Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A couple of problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

A couple of problems

Unread postby Rogue5nine » August 13th, 2006, 2:58 pm

I'm pretty sure my computer is infected. Here is the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 11:54:36 AM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\RssReader\RssReader.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Brian\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/ExitCampaign. ... me=22:5:21
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Rogue5nine
Active Member
 
Posts: 3
Joined: August 13th, 2006, 2:53 pm
Advertisement
Register to Remove

Unread postby 'KotaGuy » August 15th, 2006, 7:19 pm

Hi Rogue5nine!

Run and scan with HijackThis and place checks beside the following:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/ExitCampaign. ... me=22:5:21
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll


Close all open browsers/windows and click the Fix button.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
    * Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
    * Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    * Click the "Download" button to the right.
    * Check the box that says: "Accept License Agreement".
    * The page will refresh.
    * Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    * Close any programs you may have running - especially your web browser.
    * Go to Start>Run ans type in appwiz.cpl and hit Enter.
    * Hilite any item with Java Runtime Environment (JRE or J2SE) in the name.
    * Click the Remove or Change/Remove button.
    * Repeat as many times as necessary to remove each Java versions.
    * Reboot your computer once all Java components are removed.
    * Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.


Once that is done post a new HijackThis log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Rogue5nine » August 16th, 2006, 1:00 am

Cool, thanks for helping! AVG also caught 2 viruses and put them in the vault. They are: Worm/Generic.TX and a Trojan Dialer.TG. I have no idea what to do with them now though. Here is my new HijackThis log after fixing the items you mentioned.


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\RssReader\RssReader.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Brian\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Rogue5nine
Active Member
 
Posts: 3
Joined: August 13th, 2006, 2:53 pm

Unread postby 'KotaGuy » August 16th, 2006, 3:28 am

You can delete those from AVG's Vault.
  • Double click the AVG icon in your System Tray
  • Select the Virus Vault
  • Click the Open button
  • Hilite the files and click the Wipe Files button
  • Close the Control Center
Your HijackThis log isn't showing any indication of infection so I'd like you to do a couple more scans for me please.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Download WinPFind2.
  • Open the newly made WinPFind2 folder on your Desktop
  • Double click winpfind2.exe
  • Click the Select All button in the File Options box
  • Click the Run All Scans button
  • When the scan is done you will see Scans Complete! at the bottom left of the tool
  • Click the Simple Report button
  • Notepad will open up with the results of the scan

Copy/paste the results of the WinPFind2 scan along with the results of the Kaspersky scan into your next reply.

You may need to split the logs over a couple of posts so they don't get cut off.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Rogue5nine » August 16th, 2006, 4:04 am

Ok, here is the WinPFind2 log.

<Processes>
alg.exe - c:\windows\system32\alg.exe - (Microsoft Corporation )
avgamsvr.exe - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe - (GRISOFT, s.r.o. )
avgcc.exe - c:\progra~1\grisoft\avgfre~1\avgcc.exe - (GRISOFT, s.r.o. )
avgemc.exe - c:\progra~1\grisoft\avgfre~1\avgemc.exe - (GRISOFT, s.r.o. )
avgupsvc.exe - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe - (GRISOFT, s.r.o. )
csrss.exe - \??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
dsagnt.exe - c:\program files\dell support\dsagnt.exe - (Gteko Ltd. )
ewido.exe - c:\program files\ewido anti-spyware 4.0\ewido.exe - (Anti-Malware Development a.s. )
explorer.exe - c:\windows\explorer.exe - (Microsoft Corporation )
firefox.exe - c:\program files\mozilla firefox\firefox.exe - (Mozilla Corporation )
guard.exe - c:\program files\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
hphipm09.exe - c:\windows\system32\hphipm09.exe - (HP )
hphmon03.exe - c:\windows\system32\hphmon03.exe - (Hewlett-Packard )
hpztsb04.exe - c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe - (HP )
intelmem.exe - c:\program files\intel\modem event monitor\intelmem.exe - (Intel Corporation )
ipodservice.exe - c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
ituneshelper.exe - c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
lsass.exe - c:\windows\system32\lsass.exe - (Microsoft Corporation )
mrtmngr.exe - c:\windows\system32\mrtmngr.exe - (Marimba Inc. )
msascui.exe - c:\program files\windows defender\msascui.exe - (Microsoft Corporation )
msmpeng.exe - c:\program files\windows defender\msmpeng.exe - (Microsoft Corporation )
nvsvc32.exe - c:\windows\system32\nvsvc32.exe - (NVIDIA Corporation )
pcmservice.exe - c:\program files\dell\media experience\pcmservice.exe - (CyberLink Corp. )
pdvdserv.exe - c:\program files\cyberlink\powerdvd\pdvdserv.exe - (Cyberlink Corp. )
profiler.exe - c:\program files\saitek\software\profiler.exe - (Saitek )
qagent.exe - c:\program files\quickenw\qagent.exe - ( )
qttask.exe - c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
razerhid.exe - c:\program files\razer\copperhead\razerhid.exe - ( )
razerofa.exe - c:\program files\razer\copperhead\razerofa.exe - (Razer Inc. )
razertra.exe - c:\program files\razer\copperhead\razertra.exe - ( )
realsched.exe - c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
rssreader.exe - c:\program files\rssreader\rssreader.exe - (Ykoon )
saimfd.exe - c:\program files\saitek\software\saimfd.exe - (Saitek )
saismart.exe - c:\program files\saitek\software\saismart.exe - (Saitek )
services.exe - c:\windows\system32\services.exe - (Microsoft Corporation )
smss.exe - \systemroot\system32\smss.exe - (Microsoft Corporation )
spoolsv.exe - c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
ssaad.exe - c:\progra~1\sony\sonics~1\ssaad.exe - ( )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
wdfmgr.exe - c:\windows\system32\wdfmgr.exe - (Microsoft Corporation )
winlogon.exe - \??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
winpfind2.exe - c:\documents and settings\brian\desktop\winpfind2\winpfind2\winpfind2.exe - (OldTimer Tools )

<Registry Entries>

Version Info
WinPFind2 by OldTimer - Version 1.0.3 -
Microsoft Windows XP Version = Service Pack 2 -
Internet Explorer Version = 6.0.2900.2180 -

Internet Explorer Settings
HKLM->Main\\Start Page - http://www.comcast.net/
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM->Main\\Default Page - http://www.dell4me.com/mywaybiz
HKLM->Main\\Default Search - http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM->Main\\Local Page - C:\WINDOWS\about.htm
HKCU->Main\\Start Page - http://www.comcast.net/
HKCU->Main\\Search Page - http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU->Main\\Local Page - C:\WINDOWS\about.htm
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride -

BHO's
HKLM->Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
HKLM->Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc. )
HKLM->Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation )
HKLM->Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation )

Internet Explorer Bars, Toolbars and Extensions
HKCU->Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKCU->Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKLM->Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKLM->Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKLM->Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation )
HKCU->Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
HKCU->Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKCU->Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKCU->Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation )
HKLM->ToolBar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation )
HKCU->Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console
HKCU->Extensions\CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8193 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8194 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} - 8201 -
HKCU->Extensions\CmdMapping\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} - 8202 -
HKCU->Extensions\CmdMapping\\{97809617-3937-4F84-B335-9BB05EF1A8D4} - 8203 -
HKCU->Extensions\CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} - 8198 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - 8200 - Share in H&ello
HKCU->Extensions\CmdMapping\\{cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - 8195 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8196 -
HKCU->Extensions\CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8199 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8197 - Windows Messenger
HKCU->Extensions\CmdMapping\\NextId - 8204
HKLM->Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll (Sun Microsystems, Inc. )
HKLM->Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = Reg Data missing or invalid (File not found))
HKLM->Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} - ButtonText: ComcastHSI = http://www.comcast.net/ (File not found))
HKLM->Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A} - ButtonText: Support = http://www.comcastsupport.com/ (File not found))
HKLM->Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4} - ButtonText: Help = http://online.comcast.net/help/ (File not found))
HKLM->Extensions\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - ButtonText: Share in Hello = (File not found))
HKLM->Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = (File not found))
HKLM->Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - ButtonText: MUSICMATCH MX Web Player = http://wwws.musicmatch.com/mmz/openWebRadio.html (File not found))
HKLM->Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )
HKLM->Extensions\CmdMapping - MenuText: = Reg Data missing or invalid (File not found))
HKLM->Extensions\CmdMapping (HKCU CLSID) - MenuText: = Reg Data missing or invalid (File not found))
HKCU->MenuExt\&AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (File not found))
HKCU->MenuExt\&Translate English Word - (File not found))
HKCU->MenuExt\E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation )

Approved Shell Extensions (Non-Microsoft only)
HKLM->Shell Extensions\Approved\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll ( )
HKLM->Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll ( )
HKLM->Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll ( )
HKLM->Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found))
HKLM->Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
HKLM->Shell Extensions\Approved\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Shell Extensions\Approved\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Shell Extensions\Approved\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
HKLM->Shell Extensions\Approved\{AB77609F-2178-4E6F-9C4B-44AC179D937A} - a² Context Menu Shell Extension = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Shell Extensions\Approved\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. )
HKLM->Shell Extensions\Approved\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )
HKLM->Shell Extensions\Approved\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )

ContextMenuHandlers (Non-Microsoft only)
HKLM->* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
HKLM->* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
HKLM->Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Directory\Background - 00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll ( )
HKLM->Directory\Background - NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
HKLM->Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )

ColumnHandlers (Non-Microsoft only)
HKLM->Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

Registry Run Keys
HKLM->Run\\!ewido - "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o. )
HKLM->Run\\Copperhead - C:\Program Files\Razer\Copperhead\razerhid.exe ( )
HKLM->Run\\HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP )
HKLM->Run\\HPHmon03 - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard )
HKLM->Run\\IntelMeM - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\MISAggregator - (File not found))
HKLM->Run\\NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (File not found))
HKLM->Run\\nwiz - nwiz.exe /install ( )
HKLM->Run\\PCMService - "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp. )
HKLM->Run\\Profiler - C:\Program Files\Saitek\Software\Profiler.exe (Saitek )
HKLM->Run\\QAGENT - C:\Program Files\QUICKENW\QAGENT.EXE ( )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\RemoteControl - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp. )
HKLM->Run\\SaiMfd - C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek )
HKLM->Run\\SaiSmart - C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek )
HKLM->Run\\SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ( )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\\Windows Defender - "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\DellSupport - "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd. )
HKCU->Run\\RssReader - C:\Program Files\RssReader\RssReader.exe (Ykoon )
HKCU->Run\\Steam - (File not found))

Startup Lnks
HKLM->Common Startup - Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated )
HKLM->Common Startup - DESKTOP.INI - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ( )
HKLM->Common Startup - Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation )
HKCU->Startup - DESKTOP.INI - C:\Documents and Settings\Brian\Start Menu\Programs\Startup\DESKTOP.INI ( )

Disabled MSConfig Items
HKLM->StartUpReg\HP Component Manager - hpcmpmgr = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (File not found))
HKLM->StartUpReg\MSMSGS - msmsgs = "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )
HKLM->StartUpReg\MsnMsgr - MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation )
HKLM->StartUpReg\PicasaNet - Hello = "C:\Program Files\Hello\Hello.exe" -b (Picasa, Inc. )
HKLM->StartUpReg\WildTangent CDA - cdaEngine0400 = RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain (File not found))
HKLM->StartUpReg\Yahoo! Pager - ypager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (File not found))

User Agent Post Platform
HKLM->Post Platform\\SV1 -

AppInit DLLs
HKLM->Windows\\AppInit_DLLs - (File not found))

Image File Execution Options
HKLM->Image File Execution Options\Your Image File Name Here without a path - Debugger = ntsd -d

Shell Service Object Delay Load
HKLM->ShellServiceObjectDelayLoad\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

Shell Execute Hooks
HKLM->ShellExecuteHooks\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WINDOW~4\MpShHook.dll (Microsoft Corporation )
HKLM->ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
HKLM->ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

Shared Task Scheduler
HKLM->SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
HKLM->SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

Winlogon
HKLM->Winlogon\\UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Winlogon\\Shell - Explorer.exe (Microsoft Corporation )
HKLM->Winlogon\\System - (File not found))
HKLM->Winlogon\Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\cscdll - cscdll.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\Schedule - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\termsrv - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

DNS Name Servers
HKLM->Interfaces\{144BFDED-DCBD-496B-9DB3-0913D44FD5B8} - (Intel(R) PRO/100 VE Network Connection)
HKLM->Interfaces\{ABCACAEE-2880-4EFF-8E80-CD973FDC4A80} - ()

Winsock2 Catalogs (Non-Microsoft only)

Protocol Handlers (Non-Microsoft only)
HKLM->PROTOCOLS\Handler\ipp - (File not found))
HKLM->PROTOCOLS\Handler\msdaipp - (File not found))

Protocol Filters (Non-Microsoft only)

<Services>
Application Layer Gateway Service - ALG - On Demand - Running - Win32, running in it's own process - C:\WINDOWS\System32\alg.exe (Microsoft Corporation )
Windows Audio - AudioSrv - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
AVG7 Alert Manager Server - Avg7Alrt - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (GRISOFT, s.r.o. )
AVG7 Update Service - Avg7UpdSvc - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (GRISOFT, s.r.o. )
AVG E-mail Scanner - AVGEMS - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (GRISOFT, s.r.o. )
Background Intelligent Transfer Service - BITS - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Computer Browser - Browser - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Cryptographic Services - CryptSvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
DCOM Server Process Launcher - DcomLaunch - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation )
DHCP Client - Dhcp - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
DNS Client - Dnscache - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation )
Error Reporting Service - ERSvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Event Log - Eventlog - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\services.exe (Microsoft Corporation )
COM+ Event System - EventSystem - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
ewido anti-spyware 4.0 guard - ewido anti-spyware 4.0 guard - Automatic - Running - Win32, running in it's own process - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. )
Fast User Switching Compatibility - FastUserSwitchingCompatibility - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Help and Support - helpsvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
HID Input Service - HidServ - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
iPodService - iPodService - On Demand - Running - Win32, running in it's own process - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc. )
Server - lanmanserver - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Workstation - lanmanworkstation - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
TCP/IP NetBIOS Helper - LmHosts - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Network Connections - Netman - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Network Location Awareness (NLA) - Nla - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
NVIDIA Display Driver Service - NVSvc - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation )
Plug and Play - PlugPlay - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\services.exe (Microsoft Corporation )
Pml Driver - Pml Driver - On Demand - Running - Win32, running in it's own process - C:\WINDOWS\system32\HPHipm09.exe (HP )
IPSEC Services - PolicyAgent - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation )
Protected Storage - ProtectedStorage - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation )
Remote Access Connection Manager - RasMan - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Remote Procedure Call (RPC) - RpcSs - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation )
Security Accounts Manager - SamSs - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation )
Task Scheduler - Schedule - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Secondary Logon - seclogon - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
System Event Notification - SENS - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Windows Firewall/Internet Connection Sharing (ICS) - SharedAccess - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Shell Hardware Detection - ShellHWDetection - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Print Spooler - Spooler - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation )
SSDP Discovery Service - SSDPSRV - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Windows Image Acquisition (WIA) - stisvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k imgsvc (Microsoft Corporation )
Telephony - TapiSrv - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Terminal Services - TermService - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation )
Themes - Themes - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Distributed Link Tracking Client - TrkWks - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Windows User Mode Driver Framework - UMWdf - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation )
Windows Time - w32time - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
WebClient - WebClient - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Windows Defender Service - WinDefend - Automatic - Running - Win32, running in it's own process - "C:\Program Files\Windows Defender\MsMpEng.exe" (Microsoft Corporation )
Windows Management Instrumentation - winmgmt - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Security Center - wscsvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Automatic Updates - wuauserv - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Wireless Zero Configuration - WZCSVC - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )

<Files>

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\DESKTOP.INI - ( [Ver = | Size = 62 bytes | Date = 09/03/2002 06:50 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 1772 bytes | Date = 08/07/2006 10:52 | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Brian\Application Data\.googlewebacchosts - ( [Ver = | Size = 0 bytes | Date = 11/17/2005 22:36 | Attr = ])
C:\Documents and Settings\Brian\Application Data\DESKTOP.INI - ( [Ver = | Size = 62 bytes | Date = 09/03/2002 06:50 | Attr = HS])
C:\Documents and Settings\Brian\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 41296 bytes | Date = 04/24/2005 20:17 | Attr = ])
C:\Documents and Settings\Brian\Application Data\PFP120JCM.{PB - ( [Ver = | Size = 12358 bytes | Date = 10/24/2004 14:29 | Attr = ])
C:\Documents and Settings\Brian\Application Data\PFP120JPR.{PB - ( [Ver = | Size = 61678 bytes | Date = 10/24/2004 14:29 | Attr = ])

DPF files
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partne ... nicode.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - FilePlanet Download Control Class - CodeBase = http://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - QDiagAOLCCUpdateObj Class - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - - CodeBase = http://download.mcafee.com/molbin/share ... insctl.cab
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - GSDACtl Class - CodeBase = https://www.gamespyid.com/alaunch.cab
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - Wwlaunch Control - CodeBase = http://www.worldwinner.com/games/shared/wwlaunch.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - WoF Control - CodeBase = http://www.worldwinner.com/games/v45/wof/wof.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - - CodeBase = http://download.mcafee.com/molbin/share ... cgdmgr.cab
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - - CodeBase = http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - Java Plug-in 1.4.0 - CodeBase = http://java.sun.com/update/1.4.0/jinsta ... s-i586.cab
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - MSN Chat Control 4.5 - CodeBase = http://chat.msn.com/controls/msnchat45.cab

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -
Rogue5nine
Active Member
 
Posts: 3
Joined: August 13th, 2006, 2:53 pm

Unread postby 'KotaGuy » August 16th, 2006, 4:15 am

That looks good... nothing bad there.

Will get to your KAV scan log after you've posted it... and after I've gotten some sleep... 2:15am here... vision is stsrting to go blurry :P
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby 'KotaGuy » August 23rd, 2006, 11:39 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Vanilla-krypton and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware