Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I had lots of spyware and am not convinced it's all gone

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I had lots of spyware and am not convinced it's all gone

Unread postby person » January 19th, 2007, 10:07 am

Logfile of HijackThis v1.99.1
Scan saved at 12:57:30 AM, on 20/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\SLEE81.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2247132000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///E:/SuperCD/IntraLaunch.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Program Files\Common Files\eztools\eztoolslib2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm
Advertisement
Register to Remove

Unread postby Susan528 » January 19th, 2007, 3:04 pm

User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Susan528 » January 20th, 2007, 12:40 am

Your hijackthis log appears to be clean. What problems are you experiencing to make you believe that spyware is still present?

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.


======
Combofix
  1. Download this file - combofix.exe
  2. Double click combofix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post(reply) with the Kapersky log, the ComboFix log and a new hijackthis log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby person » January 20th, 2007, 5:07 am

I couldn't get Kapersky to work, the Active X thing wouldn't install but I used Panda Activescan again as it's the one I usually use and it didn't find anything.

Here's the Combofix log

"Katrina" - 07-01-20 19:46:13 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Katrina\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))


2007-01-20 18:31 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-20 14:36 <DIR> d-------- C:\Program Files\Common Files\eztools
2007-01-20 14:26 292 --a------ C:\WINDOWS\regfix.reg
2007-01-19 21:24 <DIR> d-------- C:\Program Files\DVD Identifier
2007-01-19 21:18 <DIR> d-------- C:\Program Files\RoughDraft
2007-01-19 21:17 <DIR> d-------- C:\Program Files\SnookerAndPool
2007-01-19 21:17 <DIR> d-------- C:\Program Files\KoolMoves Lite
2007-01-19 16:57 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-01-19 16:55 <DIR> d-------- C:\Program Files\dansgames.net
2007-01-19 16:53 <DIR> d-------- C:\Program Files\Steganos Security Suite 7
2007-01-19 16:21 <DIR> d-------- C:\Program Files\Car Thief
2007-01-19 16:20 <DIR> d-------- C:\Program Files\Autoplay Repair
2007-01-19 16:20 <DIR> d-------- C:\Program Files\Astral
2007-01-19 13:02 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-01-19 13:01 <DIR> d-------- C:\Program Files\Self Evident Enterprises
2007-01-19 12:46 <DIR> d-------- C:\Program Files\NIGHTSTUD V1.0d
2007-01-19 03:53 513,152 --a------ C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
2007-01-17 16:16 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-01-17 00:15 <DIR> d-------- C:\Program Files\MP3Gain
2007-01-17 00:09 667,344 --a------ C:\mp3gain-win-1_2_5.exe
2007-01-16 23:22 <DIR> d-------- C:\Program Files\JustBanners
2007-01-16 23:22 <DIR> d-------- C:\Program Files\Idea Tracker
2007-01-16 23:19 <DIR> d-------- C:\Interstellar Law
2007-01-16 23:19 <DIR> d-------- C:\Beat The Broker
2007-01-16 17:08 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE
2007-01-14 07:15 <DIR> d-------- C:\Program Files\Lame
2007-01-14 07:14 <DIR> d-------- C:\Program Files\GoldWave
2007-01-14 06:15 407,312 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-01-14 06:15 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-01-12 01:55 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\BookOffice
2007-01-12 01:50 255 ---h----- C:\WINDOWS\system32\mscmx1032.DLL
2007-01-11 17:59 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-01-11 14:55 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2007-01-11 14:55 32,768 --a------ C:\WINDOWS\system32\MCIFR.DLL
2007-01-11 14:55 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-01-11 14:55 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-01-11 14:55 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-01-11 14:55 <DIR> d-------- C:\Program Files\ActorStudio
2007-01-10 23:09 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-10 17:15 <DIR> d-------- C:\Program Files\DemocracyDemo
2007-01-10 17:11 <DIR> d-------- C:\Program Files\Crooked Money
2007-01-10 17:09 <DIR> d-------- C:\Program Files\Car Thief 6 Demo
2007-01-10 16:53 <DIR> d-------- C:\WINDOWS\Secure Image Pro
2007-01-10 16:50 <DIR> d-------- C:\Program Files\NameSpire
2007-01-10 16:49 <DIR> d-------- C:\Program Files\Ebook Creator
2007-01-10 16:40 <DIR> d-------- C:\Program Files\Dvana
2007-01-10 16:39 <DIR> d-------- C:\whtbwin
2007-01-10 14:03 <DIR> d-------- C:\Ringwood.php_files
2007-01-10 14:03 <DIR> d-------- C:\Nunawading.php_files
2007-01-10 14:03 <DIR> d-------- C:\Knox.php_files
2007-01-10 14:02 <DIR> d-------- C:\Camberwell.php_files
2007-01-10 14:01 <DIR> d-------- C:\statestore.php_files
2007-01-08 19:54 1,473,260 --a------ C:\simpler.exe
2007-01-08 05:07 <DIR> d-------- C:\Program Files\Microsoft Script Debugger
2007-01-07 02:21 <DIR> d-------- C:\YaBB.pl_files
2007-01-06 22:46 286,208 --a------ C:\WINDOWS\system32\Cncs232.dll
2007-01-06 19:01 <DIR> d-------- C:\Program Files\MiniMind
2007-01-06 18:54 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-01-06 18:52 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-01-06 18:52 <DIR> d--h----- C:\DOCUME~1\Katrina\InstallAnywhere
2007-01-06 18:50 <DIR> d-------- C:\Program Files\Advanced WindowsCare V2
2007-01-06 18:49 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2007-01-06 18:44 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-01-06 18:41 <DIR> d-------- C:\Program Files\Registry Mechanic
2007-01-06 18:40 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-01-06 18:40 <DIR> d-------- C:\WINDOWS\Omniquad Total Security
2007-01-06 18:39 <DIR> d-------- C:\Program Files\XviD
2007-01-06 18:39 <DIR> d-------- C:\Program Files\3ivx
2007-01-06 18:37 <DIR> d-------- C:\Program Files\AddRemove
2007-01-06 18:37 <DIR> d-------- C:\Program Files\Add Remove Plus! 2003
2007-01-06 18:35 <DIR> d-------- C:\Program Files\Your Company Name
2007-01-06 15:56 493,356 --a------ C:\seo-tutorial.exe
2007-01-03 17:25 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-01-03 17:25 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-01-03 17:24 <DIR> d-------- C:\Program Files\DVD Shrink
2007-01-03 17:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-01-03 17:23 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-01-03 17:22 <DIR> d-------- C:\Program Files\FreeRIP2
2007-01-03 17:09 <DIR> d-------- C:\Program Files\ICQLite
2007-01-03 17:09 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\ICQLite
2007-01-03 17:06 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\iolo
2007-01-03 16:54 <DIR> d-------- C:\Program Files\CCleaner
2007-01-03 16:53 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-01-03 16:53 <DIR> d-------- C:\Program Files\FireTune
2007-01-03 16:53 <DIR> d-------- C:\Program Files\Currency Converter
2007-01-03 16:47 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE
2007-01-03 16:42 <DIR> d-------- C:\Rhymesaurus 1.4
2007-01-03 14:40 <DIR> d-------- C:\Incomplete
2007-01-02 07:14 <DIR> d-------- C:\Finished
2007-01-01 17:14 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\IMBT
2006-12-28 19:46 886,784 --a------ C:\WINDOWS\ebook_library.dll
2006-12-28 19:46 <DIR> d-------- C:\Program Files\SPCK Software
2006-12-28 19:45 <DIR> d-------- C:\Program Files\CPoint
2006-12-27 16:01 255 ---h----- C:\WINDOWS\system32\607937410pr1.dll
2006-12-26 14:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-12-26 14:26 <DIR> d-------- C:\eecdff3d1a0b2b24774e54140910b2
2006-12-26 12:46 <DIR> d-------- C:\DOCUME~1\Katrina\amaya
2006-12-26 08:08 <DIR> d-------- C:\DOCUME~1\Katrina\Shared
2006-12-26 06:16 <DIR> d-------- C:\Websiteconverter
2006-12-26 04:43 13,526 --a------ C:\WINDOWS\system32\msctst32.dll
2006-12-26 04:26 104 ---hs---- C:\WINDOWS\WSYS049.SYS
2006-12-25 05:37 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\TrojanHunter
2006-12-24 22:57 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-12-24 22:57 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-12-24 22:57 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2006-12-24 22:57 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2006-12-24 22:57 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-12-24 22:57 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-12-24 22:57 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-12-24 22:57 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-24 22:57 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-24 22:56 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2006-12-24 22:49 <DIR> d-------- C:\RegRip
2006-12-24 22:48 <DIR> d-------- C:\Karen's Version Browser
2006-12-24 22:47 <DIR> d-------- C:\Karen's Computer Profiler
2006-12-24 22:42 <DIR> d-------- C:\Karen's Power Tools
2006-12-24 22:40 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2006-12-24 22:40 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-12-24 22:32 44,547 --a------ C:\WINDOWS\srinst.exe
2006-12-24 22:32 <DIR> d-------- C:\Program Files\SRHTML98
2006-12-24 22:31 <DIR> d-------- C:\smgenoff
2006-12-24 22:29 258,048 --a------ C:\WINDOWS\system32\ExtFrm.dll
2006-12-24 21:43 355,840 --a------ C:\WINDOWS\winctl32.dll
2006-12-24 21:43 201,216 --a------ C:\WINDOWS\pvplus32.dll
2006-12-24 21:43 <DIR> d-------- C:\Program Files\WebGenie Software
2006-12-24 21:38 49,152 --a------ C:\WINDOWS\system32\MSCDRUN.DLL
2006-12-24 21:37 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2006-12-24 20:10 <DIR> d-------- C:\Program Files\vv
2006-12-24 20:09 <DIR> d-------- C:\Program Files\UFU
2006-12-24 19:44 13 ---h----- C:\DOCUME~1\ALLUSE~1\Application Data\íÇŽ>ã3113>.sys
2006-12-24 19:43 13 ---h----- C:\DOCUME~1\ALLUSE~1\Application Data\13.sys
2006-12-24 19:43 <DIR> d-------- C:\CoffeeCup Software
2006-12-24 19:29 18,944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL
2006-12-24 19:29 <DIR> d-------- C:\Program Files\CoffeeCup Software
2006-12-24 19:22 <DIR> d-------- C:\Hockey
2006-12-24 19:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2006-12-24 19:13 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2006-12-24 19:13 <DIR> d-------- C:\HtmlRemover
2006-12-24 19:12 <DIR> d-------- C:\DiskCheck
2006-12-24 00:32 <DIR> d--h----- C:\SGLAB3F1F65FC513581
2006-12-24 00:32 <DIR> d--h----- C:\BU243C6382AB3F1F65FC513581
2006-12-22 19:39 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\Movie Outline
2006-12-21 18:31 109,568 --a------ C:\WINDOWS\system32\JGFR400.DLL
2006-12-21 18:30 <DIR> d-------- C:\ebookBuilder
2006-12-21 18:26 <DIR> d-------- C:\Program Files\eBookGuard
2006-12-21 18:23 <DIR> d-------- C:\Program Files\DBFrontend
2006-12-21 18:22 <DIR> d-------- C:\Program Files\Practical Scriptwriter
2006-12-21 18:21 <DIR> d-------- C:\WINDOWS\ShellNew
2006-12-21 18:21 <DIR> d-------- C:\Program Files\NoteStudio
2006-12-21 18:20 297,984 --a------ C:\WINDOWS\system32\midas.dll
2006-12-21 18:20 <DIR> d-------- C:\Program Files\MovieWriterPro
2006-12-21 18:18 <DIR> d-------- C:\Program Files\Easy Ebook Creator
2006-12-21 18:13 <DIR> d-------- C:\eBooks Compiler Demo
2006-12-21 18:12 40,960 --a------ C:\WINDOWS\dbrmdwb.exe
2006-12-21 18:12 245,904 --a------ C:\WINDOWS\system32\dbxDgrevCheck.dll
2006-12-21 18:11 937,984 --a------ C:\WINDOWS\npdbplug.dll
2006-12-21 18:11 752,640 --a------ C:\WINDOWS\dbplugin.exe
2006-12-21 18:10 <DIR> d-------- C:\Program Files\D-Fend
2006-12-21 18:08 <DIR> d-------- C:\Kremlin
2006-12-21 18:07 <DIR> d-------- C:\Program Files\SunRav BookOffice 3
2006-12-21 18:07 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\BookEditor
2006-12-21 18:06 44,544 --a------ C:\WINDOWS\system32\Gif89.dll
2006-12-21 18:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2006-12-21 18:01 <DIR> d-------- C:\vv
2006-12-20 00:39 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-12-20 00:39 <DIR> d-------- C:\Program Files\Alcohol 120
2006-12-20 00:31 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9021.sys
2006-12-20 00:31 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-20 19:50 -------- d-------- C:\Program Files\peerguardian2
2007-01-20 19:43 -------- d-------- C:\DOCUME~1\Katrina\Application Data\shareaza
2007-01-20 19:38 -------- d-------- C:\Program Files\mozilla firefox
2007-01-20 18:44 -------- d-------- C:\Program Files\zonealarm
2007-01-20 18:43 -------- d-------- C:\Program Files\windows defender
2007-01-20 18:42 -------- d-------- C:\Program Files\trend micro
2007-01-20 18:41 -------- d-------- C:\Program Files\spywareguard
2007-01-20 01:46 -------- d--h----- C:\Program Files\installshield installation information
2007-01-19 23:58 -------- d-------- C:\Program Files\ad-aware se professional
2007-01-19 11:26 -------- d-------- C:\Program Files\restore desktop
2007-01-16 23:50 -------- d-------- C:\Program Files\winamp
2007-01-16 23:43 -------- d-------- C:\Program Files\msn messenger
2007-01-16 23:18 286720 --------- C:\WINDOWS\setup1.exe
2007-01-16 16:46 -------- d-------- C:\Program Files\spywareblaster
2007-01-16 01:31 69824 --a------ C:\WINDOWS\system32\drivers\LxrJD31d.sys
2007-01-16 01:31 61440 --a------ C:\WINDOWS\system32\lxrjd20sat.dll
2007-01-16 01:31 53248 --a------ C:\WINDOWS\system32\lxrjd31s.exe
2007-01-16 01:31 249856 --a------ C:\WINDOWS\system32\lxrjd31.dll
2007-01-16 01:31 167936 --a------ C:\WINDOWS\system32\lxrjd31c.exe
2007-01-16 01:31 146432 --a------ C:\WINDOWS\system32\lxrjd31p.exe
2007-01-06 11:52 -------- d-------- C:\DOCUME~1\Katrina\Application Data\azureus
2007-01-04 15:31 118 --a------ C:\WINDOWS\system32\binder functions.dll
2007-01-03 17:23 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-29 04:44 -------- d---s---- C:\DOCUME~1\Katrina\Application Data\microsoft
2006-12-26 13:22 -------- d-------- C:\Program Files\symantec
2006-12-26 08:11 4605 --a------ C:\DOCUME~1\Katrina\Application Data\cabos.plist
2006-12-24 22:43 73216 --------- C:\WINDOWS\st6unst.exe
2006-12-22 19:39 -------- d-------- C:\Program Files\movie outline 2.0
2006-12-22 15:02 -------- d-------- C:\Program Files\nvu
2006-12-21 18:32 -------- d-------- C:\Program Files\yadu digital
2006-12-20 07:00 45568 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2006-12-19 19:19 -------- d-------- C:\DOCUME~1\Katrina\Application Data\ahead
2006-12-17 07:05 -------- d-------- C:\DOCUME~1\Katrina\Application Data\frostwire
2006-12-15 12:13 -------- d-------- C:\Program Files\knowbase
2006-12-14 23:26 -------- d-------- C:\Program Files\treepadviewer
2006-12-14 22:42 -------- d-------- C:\Program Files\treepadlite
2006-12-14 22:18 -------- d-------- C:\Program Files\pagefour
2006-12-13 22:52 -------- d-------- C:\Program Files\ywriter2
2006-12-12 08:36 -------- d-------- C:\Program Files\videoinspector
2006-12-09 14:56 -------- d-------- C:\Program Files\natata ebook compiler free
2006-12-05 02:54 -------- d-------- C:\Program Files\dosbox-0.65
2006-12-04 18:49 -------- d-------- C:\DOCUME~1\Katrina\Application Data\nvu
2006-12-01 22:28 -------- d-------- C:\DOCUME~1\Katrina\Application Data\lavasoft
2006-12-01 22:27 -------- d-------- C:\Program Files\lavasoft
2006-11-30 13:19 -------- d-------- C:\Program Files\selteco
2006-11-27 19:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-26 18:29 -------- d-------- C:\DOCUME~1\Katrina\Application Data\help
2006-11-26 17:57 -------- d-------- C:\Program Files\gimp-2.0
2006-11-26 17:55 -------- d-------- C:\Program Files\Common Files\gtk
2006-11-26 16:00 -------- d-------- C:\Program Files\kc softwares
2006-11-26 02:35 -------- d-------- C:\DOCUME~1\Katrina\Application Data\xara
2006-11-26 02:33 -------- d-------- C:\Program Files\xara
2006-11-26 01:46 -------- d-------- C:\Program Files\softcat
2006-11-08 16:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 2029 --a------ C:\WINDOWS\system32\mscxdlv1.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 22:31 532480 --a------ C:\cwshredder.exe
2006-10-31 19:45 62 --ahs---- C:\DOCUME~1\Katrina\Application Data\desktop.ini
2006-10-31 09:03 83672 --a------ C:\WINDOWS\system32\s32evnt1.dll
2006-10-31 08:56 0 -rahs---- C:\MSDOS.SYS
2006-10-31 08:56 0 -rahs---- C:\IO.SYS
2006-10-31 08:56 0 --a------ C:\CONFIG.SYS
2006-10-31 08:56 0 --a------ C:\AUTOEXEC.BAT
2006-10-27 23:59 47104 --a------ C:\ATF-Cleaner.exe
2006-10-27 23:44 28672 --a------ C:\windows-xp-prefetch-clean-and-control.exe
2006-10-27 08:26 69632 --a------ C:\WINDOWS\system32\vuins32.dll
2006-10-20 00:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\ZoneAlarm\\zlclient.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Regsister WScript"="wscript -regserver"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SSS7"="\"C:\\Program Files\\Steganos Security Suite 7\\SSS7.exe\" -firstboot"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SSS7"="\"C:\\Program Files\\Steganos Security Suite 7\\SSS7.exe\" -firstboot"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
"backup"="C:\\WINDOWS\\pss\\Trend Micro Anti-Spyware.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\TRENDM~1\\Tmas.exe -autostart"
"item"="Trend Micro Anti-Spyware"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Katrina^Start Menu^Programs^Startup^MiniMinder.lnk]
"backup"="C:\\WINDOWS\\pss\\MiniMinder.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MiniMind\\MiniMind.exe "
"item"="MiniMinder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreDesktop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RestoreDesktop"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasDTServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunasDtServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasDtServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunasServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="THGuard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=dword:00000002
"SDhelper"=dword:00000002
"WinDefend"=dword:00000002
"SLEE_81_SERVICE"=dword:00000002
"LxrJD31s"=dword:00000002
"GB-PVR Recording Service"=dword:00000002
"AVG Anti-Spyware Guard"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\JDSecure\Windows\JDSecure31.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b35a06-714d-11db-a92a-000d616cef74}]
Shell\AutoRun\command D:\JDSecure\Windows\JDSecure31.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e46db5f-68b9-11db-9442-806d6172696f}]
Shell\AutoRun\command D:\JDSecure\Windows\JDSecure31.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-20 19:54:04
C:\ComboFix2.txt ... 07-01-20 19:38

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 8:00:16 PM, on 20/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SLEE81.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\SpywareGuard\sgbhp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2247132000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///E:/SuperCD/IntraLaunch.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Program Files\Common Files\eztools\eztoolslib2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm

Unread postby Susan528 » January 20th, 2007, 8:59 am

What problems are you experiencing to make you believe that spyware is still present?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby person » January 20th, 2007, 10:46 am

My Firefox settings got reset a bit but mainly because the nasties I had or might have had was very troubling and I really wanted to make sure I didn't need to reinstall windows or a image. I've heard some spyware is really hard to fully get rid of and I had keyloggers.
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm

Unread postby Susan528 » January 20th, 2007, 11:37 am

STEP 1.
======
SpySweeper
Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
  • If you are taken to the internet page, just close the page.
  • You will be prompted to check for updated definitions, please do so.
    (This may take several minutes)
  • Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
  • Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!
  • When the sweep has finished, click Remove. Click Select All and then Next
  • From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

I see you have AVG anti-spyware installed. I would like to see a log from it please even if nothing is found.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

  • On the main screen under Your Computer's security
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit.
  • Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Anti-spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________
Please post:
  • SpySweeper logs
  • AVG Anti-spyware log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby person » January 20th, 2007, 12:49 pm

I will be able to post the latter 2 logs but my trial of Spy Sweeper ran out a little while ago.
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm

Unread postby Susan528 » January 20th, 2007, 7:43 pm

I will be looking for the scans. Please do this one too.


======
WinPFind
Please Download the following tools to assist us in removing this infection! Download WinPFind from http://www.bleepingcomputer.com/files/winpfind.php

  1. Right Click the Zip Folder and Select Extract All
  2. Extract it somewhere you will remember like the Desktop
  3. Don’t do anything with it yet!
Reboot.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode



  1. Doubleclick WinPFind.exe
  2. Click on Configure Scan Options.
  3. Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
  4. Click Start Scan
    It will scan the entire System, so please be patient! This scan may take awhile
Once the Scan is Complete

  1. Reboot your computer into normal mode.
  2. Go to the WinPFind folder
  3. Locate WinPFind.txt
  4. Copy the results from the WinPFind.txt file and post the results in your next reply.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby person » January 20th, 2007, 11:15 pm

I don't want to sound difficult but every time I've tried to run that program it has basically froze, in safe mode and otherwise, it just wont work for me.
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm

Unread postby person » January 20th, 2007, 11:15 pm

I don't want to sound difficult but every time I've tried to run that program it has basically froze, in safe mode and otherwise, it just wont work for me.
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm

Unread postby person » January 20th, 2007, 11:20 pm

Please can someone delete the FIRST of the two identical posts I just made, I don't understand why I can't delete or edit by posts in this forum however.
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm

Unread postby Susan528 » January 21st, 2007, 7:35 am

Can you post (reply) with any logs?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby person » January 21st, 2007, 11:02 am

I will be able to send you only a scan of the AVG Anti-AntiSpyware program most likely and I will do that after I wake up. I will download the Win something program again and try and get it to work but I don't think I'll be able to but if I can I'll post the log for that too as well as a new HijackThis log.
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm

Unread postby person » January 22nd, 2007, 11:34 pm

I did the scan with AVG Anti-Spyware and it found nothing.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:50:50 PM 23/01/2007

+ Scan result:



Nothing found.


::Report end

However I did a scan with CounterSpy and it found the following

Actmon PC & Internet Monitoring Commercial Key Logger
C:\vv\cdroms\iper3pro\eng\client\f\zipdll.dll
Guardian Moniter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6FA0806-8CC5-11D6-9671-0080C88B3613}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF444601-881A-11D6-9671-0080C88B3613}\TypeLib {8492FB9F-C5CD-4BEE-9B07-140D9ACDDA78}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF444601-881A-11D6-9671-0080C88B3613}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF444601-881A-11D6-9671-0080C88B3613} IListItem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6FA0806-8CC5-11D6-9671-0080C88B3613}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6FA0806-8CC5-11D6-9671-0080C88B3613}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6FA0806-8CC5-11D6-9671-0080C88B3613}\TypeLib {8492FB9F-C5CD-4BEE-9B07-140D9ACDDA78}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6FA0806-8CC5-11D6-9671-0080C88B3613}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6FA0806-8CC5-11D6-9671-0080C88B3613} IListItems
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF444601-881A-11D6-9671-0080C88B3613}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF444601-881A-11D6-9671-0080C88B3613}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF444601-881A-11D6-9671-0080C88B3613}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}

The first I've considered a false positive since I've had that folder and the program it uses for awhile and this is the first time it's been shown as malware. The second one however I have no idea about and would like to know whether it too is a false positive as no other program found it. I've quarantined that one just to be on the safe side.

Logfile of HijackThis v1.99.1
Scan saved at 2:16:37 PM, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\WINDOWS\system32\SLEE81.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2247132000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///E:/SuperCD/IntraLaunch.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Program Files\Common Files\eztools\eztoolslib2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe
User avatar
person
Regular Member
 
Posts: 21
Joined: January 1st, 2007, 2:06 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware