Author Topic: Trojan? Malware? Big problems (Read 2326 times)

Ziminy13 · « **Reply #20 on:** August 29, 2006, 10:21:12 AM »

The copy of XP that I bought has been on my last 2 computers. So this would be the 3rd one if I figure out how to get it on this one. Is that a problem? I've been at the same address for all 3 computers.
Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 11:19:01 AM, on 8/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\AOL\1138560958\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Shawn\Computer_Help\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138560958\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.Email Removed/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.Email Removed/mcafee/molbin/share...,20/McGDMgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EA56B3-33F4-4E37-8CB6-58D14A790BC7}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

guestolo · « **Reply #21 on:** August 29, 2006, 10:32:33 PM »

Typically one copy of WindowsXP for each personal computer
You can contact Microsoft if this is your only computer now and explain your situation
They may be able to help you out

In the meantime, to help prevent malware
Protect yourself against Future Attacks
*Install SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Make sure your Anti-Virus software is always kept up to date and actively running in the background
Setting your AV to Autoupdate is a very smart move

*Keep your Firewall protection enabled
A Firewall is also very important
This provides a line of defense against someone/thing who might try to access your computer without your permission

Update and do scan's with your Anti-Spyware programs on a regular basis

Of course the best prevention is to get ALL latest Service packs and high priorities for Windows
See if Microsoft can help you out

Ziminy13 · « **Reply #22 on:** September 01, 2006, 06:01:06 PM »

Sorry for the delay responding. I had to take a break from dealing with this piece of .....

It does not take 45 minutes to boot anymore but nothing else has changed

I still cannot open certain folders without EVERYTHING on the desktop disappearing and then reappearing. So I cannot get to any files in those folders.

Computer is still running slow, in fact the Aquarium screensaver looks like an epileptic.

Any suggestions?

guestolo · « **Reply #23 on:** September 01, 2006, 11:50:14 PM »

Quote

Aquarium screensaver looks like an epileptic

Is this a free download?
Maybe it 's the problem

Let me warn you, I don't keep a topic open to have continuing problems
If this is a new problem you JUST starting experiencing
START A NEW POST
Do not leave an old one open

Ziminy13 · « **Reply #24 on:** September 02, 2006, 12:21:40 AM »

The screensaver was store bought. There is nothing wrong with it. It's my computer that cant handle running it. This is not a new problem. It is the same 2 problems I have had since the beginning.

1. The computer is running slow.
2. When I open some folders everything but the wallpaper disappears and then reappears except the folder is closed. I cannot get to any of the files in certain folders.

Same problem.

guestolo · « **Reply #25 on:** September 02, 2006, 12:30:22 AM »

Is this a legal version of XP? Woops, no it isn't
I question this since the malware is biting you in the a**

Since you have no Windows updates, have you thought about backing up important files and folders and starting over
Since this isn't a legal version of XP, get used to it

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
Sorry to be blunt, but seriously, get used to it
I have on my test box

Ziminy13 · « **Reply #26 on:** September 02, 2006, 01:49:51 AM »

I put a legal copy of XP on it now. Still have the same problems. Should I start a new thread?

guestolo · « **Reply #27 on:** September 02, 2006, 10:48:31 AM »

I think I was having a bad day yesterday

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Did you do a clean install on the machine?
Or did you reinstall over the top?

Can I see a fresh hijackthis log please

Ziminy13 · « **Reply #28 on:** September 08, 2006, 06:44:40 AM »

I reinstalled over the top cuz I was told I would not have to reinstall all of my other programs.

I also put SP2 on it and got it updated with about 30 security updates that were recommended.

Logfile of HijackThis v1.99.1
Scan saved at 7:44:17 AM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\AOL\1138560958\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138560958\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.Email Removed/mcafee/molbin/share...83/mcinsctl.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.Email Removed/mcafee/molbin/share...,20/McGDMgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EA56B3-33F4-4E37-8CB6-58D14A790BC7}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe

guestolo · « **Reply #29 on:** September 08, 2006, 08:40:45 AM »

Did you Defrag after reinstalling over the top and installing all the Critical updates?
How's everything running?

Ziminy13 · « **Reply #30 on:** September 08, 2006, 09:32:50 AM »

Yes, I did a defrag. It is still running slow. And I still cant open certain folders without everything disappearing.

guestolo · « **Reply #31 on:** September 09, 2006, 05:54:45 PM »

Sorry, I don't see anything wrong with your log
Download WPFind.zip

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode
copy/paste the whole contents of c:\WinPFind\WinPFind.txt <-this file back here

Ziminy13 · « **Reply #32 on:** September 11, 2006, 07:19:45 PM »

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 9/11/2006 7:46:17 PM
WinPFind v1.5.0   Folder = C:\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
WSUD 8/19/2006 11:45:38 PM 75858656 C:\BonusCD.zip ()

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/19/2006 10:27:26 PM 38400 C:\WINDOWS\2Sy.exe ()

Checking %System% folder...
WSUD 2/23/2005 6:10:06 AM 17747968 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
PEC2 8/23/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 6/13/2006 5:36:12 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 6/13/2006 5:36:12 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
FSG! 8/19/2006 10:27:22 PM 106542 C:\WINDOWS\SYSTEM32\Down1(0).exe ()
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 8/9/2006 3:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/9/2006 3:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 3:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/23/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
UPX! 9/2/2006 4:23:32 AM 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 9/2/2006 4:23:32 AM 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 9/2/2006 4:23:32 AM 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 9/2/2006 4:23:32 AM 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/11/2006 7:45:12 PM S 2048 C:\WINDOWS\bootstat.dat ()
9/8/2006 6:46:42 AM H 54156 C:\WINDOWS\QTFont.qfn ()
9/1/2006 11:55:34 PM RH 749 C:\WINDOWS\WindowsShell.Manifest ()
9/1/2006 11:55:40 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini ()
9/1/2006 11:56:30 PM HS 67 C:\WINDOWS\Fonts\desktop.ini ()
9/1/2006 11:55:40 PM H 65 C:\WINDOWS\occache\desktop.ini ()
9/1/2006 11:55:42 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini ()
9/1/2006 11:56:06 PM RHS 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab ()
9/1/2006 11:56:06 PM RHS 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab ()
9/1/2006 11:56:06 PM RHS 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_7.cab ()
9/2/2006 3:46:10 AM RHS 305145 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_8.cab ()
9/2/2006 3:46:58 AM RHS 68327 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_9.cab ()
9/1/2006 11:57:14 PM H 614400 C:\WINDOWS\repair\ntuser.dat ()
9/1/2006 11:55:34 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest ()
9/1/2006 11:55:40 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest ()
9/1/2006 11:55:34 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest ()
9/1/2006 11:55:34 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest ()
9/1/2006 11:55:34 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest ()
9/1/2006 11:55:40 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest ()
9/1/2006 11:55:34 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest ()
7/28/2006 8:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
7/27/2006 10:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
7/21/2006 5:03:14 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
7/14/2006 12:13:00 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat ()
7/14/2006 11:53:20 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat ()
9/11/2006 7:45:06 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
9/1/2006 7:29:14 PM H 0 C:\WINDOWS\system32\config\default.tmp.LOG ()
9/11/2006 7:45:22 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
9/11/2006 7:45:18 PM H 24576 C:\WINDOWS\system32\config\SECURITY.LOG ()
9/11/2006 7:45:18 PM H 53248 C:\WINDOWS\system32\config\software.LOG ()
9/1/2006 7:29:14 PM H 0 C:\WINDOWS\system32\config\software.tmp.LOG ()
9/11/2006 7:45:18 PM H 806912 C:\WINDOWS\system32\config\system.LOG ()
9/1/2006 7:29:08 PM H 0 C:\WINDOWS\system32\config\system.tmp.LOG ()
9/1/2006 7:29:06 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG ()
9/1/2006 7:29:16 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG ()
9/1/2006 11:57:16 PM H 1024 C:\WINDOWS\system32\config\userdifr.LOG ()
9/2/2006 3:18:26 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
9/2/2006 3:18:12 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\09f80c32-da47-48a9-be3d-e654ae9593ef ()
9/2/2006 3:18:12 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
8/21/2006 12:20:44 AM H 43713 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcghelp.GID ()
9/11/2006 7:44:24 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
2/23/2005 6:10:06 AM 17747968 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/9/2004 6:04:02 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
7/26/2006 3:03:14 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{00000161-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/msaud.cab
{0E5F0222-96B9-11D3-8997-00104BD12D94} - PCPitstop Utility - CodeBase = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - - CodeBase = https://objects.Email Removed/mcafee/molbin/share...83/mcinsctl.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - InetDownload Class - CodeBase = https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMesse...pDownloader.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - - CodeBase = https://objects.Email Removed/mcafee/molbin/share...,20/McGDMgr.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/13/2006 10:51:16 AM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
9/1/2006 11:57:08 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/18/2006 12:47:58 AM 305 C:\Documents and Settings\All Users\Application Data\addr_file.html ()
9/1/2006 11:30:52 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
1/29/2006 3:58:48 PM 652 C:\Documents and Settings\Tracy Boo Major\Start Menu\Programs\Startup\BHODemon 2.0.lnk ()
12/19/2005 10:03:22 AM HS 84 C:\Documents and Settings\Tracy Boo Major\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
1/1/2005 4:32:22 AM HS 62 C:\Documents and Settings\Tracy Boo Major\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Page - http://ie.search.msn.com
\\Default_Search_URL - http://ie.search.msn.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8198
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 =
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8194 = Sun Java Console
\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8195 = PartyPoker.com
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8197 = Windows Messenger

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{955B7B84-5308-419c-8ED8-0B9CA3C56985} - America Online = C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll (America Online, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{02A62A55-544C-42CD-8EE0-F364E8338D3D} - Image Previewer = C:\WINDOWS\System32\ShellExtension.dll (SoftTech InterCorp Corporation, http://www.stintercorp.com/)
\\{A464F9AE-3108-4A4B-AA37-F7546589D961} - ShellExtensionPropSheet = C:\WINDOWS\System32\ShellExtension.dll (SoftTech InterCorp Corporation, http://www.stintercorp.com/)
\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = ()
\\{52B87208-9CCF-42C9-B88E-069281105805} - Trojan Remover Shell Extension = C:\PROGRA~1\TROJAN~1\Trshlex.dll ()
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\ImagePreview - {02A62A55-544C-42CD-8EE0-F364E8338D3D} = C:\WINDOWS\System32\ShellExtension.dll (SoftTech InterCorp Corporation, http://www.stintercorp.com/)
\Trojan Remover - {52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\ImagePreview - {02A62A55-544C-42CD-8EE0-F364E8338D3D} = C:\WINDOWS\System32\ShellExtension.dll (SoftTech InterCorp Corporation, http://www.stintercorp.com/)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\ImagePreview - {02A62A55-544C-42CD-8EE0-F364E8338D3D} = C:\WINDOWS\System32\ShellExtension.dll (SoftTech InterCorp Corporation, http://www.stintercorp.com/)
\Trojan Remover - {52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
VTTimer - C:\WINDOWS\SYSTEM32\VTTimer.exe (S3 Graphics, Inc.)
VTTrayp - C:\WINDOWS\SYSTEM32\VTtrayp.exe (S3 Graphics Co., Ltd.)
RaidTool - C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
HostManager - C:\Program Files\Common Files\AOL\1138560958\ee\AOLSoftware.exe (America Online, Inc.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe (Sun Microsystems, Inc.)
IPHSend - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
LXCGCATS - rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll ()
lxcgmon.exe - C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
EzPrint - C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
FaxCenterServer - C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
!ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL   Installed = 1
MAPI   Installed = 1
MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
FreeRAM XP - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (tm))

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Tracy Boo Major\Start Menu\Programs\Startup\BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.)
C:\Documents and Settings\Tracy Boo Major\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{08315C1A-9BA9-4B7C-A432-26885F78DF28} - = C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoi.vxd ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{D7C40092-8986-4427-A0EC-6724D3BA8CC0} - (Realtek RTL8139/810x Family Fast Ethernet NIC)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\nwprovau.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000004\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

TheTechGuide Forum

News:

Author Topic: Trojan? Malware? Big problems (Read 2326 times)

Ziminy13

Trojan? Malware? Big problems

guestolo

Trojan? Malware? Big problems

Ziminy13

Trojan? Malware? Big problems

guestolo

Trojan? Malware? Big problems

Ziminy13

Trojan? Malware? Big problems

guestolo

Trojan? Malware? Big problems

Ziminy13

Trojan? Malware? Big problems

guestolo

Trojan? Malware? Big problems

Ziminy13

Trojan? Malware? Big problems

guestolo

Trojan? Malware? Big problems

Ziminy13

Trojan? Malware? Big problems

guestolo

Trojan? Malware? Big problems

Ziminy13

Trojan? Malware? Big problems