Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91639 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] System slow to very very slow


  • This topic is locked This topic is locked
8 replies to this topic

#1 M42

M42

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 12 April 2008 - 08:26 AM

Hello!
Thank you very much for any help you can offer me.
I got hit by a drive-by download recently. I removed some (maybe all) of what was installed. However my system is still showing signs such as sluggish listing contents of folder/drive during File/Open commmand in some applications, and very slow during Comodo AV system scan, (9 hours+ just on C:). No idea if this is related to the drive-by. Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:10:20 AM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.popurls.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A775DBB-6BEE-4B19-95F5-4EE3CE4C8610} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: 0 - {8552299D-6047-4A98-8E9E-AED0A9E007FA} - (no file)
O2 - BHO: (no name) - {8D4F9B64-2301-420A-8689-EF9C934B5889} - (no file)
O2 - BHO: {0253ad55-5076-f8ab-bbc4-ee0c46ba6b7d} - {d7b6ab64-c0ee-4cbb-ba8f-670555da3520} - (no file)
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OptiCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\OptiCAL\OptiCAL.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191697986149
O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: gebcdbc - gebcdbc.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

Many thanks!

Edited by M42, 12 April 2008 - 08:29 AM.

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 19 April 2008 - 07:10 AM

Hi M42,

Please open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {2A775DBB-6BEE-4B19-95F5-4EE3CE4C8610} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: 0 - {8552299D-6047-4A98-8E9E-AED0A9E007FA} - (no file)
O2 - BHO: (no name) - {8D4F9B64-2301-420A-8689-EF9C934B5889} - (no file)
O2 - BHO: {0253ad55-5076-f8ab-bbc4-ee0c46ba6b7d} - {d7b6ab64-c0ee-4cbb-ba8f-670555da3520} - (no file)
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O20 - Winlogon Notify: gebcdbc - gebcdbc.dll (file missing)

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.


Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
ASAP & UNITE Member

#3 M42

M42

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 19 April 2008 - 01:11 PM

Deckard's System Scanner v20071014.68
Run by cypressotter on 2008-04-19 11:59:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-04-19 18:59:52 UTC - RP166 - Deckard's System Scanner Restore Point
5: 2008-04-18 22:58:46 UTC - RP165 - System Checkpoint
4: 2008-04-17 19:44:37 UTC - RP164 - System Checkpoint
3: 2008-04-15 22:37:59 UTC - RP163 - System Checkpoint
2: 2008-04-12 15:22:59 UTC - RP162 - System Checkpoint


-- First Restore Point --
1: 2008-04-10 04:59:14 UTC - RP161 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as cypressotter.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-19 12:01:29
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\BRSVC01A.EXE
C:\WINDOWS\system32\BRSS01A.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\WINDOWS\explorer.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Comodo\Memory Firewall\cmf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Comodo AntiVirus\CavAUD.exe
C:\Program Files\Comodo\Comodo AntiVirus\CavEmSrv.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\cypressotter\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthpigments.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: OptiCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\OptiCAL\OptiCAL.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191697986149
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: gebcdbc - C:\WINDOWS\system32\gebcdbc.dll (file missing)
O20 - Winlogon Notify: monln - C:\WINDOWS\system32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe


--
End of file - 10842 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080419-115731-121 O2 - BHO: (no name) - {2A775DBB-6BEE-4B19-95F5-4EE3CE4C8610} - (no file)
backup-20080419-115731-163 O15 - Trusted Zone: *.avsystemcare.com
backup-20080419-115731-206 O2 - BHO: 0 - {8552299D-6047-4A98-8E9E-AED0A9E007FA} - (no file)
backup-20080419-115731-212 O15 - Trusted Zone: *.gomyhit.com
backup-20080419-115731-263 O15 - Trusted Zone: *.safetydownload.com
backup-20080419-115731-282 O15 - Trusted Zone: *.imagesrvr.com
backup-20080419-115731-330 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20080419-115731-342 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080419-115731-343 O2 - BHO: (no name) - {8D4F9B64-2301-420A-8689-EF9C934B5889} - (no file)
backup-20080419-115731-353 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20080419-115731-362 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080419-115731-409 O15 - Trusted Zone: *.amaena.com
backup-20080419-115731-557 O15 - Trusted Zone: *.onerateld.com
backup-20080419-115731-610 O2 - BHO: {0253ad55-5076-f8ab-bbc4-ee0c46ba6b7d} - {d7b6ab64-c0ee-4cbb-ba8f-670555da3520} - (no file)
backup-20080419-115731-798 O15 - Trusted Zone: *.imageservr.com
backup-20080419-115731-872 O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
backup-20080419-115732-112 O15 - Trusted Zone: *.amaena.com (HKLM)
backup-20080419-115732-119 O15 - Trusted Zone: *.safetydownload.com (HKLM)
backup-20080419-115732-232 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20080419-115732-293 O15 - Trusted Zone: *.virusschlacht.com (HKLM)
backup-20080419-115732-443 O15 - Trusted Zone: *.imageservr.com (HKLM)
backup-20080419-115732-448 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20080419-115732-654 O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
backup-20080419-115732-659 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080419-115732-801 O15 - Trusted Zone: *.virusschlacht.com
backup-20080419-115732-886 O15 - Trusted Zone: *.onerateld.com (HKLM)
backup-20080419-115732-896 O15 - Trusted Zone: *.gomyhit.com (HKLM)
backup-20080419-115732-930 O15 - Trusted Zone: *.storageguardsoft.com
backup-20080419-115732-946 O15 - Trusted Zone: *.avsystemcare.com (HKLM)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Cavasm - c:\windows\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R3 Eplpdx02 - c:\windows\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ColdFusion MX 7 Application Server - "c:\cfusionmx7\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
R2 ColdFusion MX 7 ODBC Agent - c:\cfusionmx7\db\slserver54\bin\swagent.exe "coldfusion mx 7 odbc agent"
R2 ColdFusion MX 7 ODBC Server - c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "coldfusion mx 7 odbc server"
R2 ColdFusion MX 7 Search Server - "c:\cfusionmx7\verity\k2\_nti40\bin\k2admin.exe" -cfg "c:\cfusionmx7\verity\k2\common\verity.cfg" -ntstart 1 <Not Verified; Verity, Inc.; Verity K2 Toolkit>
R2 Comodo Anti-Virus and Anti-Spyware Service - "c:\program files\comodo\common\cavaspy\cavasm.exe" <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
R2 DLPWD (Dell Printer Status Watcher) - c:\program files\dell printers\additional color laser software\status monitor\dlpwdnt.exe <Not Verified; Dell Inc.; Dell Status Monitor Service>
R2 DLSDB (Dell Printer Status Database) - c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe <Not Verified; Dell Inc.; Dell Status Monitor Service>
R2 EpsonBidirectionalService - c:\program files\common files\epson\ebapi\eebsvc.exe
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-18 21:47:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-18 21:47:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 07:44:36 0 d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-04-12 07:44:05 0 d-------- C:\Program Files\PCPitstop
2008-03-29 14:47:38 0 d-------- C:\Documents and Settings\cypressotter\Application Data\Sonic
2008-03-29 14:47:07 0 d-------- C:\Documents and Settings\cypressotter\Application Data\Leadertech
2008-03-25 15:11:52 0 d-------- C:\WINDOWS\BDOSCAN8
2008-03-25 14:52:23 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-03-20 13:23:31 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-03-20 13:23:26 0 d-------- C:\Program Files\Belarc
2008-03-20 12:59:56 2560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys


-- Find3M Report ---------------------------------------------------------------

2008-04-17 23:00:46 0 d-------- C:\Documents and Settings\cypressotter\Application Data\Adobe
2008-04-07 06:29:04 0 d-------- C:\Documents and Settings\cypressotter\Application Data\Real
2008-04-01 21:26:09 2589 --a------ C:\WINDOWS\mozver.dat
2008-03-27 06:28:34 0 d-------- C:\Documents and Settings\cypressotter\Application Data\AdobeUM
2008-03-20 13:07:07 0 d-------- C:\Documents and Settings\cypressotter\Application Data\Comodo
2008-03-20 13:07:05 0 d-------- C:\Program Files\Comodo
2008-03-18 16:56:38 34 --a------ C:\WINDOWS\system32\bd4040cn.dat
2008-03-18 16:47:18 0 d-------- C:\Program Files\Brother
2008-03-18 16:47:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-18 16:47:04 0 d-------- C:\Documents and Settings\cypressotter\Application Data\InstallShield
2008-03-18 16:39:50 0 d-------- C:\Program Files\Brownie
2008-03-18 14:54:07 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-03-18 14:54:05 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll <Not Verified; COMODO; Comodo AntiVirus.>
2008-03-16 01:02:51 270037 --ahs---- C:\WINDOWS\system32\ijkkj.ini2
2008-03-15 23:29:12 0 d-------- C:\Program Files\ThreatFire
2008-03-15 22:03:03 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-15 21:37:16 0 d-------- C:\Program Files\Lavasoft
2008-03-15 21:36:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 21:34:51 0 d-------- C:\Documents and Settings\cypressotter\Application Data\Lavasoft
2008-03-15 21:09:45 0 d-------- C:\Program Files\Common Files
2008-03-15 20:36:15 63 --a------ C:\WINDOWS\system32\ac25d99d
2008-03-02 15:16:53 0 d-------- C:\Program Files\PHP
2008-03-02 14:26:37 0 d-------- C:\Program Files\MySQL
2008-02-05 17:23:41 13911 --a------ C:\WINDOWS\system32\EPPICResdb0000
2008-02-05 17:23:41 114 --a------ C:\WINDOWS\system32\EPPICResdb


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [05/13/2004 06:15 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 04:04 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 07:02 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 01:43 PM]
"VTTimer"="VTTimer.exe" []
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 10:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [02/28/2004 01:07 AM C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [09/12/2003 07:13 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/21/2004 09:00 PM]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [01/13/2005 12:00 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [08/30/2007 06:32 AM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/07/2007 09:04 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/07/2007 09:00 PM]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [02/15/2008 10:20 AM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [04/18/2008 03:28 PM]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [03/18/2008 02:54 PM]
"COMODO Memory Firewall"="C:\Program Files\COMODO\Memory Firewall\cmf.exe" [03/20/2008 01:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [10/23/2003 9:37:56 PM]
OptiCAL Startup.lnk - C:\Program Files\PANTONE COLORVISION\OptiCAL\OptiCAL.exe [4/13/2004 10:39:07 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcdbc]
gebcdbc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 03/18/2008 02:54 PM 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 03/13/2007 09:57 AM 221184 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap C:\WINDOWS\system32\jkkji.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^IMStart.lnk]
backup=C:\WINDOWS\pss\IMStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AcrSch2Svc"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-04-19 12:02:54 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 3071.29 MiB / 2333.91 MiB
Pagefile Memory (total/avail): 4960.35 MiB / 4254.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.59 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 144.95 GiB total, 123.64 GiB free.
D: is Fixed (FAT32) - 4.09 GiB total, 0.96 GiB free.
E: is Fixed (NTFS) - 58.59 GiB total, 28.21 GiB free.
F: is Fixed (NTFS) - 58.59 GiB total, 34.01 GiB free.
G: is Fixed (NTFS) - 58.59 GiB total, 14.41 GiB free.
H: is Fixed (NTFS) - 57.1 GiB total, 37.11 GiB free.
J: is CDROM (No Media)
K: is Removable (FAT)
L: is Removable (No Media)
M: is Removable (No Media)
N: is Removable (No Media)
O: is Removable (No Media)
P: is Fixed (NTFS) - 117.19 GiB total, 27.31 GiB free.
Q: is Fixed (NTFS) - 115.69 GiB total, 53.05 GiB free.
R: is Fixed (NTFS) - 58.59 GiB total, 22.6 GiB free.
S: is Fixed (NTFS) - 58.59 GiB total, 31.11 GiB free.
T: is Fixed (NTFS) - 87.89 GiB total, 82.74 GiB free.
U: is Fixed (NTFS) - 93.01 GiB total, 7.3 GiB free.

\\.\PHYSICALDRIVE0 - ST3160815AS - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.1 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.95 GiB - C:

\\.\PHYSICALDRIVE2 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 298.09 GiB - R: - S: - T: - U:

\\.\PHYSICALDRIVE1 - WDC WD2500KS-00MJB0 - 232.88 GiB - 4 partitions
\PARTITION0 - Installable File System - 58.59 GiB - E:
\PARTITION1 - Installable File System - 58.59 GiB - F:
\PARTITION2 - Installable File System - 58.59 GiB - G:
\PARTITION3 - Installable File System - 57.1 GiB - H:

\\.\PHYSICALDRIVE3 - Microtech FireWire CameraMate IEEE 1394 SBP2 Device - 1953.22 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 1956.91 MiB - K:

\\.\PHYSICALDRIVE6 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE8 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE7 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE4 - WDC WD25 00JB-00REA0 USB Device - 232.88 GiB - 2 partitions
\PARTITION0 - Installable File System - 117.19 GiB - P:
\PARTITION1 - Installable File System - 115.69 GiB - Q:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

UpdatesDisableNotify is set.
AntivirusOverride is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: ThreatFire v3.0.14.16 (PC Tools)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"="C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Comodo\\Comodo AntiVirus\\CavEmSrv.exe"="C:\\Program Files\\Comodo\\Comodo AntiVirus\\CavEmSrv.exe:*:Enabled:Comodo AntiVirus Email Proxy Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cypressotter\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPAQ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cypressotter
LOGONSERVER=\\COMPAQ
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\CFusionMX7\verity\k2\_nti40\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\php
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PHPRC=C:\Windows
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CYPRES~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CYPRES~1\LOCALS~1\Temp
USERDOMAIN=COMPAQ
USERNAME=cypressotter
USERPROFILE=C:\Documents and Settings\cypressotter
VERITY_CFG=C:\CFusionMX7\verity\k2\common\verity.cfg
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

cypressotter (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acronis True Image Home --> MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3 --> C:\Program Files\Common Files\Adobe\Installers\c1dfd0398e272486e0e41acbed0d624\Setup.exe
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop Lightroom --> MsiExec.exe /I{359D2A79-64C6-4824-83CE-B053297DED6A}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup --> MsiExec.exe /I{413D5495-AECA-4FA7-81A9-2300AECB7EFE}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Agere Systems PCI Soft Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Backup4all 3 --> "C:\Program Files\Softland\Backup4all 3\unins000.exe"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Blackhawk Striker from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F07504C6-20C5-4BFE-83A0-523FB2455E72\Uninstall.exe"
Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Bounce Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
Brother BRAdmin Light 1.08 --> C:\Program Files\InstallShield Installation Information\{DB75941E-30C4-4D97-B000-D17C764B998C}\Setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Brother HL-4040CN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F850310A-4D21-4E6A-9751-466B4B236792}\SETUP.exe" -l0x9 -removeonly /uninst
Brother HL-5040 --> "C:\Program Files\Brother\BRHL5040\IsUninst.exe" -f"C:\Program Files\Brother\BRHL5040\DeIsL1.isu" -cbruninst.dll
Comodo AntiVirus Beta 2.0 --> C:\Program Files\Comodo\Comodo AntiVirus\UninstallCAVS.exe
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO Memory Firewall --> C:\Program Files\COMODO\Memory Firewall\cmfconfg.exe -u
Compaq Instant Support --> C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Crystal Maze from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Dell Printer Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}\setup.exe" -l0x9 /UninstallOnly
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EMS SQL Manager 2005 for SQL Server Lite --> MsiExec.exe /X{161F178C-8CDA-40FF-97F4-CF29C93BE78E}
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Stylus Photo R260 User's Guide --> C:\Program Files\epson\guide\spr260_e\uninstall.exe
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" UNINSTALL
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Five Card Frenzy from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\2FDCC229-354D-4279-ABEF-CE17E355BFFA\Uninstall.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICC Color Profiles --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{476D3472-3FCA-423C-8C0C-18BA780246ED}\setup.exe" -l0x9 anything
ImageRescue3 --> MsiExec.exe /I{6EA6D4E3-134D-4A11-AF2A-7986F61BB2F6}
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Macromedia ColdFusion MX 7 --> "C:\CFusionMX7\uninstall\Uninstall Macromedia ColdFusion MX 7.exe"
Macromedia HomeSite 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}\Setup.exe" AnyText
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MiraFoto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19ADA2D0-D577-11D2-A14E-08002BE4D8DC}\Setup.exe" -l0x9
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{9649C3CF-AC27-4A09-9F7F-A28FADBFDA2D}
MySQL Server 5.0 --> MsiExec.exe /I{3EAB224E-12F7-4EBA-AC0A-A2B10FEEA0E4}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
OptiCAL --> C:\WINDOWS\unvise32.exe C:\Program Files\PANTONE COLORVISION\uninstal.log
Orbital from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\26DC0ED6-93A7-43C1-8DC5-EC16079580F9\Uninstall.exe"
Otto from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8A225900-C06D-41DD-B66C-43840D472758\Uninstall.exe"
Overball from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC Pitstop Optimize2 2.0 --> "C:\Program Files\PCPitstop\Optimize2\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PHP 5.2.5 --> MsiExec.exe /I{00FA2C30-C2BB-45A2-B0C3-769541E8F6A2}
Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RawShooter essentials 2006 --> C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\UNWISE.EXE C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\INSTALL.LOG
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Slyder from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
ThreatFire 3.0 --> "C:\Program Files\ThreatFire\unins000.exe"
TopStyle Lite (Version 3.0) --> C:\WINDOWS\unlite3.exe "C:\Program Files\Bradbury\TopStyle3"
Tradewinds from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Word Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0254DF9A-618A-4A2C-A5ED-FA7115988B02\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2276 / Error
Event Submitted/Written: 03/25/2008 11:04:38 PM
Event ID/Source: 0 / ColdFusion MX 7 ODBC Server
Event Description:
ColdFusion MX 7 ODBC Server@LOCALHOST,ErrorCode=3059,ErrorMessage=The specified data source is not defined.,ClientHost=127.0.0.1,Session=1

Event Record #/Type2214 / Error
Event Submitted/Written: 03/21/2008 06:01:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2213 / Error
Event Submitted/Written: 03/21/2008 06:01:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11128 / Error
Event Submitted/Written: 04/19/2008 00:01:44 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type11127 / Error
Event Submitted/Written: 04/19/2008 11:46:44 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type11105 / Error
Event Submitted/Written: 04/19/2008 11:41:45 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%10022

Event Record #/Type11104 / Error
Event Submitted/Written: 04/19/2008 11:41:45 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type11103 / Error
Event Submitted/Written: 04/19/2008 11:41:45 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ipnaskoc service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-04-19 12:02:54 ------------

Thank you very much!

#4 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 19 April 2008 - 10:53 PM

Hi M42,

Please open Start->Control Panel->Add/Remove Programs, and remove the following:

Java 2 Runtime Environment, SE v1.4.2_03

These are out of date and now a security risk, you can get the latest update (version 6 update 6) from here

Open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O20 - Winlogon Notify: gebcdbc - gebcdbc.dll (file missing)

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Then, open Notepad (press Start->Run, enter notepad and press OK)
Copy everything inside the code box below (Starting with REGEDIT4) and paste it into a new notepad file.
Note: Please copy and paste all the text at once, and check that there is NO blank line above REGEDIT4 and one blank line at the bottom.
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,72,65,6c,6f,67,5f,61,70,\
  00,00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
Change the Save As Type to All Files and save it as fix.reg to your Desktop.
Locate fix.reg on your Desktop, if you did it right it should look like this:Posted Image
Double-click it, when it asks if you want to merge with the registry, click Yes.
You can then delete fix.reg

------------------------------------------------------------------------

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
@echo off
attrib -r -s -h C:\WINDOWS\system32\ijkkj.ini2 >> results.txt 2>>&1
del /q /a /f C:\WINDOWS\system32\ijkkj.ini2 >> results.txt 2>>&1
dir C:\WINDOWS\system32\ac25d99d /a /s >> results.txt 2>>&1
dir C:\jkkji*.* /a /s >> results.txt 2>>&1
dir C:\ijkkj*.* /a /s >> results.txt 2>>&1
regedit /a export.txt HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
type export.txt >> results.txt 2>>&1
del export.txt
del runme.bat
Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

------------------------------------------------------------------------

Then please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky...kavwebscan.html
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Next and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

------------------------------------------------------------------------

Once complete, please post the results.txt, the Kaspersky report and a new HijackThis log. Also, let me know how your computer is behaving now.
ASAP & UNITE Member

#5 M42

M42

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 21 April 2008 - 11:21 AM

---------- results.txt --------------
Volume in drive C is PRESARIO
Volume Serial Number is AC25-CBBC

Directory of C:\WINDOWS\system32

03/15/2008 08:36 PM 63 ac25d99d
1 File(s) 63 bytes

Total Files Listed:
1 File(s) 63 bytes
0 Dir(s) 132,820,955,136 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is AC25-CBBC
File Not Found
Volume in drive C is PRESARIO
Volume Serial Number is AC25-CBBC

Directory of C:\WINDOWS\system32

03/16/2008 01:03 AM 270,037 ijkkj.ini
1 File(s) 270,037 bytes

Total Files Listed:
1 File(s) 270,037 bytes
0 Dir(s) 132,817,813,504 bytes free
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,72,65,6c,6f,67,5f,61,70,\
00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:000005a0
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern"=hex:94,fc,72,9d,5e,15,f3,16,c0,15,00,7d,f5,99,75,83,37,32,62,65,62,\
61,33,32,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
bf,71,04,00,00,00,10,00,00,00,00,00,00,00,46,a6,1c,c6

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup"=hex:75,64,f1,81,f7,08,65,5b,8b

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup"=hex:37,6a,49,62,de,96

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0]
"Auth132"="iissuba"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix"=hex:49,c2,24,a6,c1,25,7e,42,4b,80,3a,2d,fc,08,c2,7e

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time"=hex:bc,28,91,4e,55,08,c8,01

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,6f,e3,94,f8,79,c4,01
"Type"=dword:00000031

---------- END results.txt --------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 21, 2008 9:56:16 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/04/2008
Kaspersky Anti-Virus database records: 717772
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\
Q:\
R:\
S:\
T:\
U:\

Scan Statistics:
Total number of scanned objects: 335553
Number of viruses found: 10
Number of infected objects: 41
Number of suspicious objects: 6
Duration of the scan process: 06:19:17

Infected Object Name / Virus Name / Last Action
C:\CFusionMX7\db\slserver54\tracing\ColdFusion MX 7 ODBC Agent.trc Object is locked skipped
C:\CFusionMX7\db\slserver54\tracing\ColdFusion MX 7 ODBC Server.trc Object is locked skipped
C:\CFusionMX7\logs\eventgateway.log Object is locked skipped
C:\CFusionMX7\logs\server.log Object is locked skipped
C:\CFusionMX7\runtime\logs\coldfusion-err.log Object is locked skipped
C:\CFusionMX7\runtime\logs\coldfusion-out.log Object is locked skipped
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\consumer.dat Object is locked skipped
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\destination.dat Object is locked skipped
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\handle.dat Object is locked skipped
C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\message.dat Object is locked skipped
C:\CFusionMX7\verity\Data\host\admin\admin.dat Object is locked skipped
C:\CFusionMX7\verity\Data\host\log\audit.log Object is locked skipped
C:\CFusionMX7\verity\Data\host\log\status.log Object is locked skipped
C:\CFusionMX7\verity\Data\services\ColdFusionK2_indexserver1\log\status.log Object is locked skipped
C:\CFusionMX7\verity\Data\services\ColdFusionK2_server1\log\status.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\cav.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\cavasm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\monln.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\ThreatFire\Orig.db Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\cert8.db Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\history.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\key3.db Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\parent.lock Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\search.sqlite Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\cypressotter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-662e56a0.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\cypressotter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-662e56a0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\cypressotter\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5n07qeu.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\History\History.IE5\MSHist012008042020080421\index.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temp\Acr163.tmp Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temp\Acr169.tmp Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temp\Acr7.tmp Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temp\AcrD.tmp Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\cypressotter\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\cypressotter\ntuser.dat Object is locked skipped
C:\Documents and Settings\cypressotter\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Acronis\TrueImageHome\Logs\4763100F-D309-47C5-965C-F7B1D3F06F9A.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\compaq.err Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP167\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\2680 Object is locked skipped
C:\WINDOWS\Temp\ib1.tmp Object is locked skipped
C:\WINDOWS\Temp\ib2.tmp Object is locked skipped
C:\WINDOWS\Temp\ib3.tmp Object is locked skipped
C:\WINDOWS\Temp\ib4.tmp Object is locked skipped
C:\WINDOWS\Temp\ib5.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Download\astlog.zip/astlog.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.a skipped
E:\Download\astlog.zip ZIP: infected - 1 skipped
E:\Download\NetworkToolkit\TNT_Free_Edition_2_0.zip/bin/scanners/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
E:\Download\NetworkToolkit\TNT_Free_Edition_2_0.zip ZIP: infected - 1 skipped
E:\Download\UB4WIN\plugin\Network\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\Download\UB4WIN\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\System Volume Information\_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP167\change.log Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\admparse.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\advpack.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\browseui.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\corpol.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\custsat.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\dxtmsft.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\dxtrans.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\extmgr.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\hmmapi.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\icardie.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\icrav03.rat Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ie4uinit.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieakeng.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieaksie.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieakui.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieapfltr.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iedkcs32.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iedw.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieencode.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieframe.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iepeers.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieproxy.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iernonce.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iertutil.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iesetup.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieudinit.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieui.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ieuinit.inf Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\iexplore.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\imgutil.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\inetcpl.cpl Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\inseng.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\install.ins Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\jscript.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\jsproxy.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\licmgr10.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeeds.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeeds.mof Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeedsbs.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeedsbs.mof Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msfeedssync.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshta.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshtml.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshtml.tlb Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshtmled.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mshtmler.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msls31.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\msrating.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\mstime.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\occache.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\occache.ini Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\pngfilt.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\shdocvw.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\shlwapi.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\spmsg.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\spuninst.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\spupdsvc.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\tdc.ocx Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\ticrf.rat Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\idndl.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\ie7.cat Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\iecustom.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\iereseticons.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\iesetup.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\legitlibm.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\nlsdl.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\update.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\update.exe.manifest Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\update.inf Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\update.ver Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\updspapi.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\update\xmllitesetup.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\url.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\urlmon.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\vbscript.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\vgx.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\webcheck.dll Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\webcheck.ini Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\winfxdocobj.exe Object is locked skipped
Q:\4d6f30f5d6766413750d82262952\wininet.dll Object is locked skipped
Q:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Q:\System Volume Information\_restore{E129A2E4-317E-4912-9F22-8D5401A7D1BC}\RP167\change.log Object is locked skipped
R:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
S:\New 1\1_D.zip/Download/astlog.zip/astlog.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.a skipped
S:\New 1\1_D.zip/Download/astlog.zip Infected: not-a-virus:PSWTool.Win32.Asterisk.a skipped
S:\New 1\1_D.zip ZIP: infected - 2 skipped
S:\New 1\2_D.zip/Download/NetworkToolkit/bin/scanners/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/NetworkToolkit/TNT_Free_Edition_2_0.zip/bin/password_rev/dialupass/dialupass.exe Infected: not-a-virus:PSWTool.Win32.Dialupass.an skipped
S:\New 1\2_D.zip/Download/NetworkToolkit/TNT_Free_Edition_2_0.zip/bin/scanners/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/NetworkToolkit/TNT_Free_Edition_2_0.zip Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/netcat/files/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/ultravnc/files/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/ultravnc/files/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/VNCServer/vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/VNCServer/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/Network/VNCServer/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UB4WIN/plugin/System-Info/Information/keyfinderpe/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/System-Info/Information/keyfinderpe/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/netcat/files/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/VNCServer/vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/ultravnc/files/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/VNCServer/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/ultravnc/files/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar/plugin/Network/VNCServer/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip/Download/UBCD4WinV30.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\New 1\2_D.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
S:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
T:\7181895d74e7e5d90ee5\update\update.exe Object is locked skipped
T:\831af59e44f898e5a56c7d89\update\update.exe Object is locked skipped
T:\Pavilion BU\New Folder\Outlook\archive.pst/Archive Folders/Sent Items/19 Mar 2006 02:14 to spoof@paypal.com:FW: Critical Information R.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
T:\Pavilion BU\New Folder\Outlook\archive.pst Mail MS Mail: suspicious - 1 skipped
T:\Pavilion BU\New Folder\Outlook\outlook.pst/Personal Folders/Deleted Items/21 Apr 2007 12:25 from Bank Of America:SPAM-LOW: Urgent Securit.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
T:\Pavilion BU\New Folder\Outlook\outlook.pst Mail MS Mail: suspicious - 1 skipped
T:\Pavilion BU\Settings&Transfer_BACKUP\archive.pst/Archive Folders/Sent Items/19 Mar 2006 02:14 to spoof@paypal.com:FW: Critical Information R.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
T:\Pavilion BU\Settings&Transfer_BACKUP\archive.pst Mail MS Mail: suspicious - 1 skipped
T:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
U:\ca54d110eb210b0d50cb5e\admparse.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\advpack.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\browseui.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\corpol.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\custsat.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\dxtmsft.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\dxtrans.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\extmgr.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\hmmapi.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\icardie.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\icrav03.rat Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ie4uinit.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieakeng.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieaksie.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieakui.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieapfltr.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iedkcs32.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iedw.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieencode.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieframe.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iepeers.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieproxy.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iernonce.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iertutil.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iesetup.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieudinit.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieui.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ieuinit.inf Object is locked skipped
U:\ca54d110eb210b0d50cb5e\iexplore.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\imgutil.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\inetcpl.cpl Object is locked skipped
U:\ca54d110eb210b0d50cb5e\inseng.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\install.ins Object is locked skipped
U:\ca54d110eb210b0d50cb5e\jscript.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\jsproxy.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\licmgr10.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeeds.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeeds.mof Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeedsbs.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeedsbs.mof Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msfeedssync.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshta.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshtml.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshtml.tlb Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshtmled.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mshtmler.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msls31.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\msrating.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\mstime.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\occache.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\occache.ini Object is locked skipped
U:\ca54d110eb210b0d50cb5e\pngfilt.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\shdocvw.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\shlwapi.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\spmsg.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\spuninst.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\spupdsvc.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\tdc.ocx Object is locked skipped
U:\ca54d110eb210b0d50cb5e\ticrf.rat Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\idndl.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\ie7.cat Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\iecustom.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\iereseticons.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\iesetup.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\legitlibm.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\nlsdl.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\update.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\update.exe.manifest Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\update.inf Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\update.ver Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\updspapi.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\update\xmllitesetup.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\url.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\urlmon.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\vbscript.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\vgx.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\webcheck.dll Object is locked skipped
U:\ca54d110eb210b0d50cb5e\webcheck.ini Object is locked skipped
U:\ca54d110eb210b0d50cb5e\winfxdocobj.exe Object is locked skipped
U:\ca54d110eb210b0d50cb5e\wininet.dll Object is locked skipped
U:\f8253bc6619ff7b960\spuninst.exe Object is locked skipped
U:\f8253bc6619ff7b960\spupdsvc.exe Object is locked skipped
U:\f8253bc6619ff7b960\update\idnmitigationapis.cat Object is locked skipped
U:\f8253bc6619ff7b960\update\spcustom.dll Object is locked skipped
U:\f8253bc6619ff7b960\update\update.exe Object is locked skipped
U:\f8253bc6619ff7b960\update\update.inf Object is locked skipped
U:\f8253bc6619ff7b960\update\update.ver Object is locked skipped
U:\f8253bc6619ff7b960\update\updspapi.dll Object is locked skipped
U:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:17:43 AM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Macromedia\HomeSite 5\HomeSite5.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthpigments.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: OptiCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\OptiCAL\OptiCAL.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191697986149
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe


One program is still very slow during File/Open and navigating directories within that dialog - approx 5x slower than normal. I'll take note of overall performance during the day and report back.
Thanks.

#6 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 21 April 2008 - 06:10 PM

Hi M42,

Make hidden/system files and folders visible:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

Use Windows Explorer (right-click Start, select Explore) to find and delete the following files:

C:\WINDOWS\system32\ijkkj.ini
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll

If you have trouble finding or deleting any, please let me know in your next response.

Then delete the contents of this folder (not the folder itself):

C:\Documents and Settings\cypressotter\Application Data\Sun\Java\Deployment\cache\


Kaspersky flagged this file:

E:\Download\astlog.zip

It's a program to reveal passwords hidden behind asterisks, only a concern if you didn't know it was present.

Kaspersky also flagged several emails which I suggest you search for and delete:

T:\Pavilion BU\New Folder\Outlook\archive.pst
/Archive Folders/Sent Items/19 Mar 2006 02:14 to spoof@paypal.com:FW: Critical Information R.html
T:\Pavilion BU\New Folder\Outlook\outlook.pst
/Personal Folders/Deleted Items/21 Apr 2007 12:25 from Bank Of America:SPAM-LOW: Urgent Securit.html
T:\Pavilion BU\Settings&Transfer_BACKUP\archive.pst
/Archive Folders/Sent Items/19 Mar 2006 02:14 to spoof@paypal.com:FW: Critical Information R.html


Please download F-Secure Blacklight to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Double click fsbl.exe to run it, choose I accept the agreement then press Scan
  • It will create the fsbl-xxxxxxx.log on your desktop containing a list of all items found.
  • Do not choose to rename any because legitimate items can also be present.
  • Exit Blacklight and post the contents of the log in your next reply.

Once complete, please post the Blacklight report and a new HijackThis log.
ASAP & UNITE Member

#7 M42

M42

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 21 April 2008 - 09:22 PM

04/21/08 20:03:54 [Info]: BlackLight Engine 1.0.70 initialized
04/21/08 20:03:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/21/08 20:03:55 [Note]: 7019 4
04/21/08 20:03:55 [Note]: 7005 0
04/21/08 20:04:03 [Note]: 7006 0
04/21/08 20:04:11 [Note]: 7011 5124
04/21/08 20:04:15 [Note]: 7035 0
04/21/08 20:04:15 [Note]: 7026 0
04/21/08 20:04:15 [Note]: 7026 0
04/21/08 20:04:21 [Note]: FSRAW library version 1.7.1024
04/21/08 20:13:37 [Note]: 2000 1012

Logfile of HijackThis v1.99.1
Scan saved at 8:20:37 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\Program Files\Comodo\Comodo AntiVirus\cavemsrv.exe
C:\Documents and Settings\cypressotter\Desktop\fsbl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthpigments.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: OptiCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\OptiCAL\OptiCAL.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cavemlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191697986149
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

#8 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 22 April 2008 - 08:28 AM

Hi M42

Download OTCleanIt to your Desktop
Double-click it to run the program, and press the CleanUp! button.
When prompted, allow your computer to be rebooted.

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------

At this stage your machine looks to be clean of malware, so if you are still experiencing performance problems I think the best way to resolve it is to ask for help from the Tech Team in the Microsoft Windows forum here at What the Tech - the experts there specialize in this type of problem so you will be in good hands.

Here are some tips to help you keep your computer clean:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule
Also, check that your antivirus and antispyware programs are set to automatically update daily.

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
ASAP & UNITE Member

#9 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 24 April 2008 - 09:14 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users