1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

infected with m658cap8

Discussion in 'Virus & Other Malware Removal' started by vaumatt, Mar 28, 2008.

Thread Status:
Not open for further replies.
  1. vaumatt

    vaumatt Thread Starter

    Joined:
    Sep 19, 2007
    Messages:
    2
    StartupList report, 3/28/2008, 6:51:32 PM
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\TPSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\PsCtrls.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\AntiSpam\pskmssvc.exe
    c:\program files\panda software\panda platinum 2005 internet

    security\firewall\PSHOST.EXE
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\psimsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TightVNC\WinVNC.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\APVXDWIN.EXE
    C:\Program Files\Compaq\EAB\EABSERVR.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\advanced system optimizer\memtuneup.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Belkin\Cardbus F5D701F\Wireless

    Utility\Belkinwcui.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\SRVLOAD.EXE
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\WebProxy.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet

    Security\PavBckPT.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Belkin Wireless G Notebook Card Client Utility.lnk = ?
    hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital

    Imaging\bin\hpotdd01.exe
    Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SCANINICIO = "C:\Program Files\Panda Software\Panda Platinum 2005

    Internet Security\Inicio.exe"
    APVXDWIN = "C:\Program Files\Panda Software\Panda Platinum 2005

    Internet Security\APVXDWIN.EXE" /s
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe
    eabconfg.cpl = C:\Program Files\Compaq\EAB\EABSERVR.EXE /Start
    Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader

    8.0\Reader\Reader_sl.exe"
    QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    WinVNC = "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
    SunJavaUpdateSched = "C:\Program

    Files\Java\jre1.6.0_05\bin\jusched.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    PANDA ANTISPAM SERVER SERVICE = "C:\Program Files\Panda Software\Panda

    Platinum 2005 Internet Security\PasSrv.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    Systweak Memory Optimizer = c:\program files\advanced system

    optimizer\memtuneup.exe
    SpybotSD TeaTimer = C:\Program Files\Spybot - Search &

    Destroy\TeaTimer.exe
    RoboForm = "C:\Program Files\Siber Systems\AI

    RoboForm\RoboTaskBarIcon.exe"
    PC Suite Tray = "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe"

    -onlytray

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    =

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll -

    {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll -

    {724d43a9-0d85-11d4-9908-00400523e39a}
    (no name) - C:\Program Files\Microsoft

    Office\Office12\GrooveShellExtensions.dll -

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    (no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows

    Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll -

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    AppleSoftwareUpdate.job
    Basic clean-up.job
    Check Updates for Windows Live Toolbar.job
    FRU Task #Hewlett-Packard#hp officejet 6100 series#1191707269.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [vzTCPConfig]
    CODEBASE =

    http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
    OSD = C:\WINDOWS\Downloaded Program Files\OSD22.OSD

    [Support.com Configuration Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
    CODEBASE =

    https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

    [YInstStarter Class]
    InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
    CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

    [PictureItLauncher Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\DigWebX2.dll
    CODEBASE =

    http://photos.msn.com/resources/neutral/controls/DigWebX2.cab

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\wuweb.dll
    CODEBASE =

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/

    wuweb_site.cab?1173587992130

    [ExentInf Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ExentCtl.ocx

    [NanoInstaller Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\NanoInst.dll
    CODEBASE = http://www.nanoscan.com/cabs/nanoinst.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\Program Files\Panda Software\Panda

    Platinum 2005 Internet Security\Downloads\ProtInfo\Prevent.sig


    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    End of report, 9,522 bytes
    Report generated in 0.100 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of

    platform
    /history - to list version history only
    PLease help get rid of this annoyance
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/698132

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice