Need some help please?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Hola

Thread Starter
Joined
Jun 29, 2008
Messages
13
Hello, I am not sure if I am infected or not... I recently installed winpatrol and learning how to use it, I was checking the start up programs and, again trying to learn what each one was, I researched them one by one, I got to two that were identified as potentially dangerous, spyware or malware in the Bleeping Computer site/start up programs

Launcher/launcher.exe
Bluetooth tray icon/BTTray.exe

Winpatrol gives this information for them:

Launcher.exe Startup Location: * Disabled * (HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
%WINDIR%\SMINST\LAUNCHER.EXE
Status: local file not found


Startup Location: * Disabled * Windows Startup Group
Bluetooth Software 6.0.1.3700
Broadcom Corporation.
Copyright 2000-2006, Broadcom Corporation.
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE
Status: Ready

I disabled both of them so they did not start up

I have been researching info about these two, but is getting too confusing, I am afraid that trying to do something I will damage my OS.

I followed instructions on other postings for hijackthis... and here is what I got...

Log created by WinPatrol version 15.9.2008.1:15.9.2008.1
Scan saved at 6:19:06 PM, on 9/28/2008
Platform: Windows Vista SP1 Home Edition Service Pack 1 (Build 6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\sched.exe
C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\avguard.exe
C:\PROGRAM FILES\HP\QUICKPLAY\Kernel\TV\CLCapSvc.exe
C:\PROGRAM FILES\COMODO\Firewall\cmdagent.exe
C:\PROGRAM FILES\Intel\INTEL MATRIX STORAGE MANAGER\IAANTmon.exe
C:\PROGRAM FILES\SITEADVISOR\6261\SASERVICE.EXE
C:\PROGRAM FILES\THREATFIRE\TFSERVICE.EXE
C:\Windows\System32\SEARCHINDEXER.EXE
C:\Windows\System32\drivers\XAudio.exe
C:\PROGRAM FILES\ANONYMIZER\ANONYMIZER SOFTWARE\Common\ANONMGMTSVC.EXE
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\Shared\hpqwmiex.exe
C:\Windows\System32\taskeng.exe
C:\PROGRAM FILES\HP\QUICKPLAY\Kernel\TV\CLSched.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP HEALTH CHECK\HPHC_SERVICE.EXE
C:\Windows\System32\dwm.exe
C:\PROGRAM FILES\BIOSCRYPT\VeriSoft\Bin\asghost.exe
C:\Windows\explorer.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP WIRELESS ASSISTANT\HPWAMain.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP WIRELESS ASSISTANT\WiFiMsg.exe
C:\Windows\System32\ICO.EXE
C:\PROGRAM FILES\SITEADVISOR\6261\SiteAdv.exe
C:\PROGRAM FILES\COMODO\SafeSurf\cssurf.exe
C:\PROGRAM FILES\COMODO\Firewall\cfp.exe
C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\avgnt.exe
C:\PROGRAM FILES\THREATFIRE\TFTray.exe
C:\PROGRAM FILES\WINDOWS SIDEBAR\sidebar.exe
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\Windows\System32\PELMICED.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\Shared\HPQTOASTER.EXE
C:\Windows\System32\conime.exe
C:\PROGRAM FILES\Apoint2K\Apoint.exe
C:\PROGRAM FILES\Intel\INTEL MATRIX STORAGE MANAGER\IAAnotif.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.exe
C:\PROGRAM FILES\Apoint2K\ApMsgFwd.exe
C:\PROGRAM FILES\Apoint2K\ApntEx.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\Windows\ehome\ehtray.exe
C:\PROGRAM FILES\INTERNET EXPLORER\ieuser.exe
C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
C:\PROGRAM FILES\CALLINGID\Toolbar\CALLINGIDGLOBAL.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
C:\Windows\System32\WerFault.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SiteAdv - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -
O2 - BHO: CKeyScramblerBHO Object - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: CallingID BHO - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
O3 - Toolbar: - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -
O4 - HKLM\..\Run: [Windows Defender]%ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler][ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant]%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage]%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS]c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon]ICO.EXE
O4 - HKLM\..\Run: [LXCFCATS]rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
O4 - HKLM\..\Run: [SiteAdvisor]C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
O4 - HKLM\..\Run: [COMODO SafeSurf]C:\Program Files\COMODO\SafeSurf\cssurf.exe -s
O4 - HKLM\..\Run: [COMODO Firewall Pro]C:\Program Files\COMODO\Firewall\cfp.exe -h
O4 - HKLM\..\Run: [avgnt]C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [ThreatFire]C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Sidebar]C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Anonymizer]C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [SUPERAntiSpyware]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ehTray.exe]C:\Windows\ehome\ehtray.exe
O4 - HKCU\..\Run: [ccleaner]C:\PROGRAM FILES\CCleaner\CCleaner.exe /AUTO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_07\bin
O11 - Options group: [] -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O20 - AppInit_DLLs: APSHook.dll,C:\Windows\system32\guard32.dll,C:\Windows\system32\cssdll32.dll
O23 - Service: Anonymizer Management Service - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logon Session Broker - Cognizance Corporation - c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
O23 - Service: Local Communication Channel - Cognizance Corporation - c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll
O23 - Service: CyberLink Background Capture Service (CBCS) - - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) - - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service - - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service - - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iolo FileInfoList Service - - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service - - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service - - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard - - C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe -service
O23 - Service: Programador de LiveUpdate automático - - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Servicio SiteAdvisor - - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - - C:\Program Files\ThreatFire\TFService.exe service
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe
--- Additional WinPatrol Info ---
Browser: Unable to find default browser.
MSIE: Internet Explorer (7.00.6000.16386)
Firefox 3.0.1 installed in C:\Program Files\Mozilla Firefox.
4 IE Cookies in Folder: C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Cookies\
0 Mozilla Cookies in Folder: C:\Users\Gaby\AppData\Roaming\Mozilla\FireFox\Profiles\0b36mg97.default
WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\Users\Gaby\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\index.dat
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\Users\Gaby\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\index.dat
WP02 - HKLM\CCS: Command = C:\Windows\system32\cmd.exe
WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.
WP06 - Delayed Start: [Apoint]C:\PROGRAM FILES\Apoint2K\Apoint.exe
WP06 - Delayed Start: [IAAnotif]C:\PROGRAM FILES\Intel\INTEL MATRIX STORAGE MANAGER\IAAnotif.exe
WP06 - Delayed Start: [QlbCtrl]%PROGRAMFILES%\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE
WP06 - Delayed Start: [Adobe Reader Speed Launcher]C:\PROGRAM FILES\Adobe\Reader 8.0\Reader\READER_SL.EXE
WP06 - Delayed Start: [HotKeysCmds]C:\Windows\System32\hkcmd.exe
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://
WP31 - Scheduled Tasks: [User_Feed_Synchronization-{577C7FD9-6D51-4E19-8490-29DD440F0B72}.job]C:\Windows\System32\msfeedssync.exe 09/28/2008 6:18 PM
WP31 - Scheduled Tasks: [GoogleUpdateTaskUser.job]C:\Users\Rostovich\AppData\Local\Google\Update\GoogleUpdate.exe 09/25/2008 6:40 PM
WP16 - ActiveX: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [Office Genuine Advantage Validation Tool] C:\Windows\System32\OGACHECKCONTROL.DLL
WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\Windows\System32\icardie.dll 7.00.6000.16386
WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\Windows\System32\wmpdxm.dll 11.0.6001.7000
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\System32\mshtml.dll 7.00.6000.16386
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.100.1043.0
WP16 - ActiveX: {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HtmlDlgSafeHelper Class] C:\Windows\System32\mshtmled.dll 7.00.6000.16386
WP16 - ActiveX: {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [Microsoft Office Control] C:\Program Files\Microsoft Office\OFFICE11\AUTHZAX.DLL 11.0.8164
WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\Windows\System32\msxml3.dll 8.100.1043.0
WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\Windows\System32\wmp.dll 11.0.6001.7000
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 7.00.6000.16386
WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\Windows\System32\msxml4.dll 4.20.9849.0
WP16 - ActiveX: {88D969C5-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] C:\Windows\System32\msxml4.dll 4.20.9849.0
WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_07] C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 6.0.70.6
WP16 - ActiveX: {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MID Moniker Class] C:\Windows\System32\wmp.dll 11.0.6001.7000
WP16 - ActiveX: {CD3AFA94-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] C:\Windows\System32\wmp.dll 11.0.6001.7000
WP16 - ActiveX: {CFC399AF-D876-11D0-9C10-00C04FC99C8E} [Msxml] C:\Windows\System32\msxml3.dll 8.100.1043.0
WP16 - ActiveX: {D2517915-48CE-4286-970F-921E881B8C5C} [Windows Live Control de inicio de sesión] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL 4.200.520.1
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\System32\Macromed\Flash\Flash9e.ocx 9,0,115,0
WP16 - ActiveX: {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} [Yahoo! VersionInfo] C:\PROGRAM FILES\Yahoo!\Common\YVerInfo.dll 2, 0, 1, 1
WP16 - ActiveX: {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [MessengerChecker Class] C:\PROGRAM FILES\Yahoo!\MESSENGER\YPAGERCHECKER.DLL 1, 1, 0, 1
WP16 - ActiveX: {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [AgControl Class] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\NPCTRL.1.0.30716.0.DLL 1.0.30716.0
WP16 - ActiveX: {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [msgsc.8.5.1302.1018] C:\Program Files\Windows Live\Messenger\msgsc.8.5.1302.1018.dll 8.5.1302
WP16 - ActiveX: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} [Quantum Streaming IE VersionManager Class] C:\Users\Gaby\AppData\Roaming\MOVE NETWORKS\ie_bin\QSP2IE07076007.DLL 7,7,6,7
WP16 - ActiveX: {e473a65c-8087-49a3-affd-c5bc4a10669b} [Quantum Streaming IE Player Class] C:\Users\Gaby\AppData\Roaming\MOVE NETWORKS\ie_bin\QSP2IE07076007.DLL 7,7,6,7
WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\Windows\System32\msxml3.dll 8.100.1043.0
WP16 - ActiveX: {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [msgsc.8.5.1302.1018] C:\Program Files\Windows Live\Messenger\msgsc.8.5.1302.1018.dll 8.5.1302
WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\Windows\System32\msxml3.dll 8.100.1043.0
WP16 - ActiveX: {F5078F35-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] C:\Windows\System32\msxml3.dll 8.100.1043.0
WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.100.1043.0
WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\Windows\System32\msxml3.dll 8.100.1043.0
WP16 - ActiveX: {DFEAF541-F3E1-4c24-ACAC-99C30715084A} [AgControl Class] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\NPCTRL.1.0.30716.0.DLL 1.0.30716.0
WP16 - ActiveX: DFEAF541-F3E1-4c24-ACAC-99C30715084A [AgControl Class] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\NPCTRL.1.0.30716.0.DLL 1.0.30716.0
WP16 - ActiveX: {00024522-0000-0000-C000-000000000046} [RefEdit.Ctrl] C:\Program Files\Microsoft Office\OFFICE11\REFEDIT.DLL 12.0.6202.3013
WP16 - ActiveX: {0002E541-0000-0000-C000-000000000046} [Microsoft Office Spreadsheet 10.0] C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL 10.0.6829
WP16 - ActiveX: {0002E542-0000-0000-C000-000000000046} [Microsoft Office PivotTable 10.0] C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL 10.0.6829
WP16 - ActiveX: {0002E543-0000-0000-C000-000000000046} [Microsoft Office Data Source Control 10.0] C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL 10.0.6829
WP16 - ActiveX: {0002E546-0000-0000-C000-000000000046} [Microsoft Office Chart 10.0] C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL 10.0.6829
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 11.0.6001.7000
WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 6.0.6000.16386
WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 7.00.6000.16386
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\Windows\System32\FM20.DLL 12.0.6211.1000
WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\Windows\System32\mshtml.dll 7.00.6000.16386
WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
WP16 - ActiveX: {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\Windows\System32\rmoc3260.dll 6.0.9.3084
WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\System32\Macromed\Flash\Flash9e.ocx 9,0,115,0
WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
WP32 - Hidden File: C:\bootmgr
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\Windows\WindowsShell.Manifest
WP32 - Hidden File: C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
WP32 - Hidden File: C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG
WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG1
WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG2
WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG
WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG1
WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG2
WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG
WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG1
WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG2
WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG
WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG1
WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG2
WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG
WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG1
WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG2
WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG
WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG1
WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG2
WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG
WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG1
WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG2
WP32 - Hidden File: C:\Windows\System32\desktop.ini
WP32 - Hidden File: C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7512G5V_E454482-161_4A_I30CD_SWistron_V80.39_F.13_T070810_WV3-0_LC0A_M2038_J160_7Intel_86FD_91.50_#080203_N11AB4353;80864229_(GY762LA#ABM)_XMOBILE_CN10_Z.MRK
WP32 - Hidden File: C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
WP32 - Hidden File: C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
WP33 - File Type .AVI: [Sistema operativo Microsoft® Windows®]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\Windows\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\Windows\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Windows Mail\WinMail.exe /eml:%1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]NOTEPAD.EXE %1
WP33 - File Type .LOG: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\Windows\System32\msiexec.exe /i %1 %*
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [Presentación de RealPlayer]C:\Program Files\Real\RealPlayer\RealPlay.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Sistema operativo Microsoft® Windows®]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]NOTEPAD.EXE %1
WP33 - File Type .VBE: [VBScript Encoded File]NOTEPAD.EXE %1
WP33 - File Type .WSF: [Windows Script File]NOTEPAD.EXE %1
WP33 - File Type .WSH: [Windows Script Host Settings File]NOTEPAD.EXE %1
WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e
Memory currently in use: 55%
Physical Memory Free: 920,580 KB
Paging File Free: 2,853,264 KB
Virtual Memory Free: 1,991,988 KB

--
End of file

Can anybody tell me by reading this if in fact I am infected?

thanks in advance
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top