1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need some help please?

Discussion in 'Virus & Other Malware Removal' started by Hola, Sep 28, 2008.

Thread Status:
Not open for further replies.
  1. Hola

    Hola Thread Starter

    Joined:
    Jun 29, 2008
    Messages:
    13
    Hello, I am not sure if I am infected or not... I recently installed winpatrol and learning how to use it, I was checking the start up programs and, again trying to learn what each one was, I researched them one by one, I got to two that were identified as potentially dangerous, spyware or malware in the Bleeping Computer site/start up programs

    Launcher/launcher.exe
    Bluetooth tray icon/BTTray.exe

    Winpatrol gives this information for them:

    Launcher.exe Startup Location: * Disabled * (HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    %WINDIR%\SMINST\LAUNCHER.EXE
    Status: local file not found


    Startup Location: * Disabled * Windows Startup Group
    Bluetooth Software 6.0.1.3700
    Broadcom Corporation.
    Copyright 2000-2006, Broadcom Corporation.
    C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE
    Status: Ready

    I disabled both of them so they did not start up

    I have been researching info about these two, but is getting too confusing, I am afraid that trying to do something I will damage my OS.

    I followed instructions on other postings for hijackthis... and here is what I got...

    Log created by WinPatrol version 15.9.2008.1:15.9.2008.1
    Scan saved at 6:19:06 PM, on 9/28/2008
    Platform: Windows Vista SP1 Home Edition Service Pack 1 (Build 6001)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal
    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\System32\csrss.exe
    C:\Windows\System32\wininit.exe
    C:\Windows\System32\services.exe
    C:\Windows\System32\lsass.exe
    C:\Windows\System32\lsm.exe
    C:\Windows\System32\winlogon.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\sched.exe
    C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\avguard.exe
    C:\PROGRAM FILES\HP\QUICKPLAY\Kernel\TV\CLCapSvc.exe
    C:\PROGRAM FILES\COMODO\Firewall\cmdagent.exe
    C:\PROGRAM FILES\Intel\INTEL MATRIX STORAGE MANAGER\IAANTmon.exe
    C:\PROGRAM FILES\SITEADVISOR\6261\SASERVICE.EXE
    C:\PROGRAM FILES\THREATFIRE\TFSERVICE.EXE
    C:\Windows\System32\SEARCHINDEXER.EXE
    C:\Windows\System32\drivers\XAudio.exe
    C:\PROGRAM FILES\ANONYMIZER\ANONYMIZER SOFTWARE\Common\ANONMGMTSVC.EXE
    C:\Windows\System32\wbem\WmiPrvSE.exe
    C:\PROGRAM FILES\HEWLETT-PACKARD\Shared\hpqwmiex.exe
    C:\Windows\System32\taskeng.exe
    C:\PROGRAM FILES\HP\QUICKPLAY\Kernel\TV\CLSched.exe
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP HEALTH CHECK\HPHC_SERVICE.EXE
    C:\Windows\System32\dwm.exe
    C:\PROGRAM FILES\BIOSCRYPT\VeriSoft\Bin\asghost.exe
    C:\Windows\explorer.exe
    C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP WIRELESS ASSISTANT\HPWAMain.exe
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP WIRELESS ASSISTANT\WiFiMsg.exe
    C:\Windows\System32\ICO.EXE
    C:\PROGRAM FILES\SITEADVISOR\6261\SiteAdv.exe
    C:\PROGRAM FILES\COMODO\SafeSurf\cssurf.exe
    C:\PROGRAM FILES\COMODO\Firewall\cfp.exe
    C:\PROGRAM FILES\Avira\ANTIVIR PERSONALEDITION CLASSIC\avgnt.exe
    C:\PROGRAM FILES\THREATFIRE\TFTray.exe
    C:\PROGRAM FILES\WINDOWS SIDEBAR\sidebar.exe
    C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
    C:\Windows\System32\PELMICED.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnscfg.exe
    C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmpnetwk.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\PROGRAM FILES\HEWLETT-PACKARD\Shared\HPQTOASTER.EXE
    C:\Windows\System32\conime.exe
    C:\PROGRAM FILES\Apoint2K\Apoint.exe
    C:\PROGRAM FILES\Intel\INTEL MATRIX STORAGE MANAGER\IAAnotif.exe
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.exe
    C:\PROGRAM FILES\Apoint2K\ApMsgFwd.exe
    C:\PROGRAM FILES\Apoint2K\ApntEx.exe
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
    C:\Windows\ehome\ehtray.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\ieuser.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\iexplore.exe
    C:\PROGRAM FILES\CALLINGID\Toolbar\CALLINGIDGLOBAL.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
    C:\Windows\System32\WerFault.exe
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SiteAdv - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -
    O2 - BHO: CKeyScramblerBHO Object - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
    O2 - BHO: CallingID BHO - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: CallingID - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\Toolbar\CallingIDIE.dll
    O3 - Toolbar: - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -
    O4 - HKLM\..\Run: [Windows Defender]%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler][ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant]%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage]%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [CognizanceTS]c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon]ICO.EXE
    O4 - HKLM\..\Run: [LXCFCATS]rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
    O4 - HKLM\..\Run: [SiteAdvisor]C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    O4 - HKLM\..\Run: [COMODO SafeSurf]C:\Program Files\COMODO\SafeSurf\cssurf.exe -s
    O4 - HKLM\..\Run: [COMODO Firewall Pro]C:\Program Files\COMODO\Firewall\cfp.exe -h
    O4 - HKLM\..\Run: [avgnt]C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
    O4 - HKLM\..\Run: [ThreatFire]C:\Program Files\ThreatFire\TFTray.exe
    O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKCU\..\Run: [Sidebar]C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Anonymizer]C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
    O4 - HKCU\..\Run: [SUPERAntiSpyware]C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ehTray.exe]C:\Windows\ehome\ehtray.exe
    O4 - HKCU\..\Run: [ccleaner]C:\PROGRAM FILES\CCleaner\CCleaner.exe /AUTO
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Inbox Search - tbr:iemenu
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_07\bin
    O11 - Options group: [] -
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    O20 - AppInit_DLLs: APSHook.dll,C:\Windows\system32\guard32.dll,C:\Windows\system32\cssdll32.dll
    O23 - Service: Anonymizer Management Service - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Logon Session Broker - Cognizance Corporation - c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
    O23 - Service: Local Communication Channel - Cognizance Corporation - c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll
    O23 - Service: CyberLink Background Capture Service (CBCS) - - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) - - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: COMODO Firewall Pro Helper Service - - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iolo DMV Service - - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
    O23 - Service: iolo FileInfoList Service - - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo Product Update Service - - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service - - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Guard - - C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe -service
    O23 - Service: Programador de LiveUpdate automático - - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Servicio SiteAdvisor - - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: ThreatFire - - C:\Program Files\ThreatFire\TFService.exe service
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe
    --- Additional WinPatrol Info ---
    Browser: Unable to find default browser.
    MSIE: Internet Explorer (7.00.6000.16386)
    Firefox 3.0.1 installed in C:\Program Files\Mozilla Firefox.
    4 IE Cookies in Folder: C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Cookies\
    0 Mozilla Cookies in Folder: C:\Users\Gaby\AppData\Roaming\Mozilla\FireFox\Profiles\0b36mg97.default
    WP00 - HKLM\CS1: BootExecute = autocheck autochk *
    WP00 - HKLM\CCS: BootExecute = autocheck autochk *
    WP00 - HKLM\CS2: BootExecute = autocheck autochk *
    WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\Users\Gaby\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\index.dat
    WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\Users\Gaby\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\index.dat
    WP02 - HKLM\CCS: Command = C:\Windows\system32\cmd.exe
    WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.
    WP06 - Delayed Start: [Apoint]C:\PROGRAM FILES\Apoint2K\Apoint.exe
    WP06 - Delayed Start: [IAAnotif]C:\PROGRAM FILES\Intel\INTEL MATRIX STORAGE MANAGER\IAAnotif.exe
    WP06 - Delayed Start: [QlbCtrl]%PROGRAMFILES%\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE
    WP06 - Delayed Start: [Adobe Reader Speed Launcher]C:\PROGRAM FILES\Adobe\Reader 8.0\Reader\READER_SL.EXE
    WP06 - Delayed Start: [HotKeysCmds]C:\Windows\System32\hkcmd.exe
    WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
    WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://
    WP31 - Scheduled Tasks: [User_Feed_Synchronization-{577C7FD9-6D51-4E19-8490-29DD440F0B72}.job]C:\Windows\System32\msfeedssync.exe 09/28/2008 6:18 PM
    WP31 - Scheduled Tasks: [GoogleUpdateTaskUser.job]C:\Users\Rostovich\AppData\Local\Google\Update\GoogleUpdate.exe 09/25/2008 6:40 PM
    WP16 - ActiveX: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [Office Genuine Advantage Validation Tool] C:\Windows\System32\OGACHECKCONTROL.DLL
    WP16 - ActiveX: {19916E01-B44E-4E31-94A4-4696DF46157B} [InformationCardSigninHelper Class] C:\Windows\System32\icardie.dll 7.00.6000.16386
    WP16 - ActiveX: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Windows Media Player] C:\Windows\System32\wmpdxm.dll 11.0.6001.7000
    WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\System32\mshtml.dll 7.00.6000.16386
    WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.100.1043.0
    WP16 - ActiveX: {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HtmlDlgSafeHelper Class] C:\Windows\System32\mshtmled.dll 7.00.6000.16386
    WP16 - ActiveX: {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [Microsoft Office Control] C:\Program Files\Microsoft Office\OFFICE11\AUTHZAX.DLL 11.0.8164
    WP16 - ActiveX: {48123BC4-99D9-11D1-A6B3-00C04FD91555} [XML Document] C:\Windows\System32\msxml3.dll 8.100.1043.0
    WP16 - ActiveX: {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Windows Media Player] C:\Windows\System32\wmp.dll 11.0.6001.7000
    WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 7.00.6000.16386
    WP16 - ActiveX: {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM Document 4.0] C:\Windows\System32\msxml4.dll 4.20.9849.0
    WP16 - ActiveX: {88D969C5-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] C:\Windows\System32\msxml4.dll 4.20.9849.0
    WP16 - ActiveX: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_07] C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 6.0.70.6
    WP16 - ActiveX: {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MID Moniker Class] C:\Windows\System32\wmp.dll 11.0.6001.7000
    WP16 - ActiveX: {CD3AFA94-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] C:\Windows\System32\wmp.dll 11.0.6001.7000
    WP16 - ActiveX: {CFC399AF-D876-11D0-9C10-00C04FC99C8E} [Msxml] C:\Windows\System32\msxml3.dll 8.100.1043.0
    WP16 - ActiveX: {D2517915-48CE-4286-970F-921E881B8C5C} [Windows Live Control de inicio de sesión] C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL 4.200.520.1
    WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\System32\Macromed\Flash\Flash9e.ocx 9,0,115,0
    WP16 - ActiveX: {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} [Yahoo! VersionInfo] C:\PROGRAM FILES\Yahoo!\Common\YVerInfo.dll 2, 0, 1, 1
    WP16 - ActiveX: {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [MessengerChecker Class] C:\PROGRAM FILES\Yahoo!\MESSENGER\YPAGERCHECKER.DLL 1, 1, 0, 1
    WP16 - ActiveX: {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [AgControl Class] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\NPCTRL.1.0.30716.0.DLL 1.0.30716.0
    WP16 - ActiveX: {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [msgsc.8.5.1302.1018] C:\Program Files\Windows Live\Messenger\msgsc.8.5.1302.1018.dll 8.5.1302
    WP16 - ActiveX: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} [Quantum Streaming IE VersionManager Class] C:\Users\Gaby\AppData\Roaming\MOVE NETWORKS\ie_bin\QSP2IE07076007.DLL 7,7,6,7
    WP16 - ActiveX: {e473a65c-8087-49a3-affd-c5bc4a10669b} [Quantum Streaming IE Player Class] C:\Users\Gaby\AppData\Roaming\MOVE NETWORKS\ie_bin\QSP2IE07076007.DLL 7,7,6,7
    WP16 - ActiveX: {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP Request] C:\Windows\System32\msxml3.dll 8.100.1043.0
    WP16 - ActiveX: {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [msgsc.8.5.1302.1018] C:\Program Files\Windows Live\Messenger\msgsc.8.5.1302.1018.dll 8.5.1302
    WP16 - ActiveX: {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document 3.0] C:\Windows\System32\msxml3.dll 8.100.1043.0
    WP16 - ActiveX: {F5078F35-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] C:\Windows\System32\msxml3.dll 8.100.1043.0
    WP16 - ActiveX: {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.100.1043.0
    WP16 - ActiveX: {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] C:\Windows\System32\msxml3.dll 8.100.1043.0
    WP16 - ActiveX: {DFEAF541-F3E1-4c24-ACAC-99C30715084A} [AgControl Class] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\NPCTRL.1.0.30716.0.DLL 1.0.30716.0
    WP16 - ActiveX: DFEAF541-F3E1-4c24-ACAC-99C30715084A [AgControl Class] C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\NPCTRL.1.0.30716.0.DLL 1.0.30716.0
    WP16 - ActiveX: {00024522-0000-0000-C000-000000000046} [RefEdit.Ctrl] C:\Program Files\Microsoft Office\OFFICE11\REFEDIT.DLL 12.0.6202.3013
    WP16 - ActiveX: {0002E541-0000-0000-C000-000000000046} [Microsoft Office Spreadsheet 10.0] C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL 10.0.6829
    WP16 - ActiveX: {0002E542-0000-0000-C000-000000000046} [Microsoft Office PivotTable 10.0] C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL 10.0.6829
    WP16 - ActiveX: {0002E543-0000-0000-C000-000000000046} [Microsoft Office Data Source Control 10.0] C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL 10.0.6829
    WP16 - ActiveX: {0002E546-0000-0000-C000-000000000046} [Microsoft Office Chart 10.0] C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL 10.0.6829
    WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 11.0.6001.7000
    WP16 - ActiveX: {0713E8A2-850A-101B-AFC0-4210102A8DA7} [Microsoft TreeView Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {0713E8D2-850A-101B-AFC0-4210102A8DA7} [Microsoft ProgressBar Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
    WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 6.0.6000.16386
    WP16 - ActiveX: {58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ListView Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} [Microsoft ImageList Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {550C8FFB-4DC0-4756-828C-862E6D0AE74F} [Chain Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
    WP16 - ActiveX: {6B7E638F-850A-101B-AFC0-4210102A8DA7} [Microsoft StatusBar Control, version 5.0 (SP2)] C:\Windows\System32\comctl32.ocx 6.00.8105
    WP16 - ActiveX: {91D221C4-0CD4-461C-A728-01D509321556} [Store Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
    WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 7.00.6000.16386
    WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\Windows\System32\FM20.DLL 12.0.6211.1000
    WP16 - ActiveX: {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Microsoft Scriptlet Component] C:\Windows\System32\mshtml.dll 7.00.6000.16386
    WP16 - ActiveX: {CA8A9780-280D-11CF-A24D-444553540000} [Adobe PDF Reader] C:\PROGRAM FILES\COMMON FILES\Adobe\Acrobat\ActiveX\AcroPDF.dll
    WP16 - ActiveX: {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [RealPlayer G2 Control] C:\Windows\System32\rmoc3260.dll 6.0.9.3084
    WP16 - ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\Windows\System32\Macromed\Flash\Flash9e.ocx 9,0,115,0
    WP16 - ActiveX: {9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8} [Certificate Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
    WP16 - ActiveX: {3605B612-C3CF-4ab4-A426-2D853391DB2E} [Certificates Class] C:\Windows\System32\capicom.dll 2, 1, 0, 2
    WP32 - Hidden File: C:\bootmgr
    WP32 - Hidden File: C:\hiberfil.sys
    WP32 - Hidden File: C:\pagefile.sys
    WP32 - Hidden File: C:\Windows\WindowsShell.Manifest
    WP32 - Hidden File: C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    WP32 - Hidden File: C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG
    WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG1
    WP32 - Hidden File: C:\Windows\System32\config\BCD-Template.LOG2
    WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG
    WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG1
    WP32 - Hidden File: C:\Windows\System32\config\COMPONENTS.LOG2
    WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG
    WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG1
    WP32 - Hidden File: C:\Windows\System32\config\DEFAULT.LOG2
    WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG
    WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG1
    WP32 - Hidden File: C:\Windows\System32\config\SAM.LOG2
    WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG
    WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG1
    WP32 - Hidden File: C:\Windows\System32\config\SECURITY.LOG2
    WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG
    WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG1
    WP32 - Hidden File: C:\Windows\System32\config\SOFTWARE.LOG2
    WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG
    WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG1
    WP32 - Hidden File: C:\Windows\System32\config\SYSTEM.LOG2
    WP32 - Hidden File: C:\Windows\System32\desktop.ini
    WP32 - Hidden File: C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7512G5V_E454482-161_4A_I30CD_SWistron_V80.39_F.13_T070810_WV3-0_LC0A_M2038_J160_7Intel_86FD_91.50_#080203_N11AB4353;80864229_(GY762LA#ABM)_XMOBILE_CN10_Z.MRK
    WP32 - Hidden File: C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
    WP32 - Hidden File: C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    WP33 - File Type .AVI: [Sistema operativo Microsoft® Windows®]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
    WP33 - File Type .BAT: [Windows Batch File]%1 %*
    WP33 - File Type .CAB: [Cabinet File]C:\Windows\Explorer.exe /idlist,%I,%L
    WP33 - File Type .CAT: [Security Catalog]C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
    WP33 - File Type .CHM: [Compiled HTML Help file]C:\Windows\hh.exe %1
    WP33 - File Type .COM: [MS-DOS Application]%1 %*
    WP33 - File Type .CMD: [Windows Command Script]%1 %*
    WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
    WP33 - File Type .EML: [Internet E-Mail Message]C:\Program Files\Windows Mail\WinMail.exe /eml:%1
    WP33 - File Type .EXE: [Application]%1 %*
    WP33 - File Type .INF: [Setup Information]C:\Windows\system32\NOTEPAD.EXE %1
    WP33 - File Type .JS: [JScript Script File]NOTEPAD.EXE %1
    WP33 - File Type .LOG: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
    WP33 - File Type .MSI: [Windows Installer Package]C:\Windows\System32\msiexec.exe /i %1 %*
    WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
    WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
    WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
    WP33 - File Type .RAM: [Presentación de RealPlayer]C:\Program Files\Real\RealPlayer\RealPlay.exe %1
    WP33 - File Type .REG: [Registration Entries]regedit.exe %1
    WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
    WP33 - File Type .SCR: [Screen Saver]%1 /S
    WP33 - File Type .TXT: [Text Document]C:\Windows\system32\NOTEPAD.EXE %1
    WP33 - File Type .URL: [Sistema operativo Microsoft® Windows®]rundll32.exe ieframe.dll,OpenURL %l
    WP33 - File Type .VBS: [VBScript Script File]NOTEPAD.EXE %1
    WP33 - File Type .VBE: [VBScript Encoded File]NOTEPAD.EXE %1
    WP33 - File Type .WSF: [Windows Script File]NOTEPAD.EXE %1
    WP33 - File Type .WSH: [Windows Script Host Settings File]NOTEPAD.EXE %1
    WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e
    Memory currently in use: 55%
    Physical Memory Free: 920,580 KB
    Paging File Free: 2,853,264 KB
    Virtual Memory Free: 1,991,988 KB

    --
    End of file

    Can anybody tell me by reading this if in fact I am infected?

    thanks in advance
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/754253

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice