias\\Start Menu\\Programs\\Startup\\SpywareGuard.lnk"
    "backup"="C:\\WINDOWS\\pss\\SpywareGuard.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\SPYWAR~1\\sgmain.exe "
    "item"="SpywareGuard"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DirectCD"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AdTools"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\AdTools Service\\AdTools.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AIM+"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\AIM+\\AIM+.exe\" -cnetwait.odl"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AOLLaunch"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CloneCDTray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnet]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kontiki"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Kontiki\\bin\\kontiki.exe\" -s cnet -q"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DeadAIM"
    "hkey"="HKLM"
    "command"="rundll32.exe \"C:\\Program Files\\AIM95\\\\DeadAIM.ocm\",ExportedCheckODLs"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GNX]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GNX"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\GNX.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleDesktop"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="googletalk"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AOLSoftware"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\AOL\\1137879014\\ee\\AOLSoftware.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ICQLite"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kazaalite"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Kazaa Lite\\kpp.exe\" \"C:\\Program Files\\Kazaa Lite\\kazaalite.kpp\" /SYSTRAY"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AcBtnMgr_X73"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ACMonitor_X73"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\load]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="rundl132"
    "hkey"="HKLM"
    "command"="C:\\windows\\uninstall\\rundl132.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RuLaunch"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WksSb"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WkDetect"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MMTray"
    "hkey"="HKLM"
    "command"="MMTray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msbb"
    "hkey"="HKLM"
    "command"="c:\\temp\\msbb.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvCpl"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvMcTray"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwiz"
    "hkey"="HKLM"
    "command"="nwiz.exe /install"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pgnnlpox]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mbsmdqpk"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\mbsmdqpk.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="printray"
    "hkey"="HKLM"
    "command"="C:\\windows\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realplay"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RedSwoosh"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\RSSoft\\RedSwoosh.exe /S"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ibm00001"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tray Temperature]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MiniBug"
    "hkey"="HKLM"
    "command"="C:\\DOCUME~1\\FRANCI~1\\LOCALS~1\\Temp\\MiniBug.exe 1"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TraySantaCruz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="tbctray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\tbctray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="WebRebates0"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Web_Rebates\\WebRebates0.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cdaEngine0400"
    "hkey"="HKLM"
    "command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows auto update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows SyncroAd]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SyncroAd"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Windows SyncroAd\\SyncroAd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Wkfud"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Microsoft Works\\Wkfud.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GameChannel"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ypager"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe -quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
    "{F28439F2-4996-41B8-8BD0-22789780DE81}"="NSIS Media Extension"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    "{D4E63BD6-819B-4852-B43F-C3D96C4E32C2}"="DCIManager ShellHook Module"
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
    Shell\AutoRun\command G:\autorun.exe


    Contents of the 'Scheduled Tasks' folder
    C:\windows\tasks\AppleSoftwareUpdate.job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-02-11 22:46:35
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You need to remove your P2P programs as they are the likely source of the infections

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

    O4 - HKLM\..\Run: [wsttrs] C:\windows\WINLOGON.EXE

    O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\svchost.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\windows\WINLOGON.EXE
    C:\WINDOWS\svchost.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  14. charliedeft

    charliedeft Thread Starter

    Joined:
    Aug 18, 2004
    Messages:
    43
    hmm, so far most of the problems i've been having seem to have gone away, i'll keep you posted though.
    HiJackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:37:00 PM, on 2/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\savedump.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\windows\system32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\wuauclt.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\AIM+\AIM+.exe
    C:\Program Files\AIM95\aim.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    F:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.subfighter.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=68.101.180.152:24491
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.sdinsider.com"); (C:\Documents and Settings\Francis Deogracias\Application Data\Mozilla\Profiles\default\1fvm88oh.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Francis Deogracias\Application Data\Mozilla\Profiles\default\1fvm88oh.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
    O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Francis Deogracias\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.clubbox.co.kr
    O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/ws1_x.cab
    O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174} - http://dl.lygo.com/Sidesearch/en_US/angelfire/Sidesearch.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093376882812
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://chereezy.multiply.com/photos/uploader.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.4.0.1071/bin/imvid.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {DAAD8E43-FAC2-41DD-8F02-9D2BD626F4BB} (AVChat_Inst Control) - http://chat.saram.net/avchat/AVChat_InstProj1.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/ieplugin.CAB
    O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} (InstallCtl Class) - http://download.redswoosh.net/Installer/104/rsinstaller.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\windows\Nhksrv.exe (file missing)
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    << most of>>

    What problems are you having
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/539857

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice