GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

HiJackthis Post -"Antivirus Suite"

View previous topic View next topic Go down

HiJackthis Post -"Antivirus Suite"

Post by chat9998 on Tue Jun 08, 2010 11:56 pm

This is my log from HijackThis... but I ran it in Safe Mode... is that alright?

I got the "Antivirus Suite" malware, and I have run Malwarebytes 2 times now, and it finds it, but it is still there when I restart. The first time, it found 4 registry keys. It said it quarantined and deleted them. The second time, it found 4 keys and 2 files, and said again that it deleted them, but when I went back into regular mode, it was still there.

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:31 PM, on 6/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:Program FilesMalwarebytes' Anti-Malwarembam.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSexplorer.exe
C:WINDOWSregedit.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [You must be registered and logged in to see this link.]
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:1029
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0AcrobatActiveXAcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [OneTouch Monitor] C:Program FilesVisioneer OneTouchOneTouchMon.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [S3Trayp] S3trayp.exe
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe
O4 - HKLM..Run: [BrStsWnd] C:Program FilesBrownieBrstsWnd.exe Autorun
O4 - HKLM..Run: [xbubwplvmucqf] c:documents and settingsjefflocal settingsapplication datawctdtevjwwfcrlo.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [xbubwplvmucqf] c:documents and settingsjefflocal settingsapplication datawctdtevjwwfcrlo.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:Program Filesaimaim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:WINDOWSSYSTEM32crypserv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:Program FilesCisco SystemsSSL VPN Clientagent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

--
End of file - 7775 bytes

chat9998
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2010-06-08
OS : Windows XP Professional
Points : 23738
# Likes : 0

View user profile

Back to top Go down

Re: HiJackthis Post -"Antivirus Suite"

Post by Belahzur on Wed Jun 09, 2010 12:06 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:1029
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM..Run: [xbubwplvmucqf] c:documents and settingsjefflocal settingsapplication datawctdtevjwwfcrlo.exe
    O4 - HKCU..Run: [xbubwplvmucqf] c:documents and settingsjefflocal settingsapplication datawctdtevjwwfcrlo.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)



  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: HiJackthis Post -"Antivirus Suite"

Post by chat9998 on Wed Jun 09, 2010 12:49 am

Thanks... here is what the log said (it did not find any files this time, as it did the 2nd time it ran.. perhaps HiJackThis fix those?)

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4182

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

6/8/2010 8:47:56 PM
mbam-log-2010-06-08 (20-47-56).txt

Scan type: Quick scan
Objects scanned: 130424
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USERSoftwareavsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USERSoftwareavsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREavsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREavsuite (Rogue.AntivirusSuite) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

chat9998
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2010-06-08
OS : Windows XP Professional
Points : 23738
# Likes : 0

View user profile

Back to top Go down

Re: HiJackthis Post -"Antivirus Suite"

Post by Belahzur on Thu Jun 10, 2010 12:12 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: HiJackthis Post -"Antivirus Suite"

Post by chat9998 on Thu Jun 10, 2010 2:29 am

Log 1 "OTL":

OTL logfile created on: 6/9/2010 10:19:37 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\jeff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 65.81 Gb Free Space | 51.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.27 Gb Total Space | 4.44 Gb Free Space | 11.91% Space Free | Partition Type: NTFS
Drive F: | 104.89 Gb Total Space | 90.98 Gb Free Space | 86.74% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFS-COMPUTER
Current User Name: jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/09 22:19:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jeff\Desktop\OTL.exe
PRC - [2010/04/03 13:19:38 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/02 00:27:16 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/02 00:27:16 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/07 12:26:30 | 000,205,800 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/18 09:14:10 | 000,880,640 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/01/11 12:54:44 | 000,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2007/08/27 17:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/07/12 04:00:36 | 000,325,008 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
PRC - [2007/07/12 04:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 11:15:40 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\S3Trayp.exe
PRC - [2007/05/23 12:13:40 | 000,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
PRC - [2007/05/23 12:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2007/04/24 21:00:56 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2007/01/22 22:19:26 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2006/09/21 16:36:18 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/05/11 15:50:18 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/10/03 16:50:20 | 000,095,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2005/10/03 16:20:14 | 000,176,193 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2002/05/28 08:16:36 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
PRC - [2001/03/15 06:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/06/09 22:19:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jeff\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010/03/02 00:27:16 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/25 11:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/07 12:26:30 | 000,205,800 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe -- (STCAgent)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/08/27 17:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/05/23 12:13:40 | 000,046,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2007/05/23 12:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2007/04/24 21:00:56 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/05/11 15:50:18 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/10/03 16:50:20 | 000,095,832 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2005/10/03 16:20:14 | 000,176,193 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2005/08/26 17:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe -- (SAVScan)


========== Driver Services (SafeList) ==========

DRV - [2009/11/19 23:02:58 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20100604.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/09/07 12:26:30 | 000,021,240 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CSVirtA.sys -- (CSVirtA)
DRV - [2009/05/11 23:27:28 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/06/18 04:00:00 | 000,856,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/06/18 04:00:00 | 000,089,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080809.002\NAVENG.SYS -- (NAVENG)
DRV - [2008/05/15 04:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/01/18 05:00:00 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/11/26 15:34:45 | 000,018,432 | ---- | M] (Igor Nys) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prcmondrv1041.sys -- (prcmondrv)
DRV - [2007/11/20 17:56:54 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/11/20 17:56:28 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2007/10/16 18:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/22 12:09:12 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/27 17:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 17:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/08/27 17:13:28 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/08/27 17:13:24 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/08/27 17:13:20 | 000,097,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/08/27 17:13:16 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/07/11 13:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2007/06/01 01:13:20 | 000,238,848 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2007/04/24 18:17:30 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/12/27 10:47:30 | 000,009,006 | ---- | M] (ZD Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scrcap.sys -- (scrcap)
DRV - [2006/05/11 15:50:18 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/05/10 03:44:08 | 003,964,736 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/10/03 16:35:04 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2005/10/03 16:19:00 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2005/08/26 17:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 17:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2002/10/09 06:52:00 | 000,210,792 | R--- | M] (Divio Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcam800.sys -- (DCamUSBNW800)
DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 09:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 09:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 09:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 09:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 09:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 09:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 09:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 09:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 09:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hotmail.com"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1029

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/08/03 01:49:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 14:51:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 13:19:53 | 000,000,000 | ---D | M]

[2009/02/19 12:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeff\Application Data\Mozilla\Extensions
[2010/06/09 20:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeff\Application Data\Mozilla\Firefox\Profiles\qace2n3u.default\extensions
[2010/02/02 23:44:15 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\jeff\Application Data\Mozilla\Firefox\Profiles\qace2n3u.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/26 00:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jeff\Application Data\Mozilla\Firefox\Profiles\qace2n3u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/02/02 22:26:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\jeff\Application Data\Mozilla\Firefox\Profiles\qace2n3u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/07/16 12:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeff\Application Data\Mozilla\Firefox\Profiles\qace2n3u.default\extensions\moveplayer@movenetworks.com
[2009/02/19 12:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/05/12 22:22:13 | 000,305,286 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 10537 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [S3Trayp] C:\WINDOWS\System32\S3Trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\aim\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} [You must be registered and logged in to see this link.] (CSEQueryObject Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 24.247.24.53 68.115.71.53
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/23 23:44:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/07/29 13:59:08 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/09 22:19:24 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jeff\Desktop\OTL.exe
[2010/06/08 18:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeff\Local Settings\Application Data\wctdtevj
[2010/05/26 00:32:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/26 00:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeff\Application Data\QuickScan
[2010/05/25 21:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeff\Local Settings\Application Data\xmvufgtnc
[2010/05/20 00:09:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jeff\Recent
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/09 22:23:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/06/09 22:19:31 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\jeff\NTUSER.DAT
[2010/06/09 22:19:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jeff\Desktop\OTL.exe
[2010/06/09 20:54:13 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jeff\Desktop\SeedsCollected2010.xls
[2010/06/09 18:57:53 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\jeff\Desktop\Poston_2.doc
[2010/06/09 17:57:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/09 17:57:43 | 000,000,315 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/06/09 17:57:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/09 17:56:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/09 08:47:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jeff\ntuser.ini
[2010/06/09 00:00:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
[2010/06/08 20:21:24 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/08 18:42:22 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\jeff\Desktop\Gen-Contacted.xls
[2010/06/08 00:06:00 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\jeff\Desktop\Family Addresses.xls
[2010/06/07 23:27:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/05 12:56:38 | 000,000,691 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010/06/04 20:00:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - jeff.job
[2010/06/02 22:13:11 | 000,093,184 | ---- | M] () -- C:\Documents and Settings\jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/31 12:00:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010/05/27 21:00:37 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\jeff\Desktop\Plants.doc
[2010/05/20 23:01:38 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/09 18:57:53 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\jeff\Desktop\Poston_2.doc
[2010/06/08 18:40:45 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\jeff\Desktop\Gen-Contacted.xls
[2010/06/08 00:48:34 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\jeff\Desktop\SeedsCollected2010.xls
[2009/12/10 20:22:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\RECMGRUN.INI
[2009/12/10 20:22:23 | 000,003,455 | ---- | C] () -- C:\WINDOWS\RECVCALL.INI
[2009/12/10 20:07:37 | 000,000,046 | ---- | C] () -- C:\WINDOWS\spf.INI
[2009/12/10 20:06:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/12/10 20:06:56 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/12/10 20:06:56 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/12/03 22:29:27 | 000,000,020 | ---- | C] () -- C:\WINDOWS\MRMORE.INI
[2009/08/11 23:26:58 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/08/11 23:26:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/08/11 23:26:23 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2009/08/11 23:26:22 | 000,009,853 | ---- | C] () -- C:\WINDOWS\HL-2140.INI
[2009/08/11 23:26:17 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/11 23:24:54 | 000,000,315 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/05/11 23:43:44 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/06 23:44:55 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2008/12/21 15:40:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2008/11/28 05:15:27 | 000,001,775 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/11/28 05:14:19 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/09/27 15:35:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/08/06 20:55:34 | 000,000,240 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/19 04:02:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/07/13 21:57:27 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/13 21:57:22 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/13 21:57:21 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/13 21:57:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/13 21:57:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/10 20:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 20:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 20:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/05 21:48:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/09/08 01:41:57 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/08/01 21:59:36 | 000,000,030 | ---- | C] () -- C:\WINDOWS\BP.INI
[2007/08/01 20:58:36 | 000,000,380 | ---- | C] () -- C:\WINDOWS\emsoft.ini
[2007/08/01 15:55:12 | 000,000,226 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2007/07/02 21:22:12 | 000,002,260 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/06/20 17:58:06 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ULVIO40.INI
[2007/05/29 16:39:38 | 000,032,768 | R--- | C] () -- C:\WINDOWS\div_iyuv.dll
[2007/05/29 16:39:37 | 000,036,864 | R--- | C] () -- C:\WINDOWS\jpgl.dll
[2007/05/22 23:37:42 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/22 23:37:40 | 000,845,312 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/04/27 03:41:34 | 000,000,189 | ---- | C] () -- C:\WINDOWS\sc.INI
[2007/04/26 18:29:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/04/26 18:22:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/25 01:18:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007/04/25 01:07:13 | 000,000,691 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2007/04/24 23:36:03 | 000,000,321 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/04/24 23:35:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2007/04/24 23:35:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2007/04/24 23:21:06 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/04/24 23:21:06 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2007/04/24 23:21:00 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2007/04/24 23:21:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2007/04/24 23:21:00 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2007/04/24 23:20:48 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2005/10/09 22:33:54 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\secdel.dll
[2002/10/06 12:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 17:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 17:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 17:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 20:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 10:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 112 bytes -> C:\WINDOWS\win.ini:frp34d
< End of report >

chat9998
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2010-06-08
OS : Windows XP Professional
Points : 23738
# Likes : 0

View user profile

Back to top Go down

Re: HiJackthis Post -"Antivirus Suite"

Post by chat9998 on Thu Jun 10, 2010 2:29 am

Log 2 "Extras":

OTL Extras logfile created on: 6/9/2010 10:19:37 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\jeff\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 65.81 Gb Free Space | 51.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.27 Gb Total Space | 4.44 Gb Free Space | 11.91% Space Free | Partition Type: NTFS
Drive F: | 104.89 Gb Total Space | 90.98 Gb Free Space | 86.74% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFS-COMPUTER
Current User Name: jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ScanSoft\PaperPort\NAVBrowser.exe" = C:\Program Files\ScanSoft\PaperPort\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
"E:\Program Files\aim\aim.exe" = E:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"E:\Program Files\MSN Messenger\msnmsgr.exe" = E:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger -- (Microsoft Corporation)
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe" = C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Disabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Documents and Settings\jeff\My Documents\NES\Nestcl95.exe" = C:\Documents and Settings\jeff\My Documents\NES\Nestcl95.exe:*:Enabled:Nestcl95 -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\SSI\Warlords Battlecry\Battlecry.exe" = C:\Program Files\SSI\Warlords Battlecry\Battlecry.exe:*:Enabled:Warlords Battlecry -- (Strategic Studies Group)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{14FB1C47-B0F2-4DB6-B9C0-1A817862F9A3}" = ArcSoft Camera Suite 2.1
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{604208F1-7125-44D6-ACDA-DEF3C9831401}" = Brother HL-2140
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2006
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8087CCE-B735-4485-BA45-08929FCCB101}" = Blue Iris
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E8626A59-FD0E-449C-A23A-C52FC0733629}" = Tseries BIOS Update
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F325CF11-27CE-4872-8022-6E9EB27DF24F}" = NAVShortcut
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5F56D88-56A2-4157-BED4-D650634974E3}" = honestech Video Editor
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AhaView" = AhaView
"Ahnengalerie" = Ahnengalerie
"AIM_6.0" = AIM 6.0
"Audacity_is1" = Audacity 1.2.6
"Battle.net" = Battle.net
"CaptureWiz" = CaptureWizPro 3.A0
"Cisco Systems SSL VPN Client" = Cisco SSL VPN Client
"Diablo" = Diablo
"D-Link CIF Webcam" = D-Link CIF Webcam
"Dorgem_is1" = Dorgem 2.1.0
"Earthworm Jim" = Earthworm Jim (Remove only, requires CD)
"Family Tree Builder" = MyHeritage Family Tree Builder
"Flash Movie Extract Pilot (freeware)_is1" = Flash Movie Extract Pilot
"Freez Screen Video Capture v1.2_is1" = Freez Screen Video Capture v1.2
"GMailFS" = GMail Drive Shell Extension
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"InstallShield_{B8087CCE-B735-4485-BA45-08929FCCB101}" = Blue Iris
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.0.0
"Legacy 7.0" = Legacy 7.0
"LegacyChart7_is1" = Legacy Charting 7.0
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"LimeWire" = LimeWire 4.18.3
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MS-MPEG4" = Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OneTouch Version 3.0" = OneTouch Version 3.0
"PaperPort 7.02" = PaperPort 7.02
"Product_Name" = Midi Maker
"RealAudio Player 4.0" = RealPlayer 4.0
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"Simple File Shredder" = Simple File Shredder 3.2
"SoundCapture" = SoundCapture
"ST6UNST #1" = Karen's Directory Printer
"SUPER ©" = SUPER © Version 2007.bld.21 (Jan 4, 2007)
"SymSetup.{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2006 (Symantec Corporation)
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0099
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0297
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Warlords Battlecry" = Warlords Battlecry
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wisdom-soft AutoScreenRecorder 3.0 Free" = Wisdom-soft AutoScreenRecorder 3.0 Free
"Yahoo! Messenger" = Yahoo! Messenger
"ZD Soft Screen Recorder" = ZD Soft Screen Recorder
"ZDSV" = ZD Soft Screen Video Decoder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/6/2010 8:29:51 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 6/7/2010 6:15:50 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 6/8/2010 6:07:00 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 6/8/2010 6:29:13 PM | Computer Name = JEFFS-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2010 6:47:27 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 6/8/2010 7:19:38 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 6/8/2010 8:13:39 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 6/8/2010 8:50:15 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 6/8/2010 8:56:03 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 6/9/2010 5:56:59 PM | Computer Name = JEFFS-COMPUTER | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

[ System Events ]
Error - 6/9/2010 7:57:54 AM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 6/9/2010 8:47:05 AM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10010
Description = The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register
with DCOM within the required timeout.

Error - 6/9/2010 6:58:12 PM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 6/9/2010 6:58:43 PM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 6/9/2010 7:58:12 PM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 6/9/2010 7:58:44 PM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 6/9/2010 8:58:13 PM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 6/9/2010 8:58:45 PM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 6/9/2010 9:58:13 PM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 6/9/2010 9:58:46 PM | Computer Name = JEFFS-COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}


< End of report >

chat9998
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2010-06-08
OS : Windows XP Professional
Points : 23738
# Likes : 0

View user profile

Back to top Go down

Re: HiJackthis Post -"Antivirus Suite"

Post by Belahzur on Thu Jun 10, 2010 9:01 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [2010/06/08 18:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeff\Local Settings\Application Data\wctdtevj
    [2010/05/25 21:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jeff\Local Settings\Application Data\xmvufgtnc
    @Alternate Data Stream - 112 bytes -> C:\WINDOWS\win.ini:frp34d



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum