1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Having a WinAntivirusPro2007 problem

Discussion in 'Windows - Virus and spyware problems' started by doobieau, Apr 12, 2007.

Page 2 of 2
  1. doobieau

    doobieau Member

    Joined:
    Apr 12, 2007
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    here you are.


    not found: adware not-a-virus:AdWare.Win32.Virtumonde.bq File: C:\WINDOWS\system32\urqpqon.dll/Virtumonde/PE_Patch.UPX/UPX
    deleted: virus Packed.Win32.Klone.j File: c:\windows\system32\dbwsyjck.dll/PE_Patch.Morphine
    deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.as File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP141\A0023377.DLL
    deleted: riskware not-a-virus:AdTool.Win32.MyWebSearch.i File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP141\A0023379.DLL
    deleted: virus Packed.Win32.Klone.j File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP220\A0033948.dll/PE_Patch.Morphine
    deleted: virus Packed.Win32.Klone.j File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP220\A0033955.dll/PE_Patch.Morphine
    deleted: virus Packed.Win32.Klone.j File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP220\A0033968.dll/PE_Patch.Morphine
    deleted: virus Packed.Win32.Klone.j File: C:\WINDOWS\Temp\PR6.tmp
    deleted: virus Packed.Win32.Klone.j File: C:\WINDOWS\Temp\PR9.tmp
    deleted: virus Packed.Win32.Klone.j File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP220\A0034968.dll/PE_Patch.Morphine
    deleted: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\WINDOWS\system32\fubgjoqi.dll
    deleted: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\WINDOWS\system32\htnunbsy.dll
    deleted: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP221\A0034981.dll
    detected: riskware Invader (loader) Running process: C:\Documents and Settings\Alex\Local Settings\Temp\Rar$EX25.8467145\!xSpeednet.exe
    detected: Trojan program Trojan.Win32.BHO.g URL: http://82.98.235.61/nauj/mrakobes20...5B9C6E9C02684FE2A/Virtumonde/PE_Patch.UPX/UPX
    detected: Trojan program Trojan.Win32.BHO.g File: c:\windows\system32\pjxaqpwi.dll/Virtumonde/PE_Patch.UPX/UPX
    detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\VundoFix Backups\buhoktqn.dll.bad
    detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\VundoFix Backups\giqdpgbl.dll.bad
    detected: Trojan program Trojan.Win32.BHO.g File: C:\VundoFix Backups\pjxaqpwi.dll.bad/Virtumonde/PE_Patch.UPX/UPX
    detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP224\A0037203.dll
    detected: Trojan program Trojan-Spy.Win32.VBStat.h File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP224\A0037204.dll
    detected: Trojan program Trojan.Win32.BHO.g File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP224\A0037209.dll/Virtumonde/PE_Patch.UPX/UPX
    deleted: adware not-a-virus:AdWare.Win32.Softomate.aa File: C:\Documents and Settings\Alex\Desktop\Michael\Imesh\iMeshV7.exe/WiseSFX Dropper
    deleted: adware not-a-virus:AdWare.Win32.Softomate.aa File: C:\Documents and Settings\Alex\Desktop\Michael\Imesh\iMeshV7.exe/WiseSFX Dropper/WISE0044.BIN/stream/data0005
    deleted: adware not-a-virus:AdWare.Win32.Softomate.aa File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP1\A0000001.exe/WiseSFX Dropper/WISE0044.BIN/stream/data0005

     
    doobieau, Apr 14, 2007
    #21
  2. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Post a new HijackThis log please.
     
    KotaGuy, Apr 15, 2007
    #22
  3. doobieau

    doobieau Member

    Joined:
    Apr 12, 2007
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    Here is the log.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:09:43 AM, on 16/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\DELLSU~1\DSAgnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\MrobeService.exe
    C:\Documents and Settings\Alex\Desktop\Geoff\NetLimiter 2 Monitor\nlsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Documents and Settings\Alex\Desktop\Geoff\NetLimiter 2 Monitor\NLClient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\Program Files\hikackthis\kota.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: m-trip Launcher.lnk = C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MrobeService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Documents and Settings\Alex\Desktop\Geoff\NetLimiter 2 Monitor\nlsvc.exe

     
    doobieau, Apr 15, 2007
    #23
  4. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Search for and delete these Files:

    C:\WINDOWS\system32\urqpqon.dll
    c:\windows\system32\pjxaqpwi.dll

    Empty your Recycle Bin.

    Reset your System Restore using my previously supplied instructions for it.

    Let me know how things look after that.
     
    KotaGuy, Apr 16, 2007
    #24
  5. doobieau

    doobieau Member

    Joined:
    Apr 12, 2007
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    Bit hard to find those file names.

    I gone via c\:windows\system32 and looked for them - not there.

    I have also gone via start>search - and nothing came up even just using the file name only (urqpqon)
     
    doobieau, Apr 16, 2007
    #25
  6. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    OK... not sure why KAV is telling you they are there then.

    Are you still getting warning from KAV or no?
     
    KotaGuy, Apr 16, 2007
    #26
  7. doobieau

    doobieau Member

    Joined:
    Apr 12, 2007
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    I have not run KAV since my last advice.

    But opening up the program does show what I copied/pasted just previously.

    So what I'm thinking is to (as KAV says) neutralise them (I suppose that will delete them or disfuse them) and do another scan and see if they are still there.

    Wont be able to do a scan until tomorrow (Tuesday) - if you think this is the way to go.
     
    doobieau, Apr 16, 2007
    #27
  8. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Yeah... do another scan, when you can.

    Let me know what the results are.
     
    KotaGuy, Apr 16, 2007
    #28
  9. doobieau

    doobieau Member

    Joined:
    Apr 12, 2007
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    Ok, have deleted off 'threats' and rescan with KAV. Log is below.

    I have then also done hijack this and that is below the Kav log.

    Kav log (this was th only thing that came up (ad ware) so deleted.

    deleted: adware not-a-virus:AdWare.Win32.Softomate.aa File: C:\System Volume Information\_restore{FF4546A7-2277-41F8-AA30-1D77A849E1A1}\RP1\A0001008.exe/WiseSFX Dropper/WISE0044.BIN/stream/data0005


    hijack this log


    Logfile of HijackThis v1.99.1
    Scan saved at 4:09:10 PM, on 17/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\MrobeService.exe
    C:\Documents and Settings\Alex\Desktop\Geoff\NetLimiter 2 Monitor\nlsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\Program Files\hikackthis\kota.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: m-trip Launcher.lnk = C:\Program Files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MrobeService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Documents and Settings\Alex\Desktop\Geoff\NetLimiter 2 Monitor\nlsvc.exe


     
    doobieau, Apr 16, 2007
    #29
  10. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looks clean.

    Think you're good to go :)
     
    KotaGuy, Apr 17, 2007
    #30
  11. doobieau

    doobieau Member

    Joined:
    Apr 12, 2007
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    Great. Thanks for all you help KotaGuy.
    Very much appreciated.
    Geoff
     
    doobieau, Apr 18, 2007
    #31
Page 2 of 2

Share This Page